The potential business revenue from rising compliance requirements and security threats is hard to ignore. Businesses, particularly the SMB segment, need the channel’s help.
The increasing press coverage of ransomware attacks and fines for non-compliance is driving awareness and urgency. Even the slow adopter business owners and managers know something needs to be done to limit their corporate risks and individual exposure ̶ and time isn’t on their side.
Of course, that doesn’t mean MSPs have “carte blanche” with the services and solutions they propose. Budgets and approvals stand in the way. Cost-effective is a must, especially for non-profits and organizations that neither collect nor store valuable or sensitive data.
MSPs must build sensible practices that address their customers’ realistic problems and concerns. In some cases that will require a more advanced toolset. Not just to meet regulatory and legal compliance requirements, but to adequately protect their data, systems, customers, and employees.
With so many security options available to channel professionals, what could and should that building process look like? Numerous factors come into play, including the current capabilities of the firm, but the broader steps are fairly straightforward.
- Acquire advanced knowledge and expertise
You don’t build an MSSP business overnight. It takes time and considerable effort to obtain cybersecurity expertise and develop highly effective best practices. Providers must learn how to implement unconventional protection processes and deliver the types of innovative services that will keep their clients’ businesses complaint and secure.
So, how do MSPs go about acquiring that advanced security knowledge and expertise? Hiring and training are the most viable options for boosting internal skills ̶ though both often require significant investments. Cybersecurity professionals demand (and get) top dollar and education programs take time and resources, though the payback can be substantial.
The first step for those building a new practice is to research options in their area. Is the talent available and, if so, what’s the dollar cost? Could current team members or recruits gain the needed skills with the right training? After determining the costs of each, MSPs can get to work building out their new practice strategy.
- Develop strategic partnerships
Should MSSPs construct all-inclusive cybersecurity services (including pen testing, end-user training, etc.) themselves or develop strategic partnerships to help fill any gaps in their offerings? The answer depends on a number of factors, including skill level, work capacity, and customer expectations.
Most MSPs take the same conservative approach with security as they do with other new practices; tacking the core activities on their own while outsourcing more complex and specialized services to trusted peers.
The latter point is crucial. What companies are deserving of your trust? Ask your peers. Most channel professionals begin the cybersecurity partner search by having conversations with respected MSPs, trusted vendor and distribution reps, and other industry professionals. References and recommendations are essential.
- Build the appropriate toolset
What does an MSSP’s portfolio include? First off, cybersecurity tool sets must be tailored to the specific needs of each provider’s clientele and be dynamic ̶ enhanced over time to address the latest threats and compliance concerns. Many providers assess their portfolios and programs at least quarterly, and take immediate action when potential issues come to their attention.
Different organizations have varying governance, risk and compliance needs. In addition to traditional endpoint protection (antivirus, data loss prevention, firewall, intrusion detection and prevention, and application whitelisting) and other standard security tools, your SMB clients may need services such as risk assessments, incident response support, and penetration testing. Your portfolio must reflect the anticipated support requirements for current and prospective customers.
- Shift the sales mindset
MSSP’s have to understand the approach to selling cybersecurity is somewhat different. Like managed and cloud services, the process should be more consultative. The biggest difference is on the education side. MSSPs have to walk the line between selling fear and prevention ̶cultivating the reasons for strengthening protection measures without being overly dramatic.
That balance can be tough to obtain. Sales professionals are typically extroverted and passionate in their conversation and may need to tone it down a bit when focusing on cybersecurity. MSSPs should spend extra time training these teams, particular in role-playing, and develop sales collateral that supports their mission.
- Connect with prospects
Cybersecurity is a hot topic in the business community, and the amount of information flooding the media and marketing channels is dizzying. Providers need to differentiate themselves in this noisy and crowded market by projecting their value minimizing the effects of attacks and poor employee decisions.
How? MSSPs need to focus their marketing efforts on the education side, highlighting security standards and compliance requirements, and how the provider helps businesses achieve those objectives. Social media and blog posts are great tools for communicating those messages. Savvy MSSPs volunteer to write cybersecurity-related articles for local newspapers or trade journals and share their expertise with members of community organizations such as the chamber of commerce.
Few channel opportunities offer a better way of differentiating your services and increasing your value to customers. The path to cybersecurity success is often littered with obstacles but, with the right plan and a little help from industry friends, the process should be a lot less complicated and costly.
Brian Sherman, GetChanneled