WatchGuard: Boost Managed Security Profitability By Finding Hidden Costs

Management, protection and visibility are the biggest hidden cost drivers associated with delivering a managed security service to customers, according to a WatchGuard executive.

The total cost managed security service providers (MSSPs) face when providing a managed security offering is tied to hard factors such as procurement, licensing or infrastructure expenses, as well as soft factors like transportation, deployment and ongoing maintenance, said Himanshu Verma, WatchGuard’s director of product management, in a session at XChange 2018, hosted by CRN parent The Channel Company and being held in San Antonio this week.

Hard costs usually get factored in since they're typically known beforehand and are easy to see and tangibly visualize, Verma said. In contrast, Verma said soft costs often get overlooked since they're tied up in the day-of-day experience of delivering the managed security service itself.

[Related: WatchGuard Buys Percipient Networks To Fortify Its Malware Protection Capabilities For SMBs]

MSSps can most effectively improve the profitability of their managed security service by uncovering and identifying hidden or unknown costs in the areas of management, protection or visibility, Verma said. Management focuses on the effort associated with deploying or maintaining a product or service, Verma said, while protection focuses on the value the product is actually providing.

Unless an MSSP has a team of CISSPs (Certified Information Systems Security Professionals) at the ready, there's simply no way they can independently keep up with the barrage of incoming alerts, said Greg Bonner, chief technologist at West Palm Beach, Fla.-based Ask The Advisors. And MSSPs don't want to have their most qualified security personnel tied up responding to alerts and watching for damage.

Specifically, Bonner said customers would benefit from getting a report of a breach before the damage has been done so that the problem can be cut off at the source.

"Everything is machines and AI [artificial intelligence]," Bonner said. "Humans just can't keep up with it anymore."

Managed security all starts with the ease of deployment, Verma said, and there's a cost associated with any offering that still takes hours or days to deploy and requires dedicated headcount. The goal for an MSSP, Verma said, should be to deploy the managed offering straight out of the box without having to even touch it.

From there, Verma said MSSPs should look to get scale and breadth from how the offering is managed, avoiding situations where the configuration has to be constantly changed or customized. They should look to create a package that multiple customers are able to consume, Verma said, or a configuration template that can help streamline deployment for highly specific use cases.

Once MSSPs have scale, Verma said they should then seek flexibility, particularly as it relates to making the platform available as a cloud service so that infrastructure costs can be eliminated. MSSPs should also maintain separation between management and deployment so that the offering can be tailored later on to fulfill specific use cases, according to Verma.

From a procurement perspective, Verma said MSSPs should seek operational expenditure-centered recurring revenue offerings to maximize their return on investment. If the offering requires an up-front capital expenditure to facilitate the recurring revenue business, Verma said they should carefully consider whether it's worth sacrificing that profitability.

Another key element of flexibility, Verma said, is being able to start or stop services without an associated cost. Most of the time, Verma said MSSps are on a fixed-term contract, meaning that even if customers aren't actually using the service, they are still on the hook for the associated expense.

Visibility continues to be challenging for channel partners, Verma said, with extensive manpower still required to really detect if something improper is going on either in the IT infrastructure or the IT posture of a customer. In fact, Verma said time to detection has actually increased on a year-over-year basis, with many breaches detected only after something bad has already happened.

Having malware or ransomware lurking around in the data or IT infrastructure for such a long period of time will lead to increased damage for customers, Verma said, which in turn will increase mitigation and recovery costs exponentially.

In addition, MSSPs must ensure that the visibility of any particular offering doesn't suffer when operating in a multivendor ecosystem, Verma said, since they typically have tools from different vendors working alongside one another to maximize their breach detection capabilities.

MSSPs must avoid entering into a zero-sum game where enhancing security comes at the cost of usability through the implementation of various controls. They need to avoid hampering the efficiency of their customers’ business, Verma said, especially when it comes to areas such as cloud applications, Software as a Service, and bring your own device.

Infrastructure is no longer a controlled silo, Verma said, and MSSPs now have to grapple with multiple applications, identities, endpoints or even types of infrastructure. But responsibility for maintaining that visibility in a cost-effective manner rests squarely on the shoulders of the MSSP, Verma said, and shouldn't come at the expense of the end-user experience.