When it comes to IT security defense, the most attractive thing about MSPs is that the cost of implementing security technologies becomes a shared expense. MSPs invest in all the technologies and labor needed to secure the IT environment, but the cost of that security is then distributed across a base of customers. Ultimately, each customer ends up with a higher level of security than they could ever afford on their own.
IT security challenges
The biggest challenge with that conversation is often the pride of the internal IT organization. Many IT professionals are still reluctant to admit they need help when it comes to IT security. But now that IT organizations are faced with more complex IT challenges and a lack of resources, the attitude of internal IT leadership is changing. In most cases they can’t find the IT security talent required, and even when they can find that talent they might not be able to afford to hold on to those employees.
According to Mondo, an IT staffing firm, cybersecurity jobs are among the most difficult to fill. In fact, the top three positions most organizations are looking to fill are jobs for penetration testers, cybersecurity engineers, and chief information security officers (CISOs). The average salary of a cybersecurity engineer is north of six figures, so it’s immediately apparent that the total cost of IT security when labor is factored is well beyond the means of the average organization. Plus, as cyberattacks become more sophisticated, the more need there is for advanced security technologies to defend against them. But each new layer of defense also drives up the total cost of security.
Reframing the IT security conversation
Managed service providers have an opportunity to frame the cost of IT security in a way business leaders can comprehend. Business leaders tend to view IT security as a cost of doing business, but not of all them completely trust their IT organization’s recommendations when it comes to evaluating those risks. Truth be told, there’s more than a few IT leaders who are sick of trying to convince business leaders of the true extent of the risks. Many of them would welcome a little outside expertise to validate their arguments.
The fine line MSPs need to walk is finding a way to bolster the CISO’s case without being seen as a threat to their continued employment. Every manager worth their salt knows that the simplest way to get an organization to rally around a new idea is to bring in an outside expert to pretty much say the same thing the manager has been been saying for months. Once the argument has been validated by an outside expert such as an MSP, resistance to rightsizing the investment in IT security to the risks to the business should melt away.
Strength in numbers
The good news from an MSP perspective is that as financial losses incurred from cybersecurity attacks continue to mount there’s more awareness of the true risks to the business than ever. The challenge is getting business leaders to appreciate both those risks and the most efficient and economic means available to mitigate them.
In effect, an MSP is making a pitch for a mutual IT security defense strategy where the cost of securing the business ends up being aggregated across multiple organizations. It’s not much different than contracting privateers to protect merchant vessels from pirates in the days of old. Of course, instead of being armed with cannons and sabers, modern pirates prefer to plunder from the safety of their keyboards.
Photo: Sergey Nivens/Shutterstock
