Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control

Risk Evaluation Matrix | Assessment and Analysis

As a managed service provider (MSP) entrusted with securing your client's information systems, it’s up to you to catch and fix every single vulnerability. Otherwise, your clients can fall victim to their own network and data storage weaknesses. Likewise, it is valuable to understand the infrastructure and flaws of prospects in order to determine which services would be the best fit.

An IT risk evaluation matrix can help MSPs optimize their client's overall security position by viewing IT systems from the viewpoint of an attacker. If done right, the matrix can alleviate and even avoid data breaches and the severe consequences that accompany them. While risk assessments differ with each client, one thing remains constant: MSPs need the right tool to comprehensively assess risk.

Your Clients Need Risk Assessment

Now is the perfect time to reach out to your clients about risk evaluations. To make an even more compelling case, share the following statistics with them:

The Ponemon Institute conducted a study in 2016 in which they surveyed 383 companies to asses the financial risk and impact of data breaches. According to their research, they found that the current average total cost of data breaches is $4 million, with the average cost of recovering lost or stolen information through a data breach reaching $158 per record. Of the companies surveyed, the Institute estimates a 26% chance that a large-scale data breach will occur in the coming 24 months.

Factors to Consider in a Risk Evaluation

choose data protection with LogicNow

Risks are evaluated based on their probability and impact. Which risks rank high or low in terms of probability and impact depend on many factors, including your client's industry, company size, information systems, network infrastructure, computing environment, risk policies, procedures and employees. Some organizations, by nature, can tolerate more risk than others.

Sharing these factors with your clients can increase awareness, visibility and priority of risks within an evaluation matrix. Sound decisions about certain risks can then be rendered in context, and the appropriate course of action can be taken based on how harmful the risks are, what individuals or systems they can harm, the likelihood that they will occur and the extent to which they can impact business operations.

Using a Risk Evaluation Matrix

After risks within the client organization have been ranked according to their likelihood and impact, it should be easier to discern which risks require immediate attention and which can be addressed at a later time. Risks that have a high occurrence and severe impact are the most critical and must be addressed as soon as possible so that they can be removed.

Risks that have a medium occurrence and serious impact also require immediate attention. In addition to giving thought to removing the risk, replacement strategies should also be considered. For example, if a third-party software application has a number of holes that can be breached, it may be worth considering looking for an alternative application with fewer or no holes, or jettisoning the application even if no substitute can be found in order to better secure the infrastructure. It is wise to create timelines for when these risks will be addressed.

Risks that have an irregular occurrence and medium impact do not need to be addressed immediately. MSPs can address these risks over time. Typically, these risks do not require a large number of resources tossed at them. Often, they can be resolved by working with the client to come up with careful insight and common sense solutions.

Risks that have a low or rare occurrence and minimal or minor impact can be delayed in resolution, since they typically pose little problem to business operations. However they should still be addressed at a later time to lift the security presence of the client’s information systems.

After the appropriate corrective actions have been taken, you should reassess the risk with clients to ensure it has been remediated or is at a tolerable level.

man working on computer with graphs on it

Finding the Right Risk Management Tool

While mitigating risks in client networks is important, finding the right tool to do so is critical. A key objective of a risk evaluation is to gather sufficient information about the health of a client network, so that the threats to that network can be identified. Once you start crawling and digging through all the ins and outs of a client network, however, you may find so many vulnerabilities that need to be addressed that it can be overwhelming and hard to determine which ones need to be addressed first.

After you reveal all of the vulnerabilities in a client network, the next step is to predict the likelihood of their occurrence and how big a disaster they pose to your client. In a worst case scenario, the tool should show the amount of downtime and data loss that would result if the vulnerability was exploited. You can then share this information with your client to show how the vulnerability can impact business factors such as revenue, profit, service levels and industry regulatory compliance.

If an attacker brings down your client's e-commerce website, for example, the tool should show the total cost of the breach in terms of revenue lost from missed sales transactions, missed revenue due to prolonged downtime and customer dissatisfaction with the client website being offline. The tool should also weigh these consequences according to how dire they are to the company.

MSP Risk Intelligence and Risk Evaluations With Financial Implications

SolarWinds MSP (formerly LOGICnow) provides an industry leading solution that illustrates an organizations IT risk down to the dollar. MSP Risk Intelligence provides a risk evaluation matrix, charts and other analyses of an entire network's vulnerabilities, all the way down to individual workstations.

MSP Risk Intelligence allows you to provide financial decision makers within any client organization with the hard facts regarding their potential IT risk position. By putting current and potential risks in financial terms, the prioritization and breadth of security measures can be more accurately decided upon and put into action.

Some of the features of MSP Risk Intelligence include:

  • Permissions discovery
    Analyze the data access permissions for every employee within an organization's network. Get granular risk management data down to users with read, write, execute and special permissions to ensure that only the required employees have appropriate access to sensitive information.
     
  • Personally identifiable information and other protected data
    MSP Risk Intelligence automatically scans for protected personal and health information in order to prevent inappropriate data access, transfer and loss. Payment information, financial information and other potentially insecure data is incredibly costly if breached or lost. Organizations also must ensure they are compliant with HIPAA or other industry regulatory measures regarding such sensitive data.
     
  • Vulnerability scans
    MSPs can evaluate their client networks to find data or network ports that are at risk of potential breach or attack. With host-based risk evaluation scans and emerging threat discovery, a careful eye can be kept on a network's security without impacting business continuity.

All of this data is made available for review through detailed risk intelligence reports, which can be exported in PDF, CSV or Excel formats for easy sharing. The reports can also be branded with company logos for use in more formal settings.

Find out how MSP Risk Intelligence can add to your services offerings as an MSP. With our risk evaluation matrix and reporting — in addition to the suite of additional tools from SolarWinds MSP — you can set yourself apart as a provider of dependable and secure services.

Start your free trial of MSP Risk Intelligence today.

----------
Source:

Ponemon Institute: www-01.ibm.com/common/ssi/cgi-bin

Multiple-Products-CTA-Section.png
Smart, secure and efficient IT services software built by people who know your work is your passion.
Explore our Products

Related Content

IT Risk Management Software for Enterprise Businesses
Use SolarWinds MSP as the remote management solution in your business. IT risk management is the application of risk management practices into your IT organization.
Encrypted Online Storage From SolarWinds MSP
MSP Backup & Recovery from SolarWinds MSP offers encrypted online storage and cloud backup solutions that are truly secure and flexible.
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.