How do you have security conversations with prospects and clients? Learn how our MSP Advisors approach security-focused discussions, as well as the importance of education and setting expectations.
November 05, 2018
Question: How do you handle conversations around security?
Chris Taylor: When it comes to security, it really comes down to: are they regulated, and are there regulatory issues that they have to deal with or is it strictly just a business best practice security conversation. We try to identify what bucket they fall in and start with the same fundamentals with each of those organizations. If they're regulated or not, a good security posture is needed in both. Then it's focusing on their industry and what may be different in their industry from a security perspective - and the common security things that everyone should be doing.
Brandon Nohr: We start off with ‘what good looks like.’ We compare from guiding principles and frameworks to say, ‘Here's what a good well-run network looks like from the managed side and the security side.’ When we talk to clients, it's not from a perspective of we're trying to sell you. We're just trying to agree on ‘what good looks like’ and if they agree with that, then it's around our products fitting into that.
Jamie Wolbeck: When we talk about ‘what good security looks like,’ that's the tail end. When you've had a disaster or something's happened where all the preventative measures you've put in place didn't work - for whatever reason or something got through - then backup becomes your last resort. So, that becomes a part of the overall security measure. What we find is people assume when going to the cloud or if they've got some sort of a security appliance, that backup becomes less important. We feel it's even more important. If you're going to move to a cloud application, you need to make sure that it is backed up. Don't just trust that the cloud app has got that all taken care of for you because sometimes they don't. We find those types of things all the time. We have guiding principles that help them align that and help them evaluate what a cloud vendor might look like.
Fred Alonzi: First of all, I want to be reassuring to a client because you're right, they are scared, they are worried, they don't understand it. I want to be reassuring. Most of the security happens because of a total breakdown in the security infrastructure. Very simple things: not patching; not updating; not having antivirus running; and not having control over the security credentials. All of these things are very simple and should be managed closely. There's no rocket science when it comes to firewalls, patching and antivirus. This has been around for 25 years. First, I reassure our clients. And then secondly, I reassure them that Par3 can handle all those aspects - and we do. As a managed service provider, we are watching the store and we're making sure the antivirus is up-to-date. We're making sure your Windows is being patched. We're making sure that you're staying up with the latest and greatest and firewalls. The first and foremost thing I try and do is reassure our clients that we're on, and in fact our service is called On Guard Managed Services, just for that reason. So, they know that we're always minding the store, and watching out for their best interests.