Many IT leaders tout the advantages of using managed security service providers (MSSPs) to supplement their internal teams.
But two Canadian cybersecurity leaders warned during a webinar Wednesday that nailing down the pricing of some components – such as a cloud-based security information and event management suite (SIEM) — can be elusive.
“We couldn’t get relatable numbers to work with” from MSSPs, said Div Lavingia, director of technology and cybersecurity at the British Columbia-based Larco Group of Companies, which owns and operates hotels and commercial real estate firms in Canada and the U.S. “So we budgeted very high, we went overboard, which was even harder to sell” to management.
“But we felt it would be safer to go with the larger number.” And that number was “random,” he added, “because we couldn’t get any reference point.”
Dave Davies, senior cybersecurity director of Toronto-based Colliers International, which provides property management and other services to commercial real estate firms, said the same thing.
“The biggest challenge we had for the [outsourced] SOC [security operations centre] was the variable costs of the SIEM,” he said. Getting an estimate of the possible gigabytes used per day wasn’t straightforward, he said, nor was even estimating the number of firewalls needed.
“Our initial estimates needed to be adjusted upwards,” he said. “So my advice to you is be prepared for that possibility. Partner [internally] with someone strong, like a business sponsor” and make sure they understand before going to the C-suite for approval that “the price could go up more and we need a buffer.”
Both advised listeners that IT leaders should find CIOs or CISOs in similar-sized organizations who use a cloud-based SIEM and can give them advice on costs.
The panel was part of a day of webinars hosted by Bulletproof Solutions of Fredericton, N.B., and its partner Microsoft Canada. Both Larco and Colliers International are Bulletproof customers.
Panel moderator Charit Khatri, director of strategic sales at Bulletproof, admitted others customers have made the same complaint. Those voices “gives us an opportunity to take that back and work with Microsoft” – which provides the Sentinel SIEM offered by Bulletproof — “to address these concerns.”
The issue of pricing products is important in convincing management to approve the purchase of a solution or a cloud service. Business wants some level of certainty when it comes to cost versus risk, Davies pointed out – which led to his recollection of the struggle to get a relatively firm price for the SIEM part of the outsourced security operations centre.
Adam Bell, CIO of the city of Fredericton and the third member of the panel, cautioned that it can take time to fully implement the services of an MSSP. “Initially just onboarding [staff] seemed overwhelming,” he said of adding Bulletproof’s SOC service. “It is a journey.” IT leaders need to think, “‘You’re going to grow into it,’” he said.
“It seemed every week we took another step – we add a new tool, we improved a rule, take some vulnerability assessment information back …”
But it was worth it when, in the middle of the implementation on a Sunday afternoon, he got a call from the new SOC warning an unknown person was on the network.
Within two hours the system was locked down.