Ask an MSP Expert

Q: With so many emerging threats, we’re looking to add more security services to our portfolio. How can we overcome the challenges of selling security to our customers?

There is a huge opportunity for IT service providers to move into the cybersecurity space, and recent projections show that demand will continue to grow. Cybersecurity Ventures recently projected that the cybersecurity market will be valued at $120 billion this year and worth $1 trillion by 2020. To capture this market share, more channel providers are thinking about incorporating security solutions into their offerings, but they’re finding themselves running into a few common problems.

To give you strategic advice on building your security offering, we spoke to Chris Johnson, who is a member of CompTIA’s IT security community executive council, and cybersecurity compliance strategist at OnShore Security. Based on his extensive hands-on experience in the channel, Chris shared actionable advice on how managed service providers can approach clients about new cybersecurity services.

Overcoming common security challenges

Over the past few years, selling security has become much easier, and the sales cycle is completely different. Instead of knocking on doors yourself and asking people if they want security services, you’ll now see small businesses approaching you about cybersecurity.

When it comes to selling security, many managed service providers believe they need to change their entire business model. But, the truth is, you don’t need to be a managed security services provider to offer a suite of security solutions to your customers.

As an MSP, you are now being pushed into a number of security services, however, don’t feel obligated to offer every service customers are requesting. Instead, pick and choose which services make the most sense for your business, and then partner on the services where you don’t have the confidence or that you don’t want to invest resources in. Partnering with other providers who have different areas of expertise can help you meet the needs of clients who are looking for these specific solutions.

One of the drawbacks in the managed services space is that we are using MSSP as a buzzword. In many cases, providers need to ask themselves if that’s what they want to become. MSPs don’t necessarily need to make the transition to MSSP in order to offer security services, so it’s important to consider what you want your business to look like. But, if you are going to sell security services then you have to live it! It isn’t enough just to implement security components in your customers’ environments, you need to secure your environment as well. For example, if you were going to hire a cleaning service for your office, but before you did, you saw that their office was a disaster; would you still hire this company? The same principle applies to your managed service business.

Perhaps the biggest challenge, though, is that the services you’re already selling can be classified as a security offering. As managed service providers, we’re expected offer proactive and reactive services to protect business-critical data, and we often muddy the water in the delineation of what is a security service. For example, patching a Windows desktop is essentially making that machine more secure in order to meet certain regulatory compliances. By changing the language around what you offer, you can articulate how you’re already providing certain security services. But, security service offerings are still not a guarantee that they are now safe.

Getting the conversation started

Starting the security conversation is easier than ever before. In fact, almost two out of three clients will approach you about security before you get a chance to reach out to them. But, sometimes getting the conversation started with current customers can be difficult. Here are a few ways to get started:

Leverage channel tools. CompTIA has a free security assessment wizard. This offers a series of questions that can help you have conversations with customers, such as, “Do you have IDS, IPS, or MDM policies?” It’s a good tool to help start the conversation about why you need security services or products.

Understand customers’ fears. Usually fear tactics backfire when it comes to selling security, but playing to that fear when it’s brought to your attention can be very valuable. You don’t need to make that fear bigger than it already is. Instead, use your consulting abilities as a managed service provider and use their fear to help move them through the process. While you don’t want to make their fears larger, you don’t want to downplay the reality either—cyber threats should not be taken lightly.

Highlight what you did differently. While you want to articulate what your products can do, you also want to be able to explain why it matters to the customer. Even after you set up the security solution, showing which threats were detected isn’t enough—and customers will eventually get sick of seeing the threat reports. Instead, take that conversation and show clients what you did differently to their environment that will impact it going forward.

An important thing to keep in mind when you’re talking to current and potential customers is that it’s less about showing your clients the portfolio of services you can offer them, and more about understanding the difference between their security wants and needs. When you’re putting together a service recommendation based on their environment, it should address the solutions they need, not just the services they want. Doing this will lead to more consulting and sales opportunities—instead of overwhelming customers with all the services you offer.

There’s certainly a lot to consider when you’re looking to move into the managed security space, but it’s important to keep in mind that just because you offer managed security services, you don’t need to become an MSSP. Using this advice can help you overcome common security challenges, and talk to your current managed service clients about additional security solutions.

As a closing thought, Chris shared: “If I were to go back five years, I would advise myself to take more of a compliance route … by helping SMBs focus on the value of their business by operating more effectively and efficiently. And, security is the part that ensures those things happen.” After all, what good is it to have locks on your doors if you leave them open?

Photo credit: Jirsak / Shutterstock

Lauren Beliveau

Posted by Lauren Beliveau

Lauren is an Editorial Associate at Barracuda MSP. In this position, she creates and develops content that helps managed service providers grow their business. She also regularly writes The MSP’s Bookshelf and our Ask an MSP Expert column.

Leave a reply

Your email address will not be published. Required fields are marked *