29 Sep The Benefits of Recurring IT Assessments: A Single Scan is Only the Beginning
By Win Pham, Vice President of Development, RapidFire Tools
If you’re a Network Detective customer, chances are you’ve used Network Detective as a one-time network assessment tool to convert prospects into new clients, or to uncover new projects for existing clients. However, the greater opportunity lies in developing an ongoing program of regular assessments, which you can conduct over time. Such a plan offers a more comprehensive benefit for both you and your end-users. A single assessment is only step one in implementing an effective program that allows you mitigate risks for your end-user companies long-term. This method also lets you establish more consistent revenue streams and enhances your relationship with your clientele.
Ongoing IT assessments create a series of regularly scheduled network “snapshots,” which can identify patterns and behaviors that alert you to a potential breach. IT assessment tools can identify vulnerabilities, patterns, and red flags that could indicate existing issues or risks. In this way, you can establish baselines for overall network health, as well as document all assets and configurations associated with the system, and then generate “change reports” that reveal what improvements and/or degradations have taken place.
Recurring IT assessments allow you to share professionally-produced and easy-to-consume summary reports, management reports, and QBR reports with your clients. These items are critical pieces of tangibility, providing evidence of the value of all your hard work.
Another reason to conduct regular assessments is to observe changes which you, as an off-site MSP, may not be aware of. Clients are constantly adding and removing hardware, software, and users. These changes can significantly impact your cost of service. If your service contracts are based on either endpoints or active users, then you’ll certainly want to keep track of these things. Monitoring systems are not designed for this purpose.
What’s more, regular network scans and reports can be automated, making it simple and cost-effective for you to stay informed regarding users, assets, and network changes that could result in new vulnerabilities. A small investment in regular assessments will pay-off by way of mediated risks and protection of your end-users’ assets, avoiding network compromise and downtime.
Think of network assessments like a protective suit of armor. IT assessments point out chinks in the armor, or holes in the chain mail where a sword can penetrate, leaving the suit’s owner vulnerable to injury during an attack. Yet if that armor is in continued use, it will naturally require inspection on a recurring schedule.
Other MSPs who use our tools have found ongoing assessments to be a successful strategy for growing their businesses. Many others want to, but don’t know how to get started. For example, they’re unsure about how best to structure an offering, or what types of service to provide to what customers. We suggest that you offer a tiered menu of services – e.g., a basic, enhanced, and premium program – creating a structure that can be applied across a range of clientele.
RapidFire Tools understands the challenges you face in establishing effective, ongoing programs. To that end, we’ve put together a “blueprint,” that outlines how to structure an ongoing assessment offering. You can download the “Expanding Your Service Offerings with Recurring IT Assessments” white paper for details. In this way, we provide not only the tools by which to deliver network assessment services, we also provide you with instruction on how to apply those tools and monetize the offering on a recurring basis.
You can start with a basic program, appropriate for most SMB customers, including baseline assessments, network and security risk reports, and external vulnerability summaries. An enhanced program would add internal vulnerability scans and additional components such as Network Security SQL Server reports, and Layer 2/3 diagrams and details. A more comprehensive premium program, appropriate for end-customers in more complex markets such as healthcare, would include HIPAA and/or PCI compliance management, demonstrating ongoing compliance and remediation activity that can serve as documentation in the instance of a compliance breach, or an audit.
Savvy managed services providers who leverage long-term network assessment programs stand to differentiate their service offerings, gain consistent revenue, and increase loyalty among their clientele. By engaging in regular assessments, your end-users can gain a more secure, reliable infrastructure, while potentially avoiding compliance violations, through a more proactive, sustained strategy.