Small, medium North Bay businesses increasingly seek outside cybersecurity help

Cybersecurity Watch

This story is underwritten by Comcast, which has had no input on the editorial content. See more stories this topic.

As threats mount, a market is growing for more small and medium-sized companies to sign on with information technology managed service providers for regular service, rather than going from cybersecurity incident to incident, say experts.

The market for MSP agreements is booming, valued at $239.71 billion in 2021. The financial services segment accounts for the largest revenue share of MSP growth, over 18% last year. Reports by estimate this could be a $730 billion market by 2030.

According to an IDG report commissioned by NTT Ltd., nearly 55% of companies are approaching MSPs to opt for their value-added services to reduce security risks. Those risks have multiplied since the COVID outbreak as employees work remotely and business partners and customers rely entirely on electronic communications. .

Managed services are becoming increasingly popular as businesses seek a more strategic approach to operate, organize and protect their operations effectively, according to IT industry watchers. That’s especially at a time when market and regulatory changes, and a looming shortage of employees with experience in cutting edge technologies — such as cloud-based solutions — is driving them to look favorably at MSPs.

Most MSPs charge $175–$250 per user monthly for basic service and from $100–$200 hourly, depending on breadth of services provided, according to The annual cost of engaging a MSP often can be lower than hiring one or two talented full-time employees with some IT experience. The average salary of an IT technician is $45,000–$60,000 per year in total compensation, based on analysis.

“Until 2019, we operated under a ‘if it’s broken, we fix it’ model, but found that most incidents were often part of larger problems that needed to be addressed,” said Todd Tolly, president and co-owner of Santa Rosa-based TeamLogic IT, serving clients in Sonoma, Napa and Marin counties.

“We’ve found 97% of the time client issues can be resolved offsite without having to make a premise visit at additional cost. We currently have a staff of 20 working in three-member client teams. Some prospective clients want us to complete a project but do not want to pay us to maintain it. If a firm just wants us to patch computers and obtain upgrades, we take a pass.”

TeamLogic IT, founded in 2010, is part of a nationwide franchise network with 260 locations across the U.S.

Tolly said as small firms grow, they need more support than a single staffer can provide, especially when it comes to tracking expanding business IT needs and creating a strategic roadmap for the future. He said firms with internal IT departments are also seeking outside assistance in an era of low unemployment, when it is harder to find talent they want.

He said most clients have four IT priorities:

  • Cybersecurity.
  • The budget needed to play a defensive role.
  • Convincing clients to adopt sound business IT standards (that they haven’t paid for in the past).
  • How much control they are willing to transfer to an MSP.

Michael Chaput is founder of EndSight LLC, Napa-based outsourced technology support provider with 145 employees and over 300 clients.

“For most people who own and operate a business, IT is not their area of core competency,” he said. “For some, the first time they believe they need additional IT support is when they have been attacked. On a day-to-day basis, it is difficult to ramp up and even harder to keep pace with technology advances without establishing a strategic relationship with those who do.”

He said some new clients with internal IT departments want to proceed slowly at the beginning of an MSP relationship limited to a per-seat cost and an hourly rate and settling for a trial run for weeks or months without a contract.

Chaput considers this to be a big mistake.

“Knowing we will be there next month helps our clients ensure continuity of operations and stability, as does having a one-, three- or five-year contract,” Chaput said. “For an MSP, this allows for an investment in and a commitment to our staff.

“While most MSPs offer 24/7/365 network monitoring, few can staff to do this based on an economy of scale analysis without outside assistance. We rely on security providers such as SAPHOS, Arctic Wolf and Sentinel and resell their products and manage results for our clients.”

To identify malicious code, Endsight uses AI tools to look at an entire network and check for compromises such as, is the client’s system sending its data to Europe or elsewhere, triggering an alert and determining if this is an actual breach or a false alarm – as well as looking at the volume of data activity over time to detect anomalies involving sensitive material.

Chaput said without an effective monitoring system, a breach may not be found for 90 days, calling for a faster, high quality response time solution.

“For our clients, the cost of MSP support is a concern with CPI rising 7.5% in 2021. However, we did not pass a similar increase along to our clients until 2022. Endsight hired an additional 35–40 employees this year. Next year we want to keep our side of the cost equation low even as labor costs are increasing,” according to Chaput.

According to Volker Ackermann, co-founder with Carl Corsini of in San Rafael, security is the biggest concern among SMBs.

“Having antivirus protection is important but not enough. We’re also seeing more internal breaches due to too much employee access to critical data,” Ackermann said. “While senior management often does not have time to handle IT issues, they still expect a fast response.”

Ackermann believes MSPs should own client equipment — firewalls, intrusion-detection devices, routers, filters, etc. — and remotely manage it as part of a formal hardware services agreement, including the server used for remote user log-in to access a secure site and all software. A virtual desktop is set up behind security to enable employees to work from anywhere.

“With so many people working from home these days more attention should be placed on security at the edge, not just behind office firewalls and gateway security. This can be achieved with micro segmentation of access to and through the laptop with user IDs in a manageable format to have a secure system,” Ackermann said.

He said smaller firms can be more nibble than large companies, but just fixing breakdowns often inhibits looking at underlying problems.

“Part of the MSB onboard(ing) process involves gauging whether a firm is living in the past and stuck in its old ways resulting in slow growth,” Ackermann said. “Fast growing companies want to outsource IT as they become bigger and see MSPs as the ‘oxygen’ of their firms making things tick.”

Ackermann believes 90% of Marin County companies could be managed by outside MSP providers.

“Today everything is scalable,” Ackermann said. “As IT ‘doctors’ we take X-rays before operating. Or, to put it another way, an MSP is not engaged to patch old tires, or making what is broken work, but rather obtaining the most efficient, forward-looking equipment, software and networks to stay ahead of the competition.”

He said for to prove itself, sometimes it has to deliver initial client services for several months without a contract. In some cases, it has taken up to a year or two for clients to finally sign a long-term commitment.

“The return on this investment in new partnerships has resulted in average customer retention of 7.5 years,” Ackermann said. “At the beginning, prospective clients often do their own due diligence on us to see if our proposals are realistic and viable — or perhaps a bit far reaching — before shaking hands. It’s an education process but one that is well worth the effort.”

Cybersecurity Watch

This story is underwritten by Comcast, which has had no input on the editorial content. See more stories this topic.

Show Comment