{"id":29089,"date":"2019-10-28T11:33:26","date_gmt":"2019-10-28T15:33:26","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=29089"},"modified":"2022-08-08T05:00:44","modified_gmt":"2022-08-08T09:00:44","slug":"cybersecurity-for-msp","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cybersecurity-for-msp\/29089\/","title":{"rendered":"What SMBs want: How to implement cybersecurity to suit a company&#8217;s needs"},"content":{"rendered":"<p>It looks so good on the rack, but when you try it on \u2013 ouch! The style, color and fabric are fine, but when it comes to the fit, it feels like it was made for the wrong body. Overlong sleeves that flap about, narrow shoulders so you can\u2019t twist, and the waist in the wrong place. In the business world, this happens when a company occupies an office space that doesn\u2019t match its size or needs. It may be too small or too large, lack meeting rooms or not even have restrooms for night shift personnel. The business may have to pay for a car park that\u2019s too big, or there\u2019s not enough network capacity for business tasks.<\/p>\n<p>In the same breath, a company can feel this way about how it approaches cybersecurity. It may struggle to recognize what\u2019s needed to keep the business secure and be using a service or solution that isn\u2019t fit for purpose. In this scenario, it\u2019s paramount that security service providers understand and respond to specific business demands when offering protection to their customers.<\/p>\n<h2>What level of protection works best?<\/h2>\n<p>With small companies, made up of several dozen employees, and larger businesses both having similar core cybersecurity functions, it\u2019s possible to become confused about what level of protection would work best. The only way to understand a company\u2019s cybersecurity needs, when the company itself is unclear about what it wants, is to evaluate how the business works and the maturity of its IT. This helps identity the specific tools and level of customization that would suit them best.<\/p>\n<p>Imagine a small company that makes and sells its own brand of clothes locally and has an office of 50 people. The business is rapidly growing: over the past two years, the number of employees has nearly doubled. Several people are responsible for the purchase of fabrics, as well as sales of ready-made clothes to stores, but they\u2019re almost never in the office as they work remotely or at different sites.<\/p>\n<p>In such a company, IT is often outsourced to an external IT administrator remotely providing IT and cybersecurity system maintenance. Along with the installation of office applications and the purchase of corporate PCs, it manages protection by installing a security solution to new devices, checking for program updates and ensuring that protection is always active. The company doesn\u2019t need in-depth incident analysis and tuning of user access rights for different services. Its infrastructure may include one server rack or even no on-premises servers at all, with everything stored in the cloud.<\/p>\n<p>And there\u2019s plenty more reasons for clients to move their IT delivery to managed services providers (MSPs):\u00a0 according to Forrester, 28 percent of companies with 100 or more employees that purchased SaaS (software-as-a-service) from an MSP indicate \u201ccustomer service, support, and experience\u201d was a top purchase driver for choosing this option (source: Forrester Analytics, Global Business Technographics\u00ae Security Survey, 2019).<\/p>\n<h2>Finding the right fit<\/h2>\n<p>This local clothing brand could be any other kind of small- to medium-sized business: an advertising agency, a consulting firm or a small publishing house. Regardless of what they do, the approach is the same: to manage cybersecurity in such companies, service providers need to offer an inexpensive, compact solution from the cloud which requires minimum resources for installation and management, but at the same time provides protection across all devices \u2013 from office desktops to mobile phones and tablets of remote-working employees.<\/p>\n<p>Let\u2019s examine what a larger firm, with a well-established IT infrastructure, expects and needs from cybersecurity. For example, an online retailer stores and processes a large amount of sensitive data, and uses a variety of CRM, ERP and customer service systems. For servicing such a complex environment there should be an internal IT department and a dedicated cybersecurity administrator, or an entire team \u2013 either internal or from a service provider \u2013 to protect it.<\/p>\n<p>In such organizations, the attack surface is much wider. They use more applications than smaller businesses, increasing the likelihood that they will become vulnerable, as well as more devices that could be compromised by malicious software infecting the network. Working with many contractors and partners also increases the infrastructure\u2019s vulnerability to supply chain attacks. The task of a cybersecurity manager, whether it\u2019s an internal specialist or service provider, is to enable protection against malware on each device. They must also configure it in a way that ensures all employees have access to necessary services, depending on their role. Finally, administrators need detailed reports on the state of the system and, in the event of an incident, they should be able to quickly detect it, analyze and respond to it.<\/p>\n<h2>What are the risks of data breaches?<\/h2>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-29091\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/10\/28112507\/M056_how_to_implement_cybersecurity_for_MSP_Inline-1024x768.png\" alt=\"cybersecurity for MSP\" width=\"1024\" height=\"768\"><br>\nAny downtime caused by an incident or data breach can cost a company money, customer loyalty and reputation. Medium-sized companies are at risk of losing <a href=\"https:\/\/www.kaspersky.com\/blog\/economics-report-2018\/22486\/\" target=\"_blank\" rel=\"noopener nofollow\">up to $US 120,000<\/a> as a result of a data breach, a big part of which will go towards resolving reputational damage, as well as paying compensation and fines. While 100 percent protection against cyber-incidents cannot be guaranteed by any information security company, the use of specialist protective tools can minimize the damage and consequences of an incident.<\/p>\n<p>We can safely assume a small business is unlikely to be overpaying for a more expensive security service. But a large company seeking to save money and using a product which doesn\u2019t meet its needs will quickly realize the error of its ways. To make the right service choice for their customers, providers need to look at the maturity of clients\u2019 cybersecurity function, which commonly correlates with the size and maturity of the entire business.<\/p>\n<h2>Weodeo it our way<\/h2>\n<p>We talked about it with one managed service company from France \u2014 Weodeo. Its owner, Philippe Aymonod, said: \u201cSmaller businesses are aware of the importance of IT security, and they face many of the same cyberthreats as large enterprises. But they don\u2019t have the same resources to deal with them. Consequently, they expect their partner to act as a security advisor that will be able to offer them simple and efficient security, with no impact on their productivity.\u201d<\/p>\n<p>\u201cWe evaluate our customers\u2019 protection level according to several parameters: the company\u2019s awareness level regarding security and the threat landscape; the customers\u2019 infrastructure complexity; any specificity related to their business, equipment and potential upcoming strategy adjustments.\u201d<br>\n<\/p><blockquote><p>Small businesses expect their partner to act as a security advisor that will be able to offer them simple and efficient security, with no impact on their productivity.<\/p>\n<cite><p><strong>Philippe Aymonod<\/strong><\/p><p>Weodeo<\/p><\/cite><\/blockquote>\n<p>It\u2019s equally important that service providers identify their own goals and resources, such as infrastructure, human resources and technical skills. For example, if providers work only with cloud services (\u2018born in the cloud\u2019 MSPs) or look to speed up deployment to new customers and \u00a0easily manage all clients through a single console, they\u2019ll work best with cybersecurity delivered as a service that can be overseen through a cloud-hosted console.<\/p>\n<p>On the flip side, providers who have developed their own infrastructure can choose an on-premises managed solution and focus on customers who have more mature IT infrastructures and demand more granular protection. It\u2019s a good opportunity to provide flexible services for more demanding customers, maintain service level agreements (SLAs) and be an expert in the eyes of the customer. In this case, the service company also needs to have appropriate talent in the team to manage advanced protection.<\/p>\n<h2>Which approach is best?<\/h2>\n<p>There are advantages to both approaches. Providers delivering <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/cloud\" target=\"_blank\" rel=\"noopener nofollow\">cloud security<\/a> can focus on wider cloud services and extend their portfolio to include SMBs who are consuming SaaS services at a <a href=\"https:\/\/www.blissfully.com\/saas-trends\/2018-annual\/\" target=\"_blank\" rel=\"noopener nofollow\">growing<\/a> rate. MSPs working with medium-sized businesses and have their own infrastructure can use their resources to develop advanced and scaled security services.<\/p>\n<p>While you could say that any kind of cybersecurity protection is better than nothing, if it doesn\u2019t meet the company\u2019s needs, surely it makes sense to change to a solution that\u2019s a custom fit?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Implementing cybersecurity is like shopping for clothes \u2013 everything has to fit. As a managed service provider, how can you ensure the best fit for your customer?<\/p>\n","protected":false},"author":2533,"featured_media":29090,"template":"","coauthors":[3550],"class_list":{"0":"post-29089","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cybersecurity","7":"emagazine-tag-data-security","8":"emagazine-tag-endpoint-security","9":"emagazine-tag-professional-advice"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cybersecurity-for-msp\/29089\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/cybersecurity-for-msp\/21914\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/secure-futures-magazine\/cybersecurity-for-msp\/20275\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/secure-futures-magazine\/cybersecurity-for-msp\/14880\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/29089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2533"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/29090"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=29089"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=29089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}