Now’s the Time to Make a Foray into Security Services

The majority of businesses are being inundated with security threats, and they’re looking for trusted business partners who can help protect their networks and data. 

When you consider the growing complexity of today’s hybrid IT environments and the overwhelming array of software and hardware solutions, it’s no wonder so many small businesses choose to outsource their IT to MSPs. A recent managed services study conducted by Barracuda MSP and The 2112 Group found that MSPs are making out pretty well, too. The average percentage of channel partner gross revenue derived from managed services was between 21 percent and 30 percent with an average profit margin of between 11 percent and 21 percent.

While it’s no surprise that channel companies focusing on building and sustaining recurring revenue tend to have greater success than those simply reselling products and providing break-fix services, the research did unveil a big surprise: Only 15 percent of the surveyed channel companies offer some form of security services today.

At a time when stories like WannaCry, NotPetya, and the Equifax breach dominate headlines, the majority of MSPs aren’t helping their customers in this critical area. And when you consider the primary audience MSPs serve — the SMB market — that means the companies with the least amount of internal IT expertise are being left to fend for themselves.

Even if your company is currently finding success selling only basic managed services, there’s never been a better time to make a foray into selling comprehensive managed security services. For starters, a well-rounded cybersecurity offering will help you better protect your clients, strengthen your relationships with them, and ultimately grow your business.

If you’re looking to capitalize on this lucrative opportunity, here are three steps you can take to strengthen your technology stack with security.

Step one: Start with the basics

When it comes to evaluating security solutions, the choices can be overwhelming. To help simplify things, here are the most common security categories to start with, along with a brief explanation of each one: 

·       Advanced Firewall and perimeter security. An advanced firewall solution with active management acts as traffic cop on the network perimeter, applying a set of rules to specify which traffic it will and won’t allow to pass through it. These sophisticated devices typically pick up where border routers leave off and do a more thorough job filtering traffic.
 

·       Security help desk. Security help desks offer a number of security-specific services to clients, such as helping users address strange pop-up messages, browser hijacks, and infections, plus performing tasks such as remotely wiping infected machines and more.
 

·       Data loss prevention. Sometimes confused with backup and disaster recovery (BDR), data loss prevention (DLP) is a strategy for making sure end users don’t transfer sensitive or critical information to a personal device, external media (e.g., a USB drive), or outside the corporate network.

·       Backup services. Not only does this category include a wide array of backup types (e.g., file, image, virtual, on-premises, and cloud), it also includes the management of these services to ensure they’re working and that data can be restored when needed.

·       Endpoint security and antivirus. Anything that connects to a network–such as a desktop, server, or mobile device–is called an endpoint. Solutions that control the access and authentication of these devices would fall under the responsibility of endpoint security. Antivirus software is a simple form of endpoint security that operates like a personal firewall by scanning packets attempting to enter a device and quarantining threats.

The above categories are all examples of basic security solutions with lower barriers to entry, which makes them a good place to start if you don’t currently offer any security services to your clients.

Step two: Take a layered approach to IT security

Instead of simply selling point products, though, it’s important to protect multiple threat vectors, such as email, web applications, remote access, and mobile devices. This requires using layered controls to limit what can be accessed if a breach occurs, and having solid business continuity and disaster recovery plans in place so you can help clients recover quickly and easily if something does go wrong. 

The recent Equifax data breach, which potentially exposed sensitive information of roughly 146 million American consumers, is a good example of why a multi-layered approach to security is so important. According to a company statement, the breach exploited a web application vulnerability to access certain files over a period between mid-May and the end of July. In an article from The New York Times about the breach, a fraud analyst from Gartner pointed out that Equifax should have had layered controls in place to help limit damage from the attack.

Step three: Take a consultative approach to selling Security-as-a-Service

As unbelievable as it may sound, a large percent of managed security service providers (33 percent, according to The 2112 Group) wait for customers to ask them about their offerings–often after the customer has suffered a breach–rather than proactively talking to customers about security.

When you consider how much is at risk for customers that aren’t properly protected–ranging from downtime to loss of intellectual property, financial loss, and harm to their reputation–it only makes sense to proactively talk about security.

Keep in mind that with a topic like security, you don’t have to oversell it. The news stories and plain facts are plenty alarming on their own. MSPs find more success taking an educational approach that involves a combination of dialogue and sharing thought leadership information via blogs, case studies, or even lunch-and-learns that include security tips and best practices. Also, look to your vendors for resources they may offer. Barracuda MSP, for example, has a short risk assessment survey for MSPs that can help them ensure they are doing everything they can to protect their customers from today’s sophisticated threats.

It takes time to choose the right security solution to add to your technology stack and get your clients to understand the importance of incorporating these services. But, in the end, you’ll have a stronger, more lucrative offering, and your clients will be less likely to make headlines for all the wrong reasons.

Neal Bradbury is Senior Director of Business Development for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for generating greater business value for the company’s MSP partner community and alliance partners.

Guest blogs such as this one are published monthly and are part of MSPmentor’s annual platinum sponsorship.