Nailing down costs of some MSSP services can be elusive: Panel

Many IT leaders tout the advantages of using managed security service providers (MSSPs) to supplement their internal teams.

But two Canadian cybersecurity leaders warned during a webinar Wednesday that nailing down the pricing of some components – such as a cloud-based security information and event management suite (SIEM) — can be elusive.

“We couldn’t get relatable numbers to work with” from MSSPs, said Div Lavingia, director of technology and cybersecurity at the British Columbia-based Larco Group of Companies, which owns and operates hotels and commercial real estate firms in Canada and the U.S. “So we budgeted very high, we went overboard, which was even harder to sell” to management.

“But we felt it would be safer to go with the larger number.” And that number was “random,” he added, “because we couldn’t get any reference point.”

Dave Davies, senior cybersecurity director of Toronto-based Colliers International, which provides property management and other services to commercial real estate firms, said the same thing.

“The biggest challenge we had for the [outsourced] SOC [security operations centre] was the variable costs of the SIEM,” he said. Getting an estimate of the possible gigabytes used per day wasn’t straightforward, he said, nor was even estimating the number of firewalls needed.

“Our initial estimates needed to be adjusted upwards,” he said. “So my advice to you is be prepared for that possibility. Partner [internally] with someone strong, like a business sponsor” and make sure they understand before going to the C-suite for approval that “the price could go up more and we need a buffer.”

Both advised listeners that IT leaders should find CIOs or CISOs in similar-sized organizations who use a cloud-based SIEM and can give them advice on costs.

The panel was part of a day of webinars hosted by Bulletproof Solutions of Fredericton, N.B., and its partner Microsoft Canada. Both Larco and Colliers International are Bulletproof customers.

Panel moderator Charit Khatri, director of strategic sales at Bulletproof, admitted others customers have made the same complaint. Those voices “gives us an opportunity to take that back and work with Microsoft” – which provides the Sentinel SIEM offered by Bulletproof — “to address these concerns.”

The issue of pricing products is important in convincing management to approve the purchase of a solution or a cloud service. Business wants some level of certainty when it comes to cost versus risk, Davies pointed out – which led to his recollection of the struggle to get a relatively firm price for the SIEM part of the outsourced security operations centre.

Adam Bell, CIO of the city of Fredericton and the third member of the panel, cautioned that it can take time to fully implement the services of an MSSP. “Initially just onboarding [staff] seemed overwhelming,” he said of adding Bulletproof’s SOC service. “It is a journey.” IT leaders need to think, “‘You’re going to grow into it,’” he said.

“It seemed every week we took another step – we add a new tool, we improved a rule, take some vulnerability assessment information back …”

But it was worth it when, in the middle of the implementation on a Sunday afternoon, he got a call from the new SOC warning an unknown person was on the network.

Within two hours the system was locked down.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now