{"id":41335,"date":"2020-08-26T06:17:01","date_gmt":"2020-08-26T13:17:01","guid":{"rendered":"https:\/\/www.enxmag.com\/twii\/?p=41335"},"modified":"2020-08-26T06:17:46","modified_gmt":"2020-08-26T13:17:46","slug":"cybersecurity-is-a-process-not-a-product-what-to-consider-when-building-your-offering","status":"publish","type":"post","link":"https:\/\/www.enxmag.com\/twii\/building-mssp\/2020\/08\/cybersecurity-is-a-process-not-a-product-what-to-consider-when-building-your-offering\/","title":{"rendered":"Cybersecurity Is a Process, Not a Product: What to Consider When Building Your Offering"},"content":{"rendered":"\n

You\u2019ve decided to offer cybersecurity services, but aren\u2019t sure where to start. Unfortunately, you won\u2019t find one list that everybody agrees, or that shows which products and services should be included. Many people have differing opinions on cybersecurity, and that\u2019s OK.<\/strong><\/p>\n\n\n\n

Cybersecurity is a process, not a product. The approach we take at Collabrance is based on a constantly changing landscape. Successful managed service providers (MSPs) are more focused on the holistic IT solution than any one product you may be providing.<\/p>\n\n\n\n

To build our managed security service provider (MSSP) offering, we used the National Institute of Standards and Technology (NIST) Framework to help guide us to outcomes that focus on the end user\u2019s cybersecurity needs. Although much of the managed services industry is unregulated, the federal government does have guidelines that are embodied in the Framework, which NIST describes on its website:<\/p>\n\n\n\n

What is the Framework, and what is it designed to accomplish?<\/em><\/strong><\/p>\n\n\n\n

The Framework is voluntary guidance, based on existing standards, guidelines and practices for organizations to better manage and reduce cyber cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cyber cybersecurity management communications amongst both internal and external organizational stakeholders.<\/em><\/p>\n\n\n\n

Is my organization required to use the Framework?<\/em><\/strong><\/p>\n\n\n\n

No. Use of the Framework is voluntary. <\/em><\/p>\n\n\n\n

Even though the Framework is not law today, smart money is betting that, in the future, some or all of it could eventually become law. Progressive IT service providers are already aware of this and keep it top of mind.<\/p>\n\n\n\n

To what extend should you outsource?<\/strong><\/p>\n\n\n\n

When it comes to cybersecurity, keeping up with the demands of the market is nearly impossible to do on your own. No reseller has the money or expertise to do it all. Every time an issue comes up, you need to decide whether to build what you need, buy it or outsource it. With that in mind, here are a few best practices you can implement to help your organization keep pace. <\/p>\n\n\n\n

Have an Evolving Road Map<\/strong><\/p>\n\n\n\n

You need to make someone responsible for the technology road map in your organization. You have your current IT stack that needs to be monitored, but you also need to keep a constant eye to the future and adjust accordingly. You should have built an IT priority list of short-, medium- and long-term needs that stays top of mind with everyone in the organization. This means your technology road map needs to be fluid. Just because it looked a certain way five months ago, that doesn\u2019t mean the priorities can never change. MSPs must be agile enough to make adjustments and keep moving forward.<\/p>\n\n\n\n

Vet Constantly<\/strong><\/p>\n\n\n\n

Many people don\u2019t realize cybersecurity is a full-time job. The number of IT needs your customers have, combined with more-sophisticated competitors in the marketplace, means you need to have someone fully dedicated to vetting potential solutions for things such as: <\/p>\n\n\n\n