Q: I started my business as a break-fix service and eventually grew into a managed service provider. Offering a new tier of services has helped my business grow tremendously. Given the current threat landscape, I want to expand our offerings again to include more managed security services. How should I break into selling more security services?
Security is certainly a smart next step for any MSP looking to expand their offering. It’s something that every business needs, and offering services beyond anti-malware and anti-virus can take your business to the next level. While there are plenty of technical components to consider before offering new services, making the change the right way will help you secure your customers from looming threats and increase your margins in the process.
To give you the best advice possible, we consulted Neal Bradbury, senior director of business development at Intronis. Neal has worked with the MSP community for years and has been recognized as a CRN Channel Chief four years in a row. He is also a member of the executive council for CompTIA’s IT Security Community Group. To help you grow your business by offering managed security services, Neal shared some tips on what you should consider before you make the transition.
Growing your business
The first question you should ask yourself is are you a generalist, or is your MSP vertical-specific? A vertical-specific MSP should consider which compliance regulations they need to follow and what they need to do to meet those requirements. For example, if you specialize in offering managed services to the healthcare field, focus on offering security services that will help your clients stay HIPAA compliant.
Many MSPs partner with managed security service providers (MSSP) or work with vendors to deliver extensive security solutions to their customers. You don’t necessarily need to build in-house security services and products for your customers. You can leverage your resources instead. As security becomes a more prevalent issue in the market, more and more vendors are releasing security products to help MSPs keep their SMB customers safe. See what products your current vendors are offering and what kind of training incentives they have for their products.
Going beyond the standard level of protection
Most MSPs offer some sort of base protection for their SMB customers, including services like antivirus, anti-malware, patching, and sometimes a basic firewall. All of this is usually included in their MSP service package or added on for an extra monthly cost.
Going beyond that standard level of protection, SMBs should expect to pay more for robust security solutions, and you should charge accordingly. Add-ons might pose difficulty especially when it comes to traditional pricing tiers. If you’re currently pricing your services on a bronze, silver, gold model, consider offering the same sort of tiers for the new security products you’re planning to offer.
Besides considering outside requirements like compliance, deciding which products to add to your offering might stump you initially. Strategically, try to protect the vector where the most threats are coming in. The two biggest vulnerabilities today are email, and traffic through browsers, so you should protect incoming and outgoing emails, as well as on-prem servers.
The rise in malicious threats through emails is drastically increasing—including phishing, Trojans, and even malicious attachments. Many advanced threats bypass traditional email filters, sneaking into your customers’ inboxes undetected. Find a robust email security solution to prevent this from happening.
Web-browser security is another overlooked area of security area. Traditional firewalls can’t spot website spoofing, allowing customers and their end-users to mistakenly enter information into fraudulent websites. Implementing next-generation firewalls for your customers will help mitigate these types of attacks by blocking spoofed sites.
Before you implement a plethora of new security solutions, make sure your team has the skillset to support these solutions. So, before you start selling these new types of security solutions to SMBs talk to vendors about security training and how to properly implement the solutions.
Too many companies rush into security without properly preparing their team. According to the 2016 Verizon Data Breach Investigations Report, 9.8 percent of all attacks were due to a misconfiguration issue. Although it might not seem like a significant number, this is a preventable cause, and it can mean that you’re giving your SMB customers a false sense of security. Training is extremely important, so make sure you do research before you deploy.
Adding security services to your managed service portfolio is a big step and should not be taken lightly. But when executed properly, offering new security services can help elevate your MSP and protect your SMB customers from looming cyber threats.
Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com.