Security is becoming a major concern (and a major headache) for organisations. As awareness of cyber attacks and vulnerabilities becomes more prevalent (Sony is just the latest byword for ‘massive data breach’), organisations are looking for solutions that will protect their valuable assets, without breaking the bank.
And who better to supply that security expertise and technology than their trusted MSP, who they already rely on to provide their other software as a service needs. MSPs have always offered security, though too often it’s been little more than an afterthought. But there are gains to be made from improving your security offering and focusing on it to brand yourself as an MSSP (Managed Security Service Provider) and make the move from security 1.0 to security 2.0.
Here are five important things to consider if you’re planning to make that jump:
Figure out the strengths and weaknesses in your current security offering. Does it rely on ‘fit and forget’ firewalls and antivirus products? Or is there room to develop a managed end-to-end solution that will give your clients the confidence that security is one less thing they have to worry about? Depending on your clients’ needs, you may be able to provide a tiered offering, with several different ranges of products and services that meet their particular requirements depending on the value of their data and compliance demands.
It’s one thing to say that you put security at the heart of your offering. It’s another thing to actually do it. Cyber security is a fast-moving market and as yet, no-one has developed a single, one-size-fits-all solution. Partnering with an expert in the field may give you access to a suite of appropriate technology products, as well as security analysis and crisis expertise.
A security-conscious MSP should be proactive rather than simply reactive, actively extolling the security agenda and using tools not only to block potential incursions, but also to seek out breaches where they may have already occurred.
Use the standard assess/address/maintain pitch for services, but with an emphasis on security.
Assess – Take a deep dive into the client’s architecture and resources and assess the robustness (or lack of it) of their current system. Software scans for personal identification data on the company’s network, for example, can reveal potential compliance-risk information that the client may not even have been aware of. Create a detailed risk assessment and make recommendations based on that.
Address – Create projects to bring the client’s systems up to an acceptable level of risk. The level to which you as an MSP can address the issue may vary from tech-only precautions, to a fully managed and integrated service that addresses all the potential risk factors.
Maintain – An effective security solution is never ‘fit and forget’. To remain effective it needs to be maintained and evaluated on a regular basis, which can provide obvious upsell opportunities. To emphasise the importance of this approach, a secure information manager (SIM) should be responsible for all ongoing security procedures.
By putting security front and centre of your offering, you can differentiate yourself in a crowded market as an MSP who takes security very seriously indeed. There’s no need to downplay or sidestep your other services, you’ll still be able to demonstrate your expertise in them, but with an appropriate emphasis on security.