Selling layered security is an extremely important component of today’s managed services offerings. A lot of our partners tell us their customers are asking for more advanced security protection; therefore, it's critical that we set out some of the different ways you can sell different levels of security to your customers. It’s also important to understand how to manage the process around selling security and ensure that it's efficient and scalable—and profitable, too.
The first big question you need to ask customers is: are you looking to manage security or mitigate risk? The reality is, the level of risk that a customer deems acceptable to their business is going to dictate the level of security they need—i.e., the services, software, and tools required—and ultimately, the amount of labor you charge against the contract.
All of that obviously carries a cost burden, and business owners really need to understand what level of risk they truly want to mitigate against and the point at which it doesn't fit their business. They're going to be looking for guidance here, and this is where you as a service provider can add value. The security side is where you can educate your customer, but the risk mitigation discussion is really going to dictate the overall investment they need to make to protect their business at different levels.
Is your customer prepared for a breach?
To begin to understand the level of security they need, business owners need to consider whether or not they are prepared for a breach, and what their biggest concern would be if one happened to them. What would happen if all of their client data was stolen? How would they manage that situation? How would they inform their customers? From here you can help them look at how to mitigate the risk of a breach within their business.
To do that you need to get them to think about where the breach could potentially come from. Typically, we see that it comes from the employee level. That’s not to say they did it in a malicious way, necessarily; they may have just clicked on something they didn't mean to. As a service provider, this gives you a clear opportunity to talk to your customers about regular employee security training. The more you can mitigate the risk between the chair and the keyboard, the better off your customer is—and the better off you are.
Another key factor to consider is compliance. There really isn't a business in the world today that doesn't have to adhere to some level of compliance—for instance, PCI in terms of credit cards. There's always some level of compliance and this is a great justification for why companies need to spend money on securing their networks and protecting their data. If the business owner isn’t confident their organization can remain secure or meet compliance levels, they're going to have to make an investment to get to that point.
Is you customer ready to invest in their future?
A lot of these questions you can ask your end customers to gauge the level of investment they've already made in security; you can also use them to gauge their interest in making a greater or future investment in better security practices.
From an implementation and process perspective, you also need to have a clear understanding of the security practices you would need to put in place. This means looking at what limitations to put on users, what limitations to put on access points, understanding what users need to do on a daily basis, and what is required in terms of overall best business practices.
In terms of process, you also need to understand how you can address breaches or security incidents in real time—whether that’s coming from an end user saying, “I believe there's an issue,” or from something you've identified through proactive threat detection or management within the environment. From there you need to establish the exact process for when a security incident occurs.
Only when you can answer these questions are you in a position to really double down on the technology you need to supply and how you need to implement it. By going through this process, you’ll build confidence with your customer and ensure you have the right system in place for the job they need done.
This blog is taken from David Week’s webinar Selling a Layered Security Offering for the MSP Institute. You can view the full webinar here
To find out more about the MSP Institute, click here.
David Weeks is Senior Global Channel Sales Manager at SolarWinds MSP.