It’s not really all that difficult to sell SMB customers on the idea of managed services as a way of improving efficiency and effectiveness of IT operations. It makes sense to business managers when you explain to them that a company that’s in the business of providing IT services can do it more efficiently than a company that’s in the business of making widgets or selling flower arrangements or catering weddings. It’s also not that difficult to sell the idea that outsourcing IT management services to an organization that focuses on IT only can save them money. Business people understand economies of scale, and in a tough and uncertain economic climate, they especially like the idea of a flat rate monthly fee for which they can budget.
But then you may encounter a stumbling block. One of the top concerns that organizations (both large and small) voice in relation to handing over their IT responsibilities to a third party is security. This is the same challenge that faces the big cloud providers in wooing enterprise customers. Even though many businesses haven’t deployed security best practices on their own networks, they at least feel that they have control there. With managed services, security is an unknown. The multi-tenant nature of the MSP environments worries business decision makers. Will you proactively protect their critical information and brand? Will it be co-mingled with that of your other customers? Do you have adequate security measures in place at your end, to prevent viruses or attacks against your network from disrupting services on their end? Whose responsibility is regulatory compliance? If you can’t confidently answer these questions, you won’t be able to win their trust, and trust is a fundamental requirement in selecting an MSP.
What should you do (or not do) to assure potential customers that your security measures are not only adequate, but better than what they would typically have with on-premise operations? Here are a few tips:
- Have a comprehensive written security policy in place that addresses the specific challenges of high-volume multi-tenant security.
- Have monitoring and reporting solutions in place so you can provide detailed information to customers and respond rapidly to threats.
- Be able to tell customers exactly what information about their systems and networks is transferred to your network.
- Be able to show that you deploy state-of-the-art antivirus and anti-malware technologies to prevent malicious software from presenting a threat to your customers.
- Demonstrate how you deliver services to distributed client locations through the use of secure remote access solutions.
- Demonstrate that your security mechanisms are scalable and will continue to provide protection as your client base grows.
- Address and alleviate their concerns about data privacy if you provide backup and disaster recovery services.
- Be able to tell customers that you’re involved with MSP professional organizations such as CompTIA’s MSP Partners, which focuses on creation of industry standards.
Some managed service providers try to avoid the subject of security altogether. That’s a mistake, because discussing security can actually open up new opportunities for you to point out to customers that not only is your own network secure, but you can also help them to improve the security on their networks, too. Consider adding managed security services to your portfolio, offering web application firewall services, email security and spam filtering solutions, Intrusion Detection/Intrusion Prevention systems, and so forth.
SMBs often don’t even have a full, well trained IT staff, much less security specialists on staff. Becoming a Managed Security Service Provider (MSSP) can expand your client base and increase your revenues by providing a more comprehensive package to existing clients. You can generate additional income from resale of security-related hardware and software products and provide some or all of the following services:
- risk assessment
- managed security monitoring
- change management
- compliance monitoring
- penetration testing
- perimeter management
You might even offer on-site incident response and forensics services. Think outside the box; security is something you have to deal with every day on your own network, and you can put the experience and knowledge that you gain there to work to help your clients and increase your profits. You can deliver security services cost effectively by leveraging appliance-based solutions that can be remotely managed. Taking this approach can transform security from something that costs you money and time into something that makes money and enhances your reputation as a full(er) service provider.
1 thought on “Security: A “Make It or Break It” Issue for MSPs”
Pingback: Setting Physical Security Policies for your MSP | MSP Answers