From “Insecure platforms are a threat to your business!” and “There are millions of malicious people trying to break into your systems!” to “State-sponsored security attacks are a threat to you!”, the “Chicken Little” approaches to selling security never seem to have worked. Could it be that the target audience think that the messages are just a little over the top?
The problem with platform security is that business people expect it to be there. It takes a brave IT person to go to the business to ask for money to bolster an IT platform – the obvious question from the business is “why isn’t it secure by design?”
That is a very good question – one which could be easily answered by MSPs. Even an average MSP will have designed security into their base platform: anti-virus, intrusion detection/prevention systems (IDS/IPS) should all be in place, along with pattern recognition systems to identify rogue activities that may need further investigation.
So far, so good. However, there is far more to security than just keeping the bad guys out. There is also the aspect of allowing the good guys to work in as open and free a manner as possible.
Historically, selling security as an empowerment engine has also not been successful. This has generally been down to it being sold in far too technical a manner. “Our 3DES encryption system allows data to be transferred between organisations in a manner that would take 300 years for a supercomputer to crack” is still not something that a business person will swoon at and open the coffers to pay for.
Focus on the business
However, focusing on the business benefits could well work.
With organisations now understanding (on the whole) that their business depends on the movement of information across organisational boundaries, there is an increasing recognition of the fact that the very life blood of the organisation – its intellectual property – needs better management. Therefore, stopping discussions around the actual technology and looking far more at what the MSP can offer in business terms may be a much better approach.
Indeed, messaging directly to the business, so that they put pressure on their technical teams to change, could make the sale even easier.
How to do this, though?
It’s all about the Total Value Proposition
I recommend taking an approach that emphasizes your Total Value Proposition, or TVP.
TVP recognises that any change within an organisation essentially operates three levers: it impacts the cost to the business, the risk it carries and the value that the change brings with it. This last is the most ephemeral — look at it as the capability to sell the same or more product or service at a greater margin, or to bring a new product or service to market at an adequate margin.
TVP recognises that any change within an organisation essentially operates three levers: it impacts the cost to the business, the risk it carries and the value that the change brings with it.
So, how does TVP help in selling security?
Let’s take the easiest one first — risk. Applying the right security approach massively reduces the risk of loss or the compromising of intellectual property. Score 1 for the message. However, that is obvious and not a major reason why a prospect will roll over and buy. How about that it negates the need to train every user on an on-going basis? Not many organisations think about this — and it’s major. Consider an organisation of 1,000 people with a turnover of 10% of staff and growing at 10% per annum. That’s 100 people leaving and 110 joining — not all at the same time. All these new people need training if the security system is not transparent: provide them with a system based on data leak prevention (DLP) and digital rights management (DRM) and that need for ongoing training is minimised.
That gives a score 2 to that one point when it comes to cost as well – all that training out the window. More processes can be automated, as fewer manual checks and balances are needed as information moves between organisations. Score 3 to the security solution.
How about that value? Time to market is a major consideration for the majority of organisations. Being able to streamline information flows inside and across organisations can make it that the business can gain competitive advantage. Score 4 to security, and so on.
Being able to streamline information flows inside and across organisations can make it that the business can gain competitive advantage.
A worthy investment
Sure – I’ve brought DLP and DRM into the discussion, mainly as points of clarification to you as the reader. A business person may not need to understand such terms – just describing them as ways of controlling what information reaches specific people and what they are then allowed to do with it could well be enough.
Such a focus on what security means, in positive terms, to an organisation makes the purchase an investment, rather than the insurance policy that old-style security messaging promulgates. Investments continue – even through lean times. Insurance policies can be balanced against perceived risks – and can find them being dropped from any expenditure plans.
Photo: tsyhun / Shutterstock.