By Matthew Courchesne

Matthew Courchesne

Everyone knows the feeling when you put on the wrong-sized clothes. The style, color and fabric are fine, but when it comes to the fit, something isn’t right. This scenario can also happen in business in respect to the way organizations approach a key business strategy: cybersecurity.

For small and medium-sized organizations that have similar core cybersecurity functions, it can be easy to get confused about what level of protection is needed for your business. The only way to understand a company’s cybersecurity needs is to evaluate how the business works and the maturity of its IT.

In small to medium-sized companies, IT is often outsourced to an external administrator who remotely provides IT and cybersecurity system maintenance. Along with the installation of office applications and the purchase of corporate PCs, the administrator manages protection by installing a security solution to new devices, checking for program updates and ensures that protection is always active. The company likely does not need in-depth incident analysis or fine-tuning of user access for different services. Its infrastructure may include one server rack or even no on-premises servers at all and can likely store company information in the cloud.

While 100% protection against cyber-incidents cannot be guaranteed by any information security company, the use of specialist protective tools can minimize the damage and consequences of an incident. Any downtime caused by an incident or data breach can cost a company money, customer loyalty and reputation. Medium-sized companies are at risk of losing up to $120,000 as a result of a data breach, a big portion of which will go toward resolving reputational damage as well as paying compensation and fines.

We can safely assume SMBs are unlikely to be overpaying for more expensive security services, but a large company seeking to save money by using a product that doesn’t meet its needs will quickly realize the error of its ways. To make the right service choice for their customers, providers need to look at the maturity of clients’ cybersecurity functions, which commonly correlates with the size and maturity of the entire business.

Adam Lloyd, president and CEO of North American MSP Pioneer Technology, which specializes in managing IT services, said his company generally focuses on providing end-to-end IT support and services for most of its customer base, especially in health care, financial, manufacturing and for other multilocation customers it works with.

“Smaller to medium-sized businesses are aware of the importance of IT security, but they don’t always have the same resources or technical ability to deal with them as larger enterprises do,” Lloyd said. “As a result, they expect their MSP to act as a true security partner to point them in the right direction and ensure the technology they have in place will protect them and their data.”

Lloyd said Pioneer evaluates security needs as part of every engagement it enters because many of its customers are in regulated industries with high-stakes impact if something goes awry. “It’s part of Pioneer’s effort to insulate customers,” Lloyd said.

‘Roll Your Own’ Approaches

It’s also equally important that service providers identify their own goals and resources, such as infrastructure, human resources and technical skills. For example, if providers work only with cloud services (‘born in the cloud’ MSPs) or look to speed deployment to new customers and easily manage all clients through a single console, they will work best with cybersecurity delivered as-a-service that can be overseen through a cloud hosted console.

Alternatively, providers who have developed their own infrastructure can choose …

… an on-premises managed solution and focus on customers who have more mature IT infrastructures and demand more granular protection. It’s a good opportunity to provide flexible services for more demanding customers, maintain SLAs and be an expert in the eyes of the customer. In this case, the service company also needs to have appropriate talent in the team to manage advanced protection.

There are advantages to both approaches. Providers delivering cloud security can focus on wider cloud services and extend their portfolio to include SMBs who are consuming SaaS services at a growing rate. MSPs working with medium-sized businesses who have their own infrastructure can use their resources to develop advanced and scaled security services.

Regardless of size, the approach all MSPs should take remains the same: To manage cybersecurity in SMB companies, service providers need to offer an inexpensive, compact solution that requires minimum resources for installation and management and continuously provides protection across all network devices.

Matthew Courchesne is head of channel at Kaspersky North America. He earned a bachelor’s degree in business administration at Southern New Hampshire University. Follow him on Twitter @Kaspersky or on LinkedIn.