This year, more and more MSPs will be starting to adopt security services into their portfolio. However, it can be especially daunting to understand where to break into the offering. On a recent episode of MSP Radio, Craig Sharp, MD at Abussi, a UK-based MSP, discusses how to approach security with new and existing customers, what to expect when offering these services and how MSPs are primed to take advantage of this new area of SaaS-based solutions. When considering adding security services to an MSP’s portfolio, here’s what Craig has to say:
“All of our clients are engaged with IT to do an increasing amount of business. Back in the day, letters, mail, information was sent directly in more traditional ways. But now our clients are sending information by email, banking online and carrying out credit card transactions online. Everything has an online element to it. Therefore, a lot more information is coming through that electronic space.
The challenge is that people have not caught up with security issues, and so sometimes individuals can be duped or asked to do things which aren’t really accurate. I think that’s where you can start to really bring some value to your clients. There’s always going to be an opportunity for you to talk about security because it’s on the lips of people when you visit them. So the opportunities are hot for MSPs, and that’s why it’s important for MSPs to build some sort of security element into their portfolio. Perhaps not become ‘the great security expert,’ and perhaps not offer every conceivable level of security support, but it has to be a conversation point when discussing your services with existing and prospective customers. And I think it's also an opportunity for you to find partners—particularly if the security requirements of the clients you are talking to reach a certain level where you say ‘we have a number of tools in our toolbox, but you’re now seeking some things that can be moved off to a highly qualified partner.’ So I think it’s about beginning those conversations, seeing where the opportunities are, and then working with external partners as needed.”
Craig also shared some ideas on getting started and taking first steps:
“I think there has to be a selection of services that you offer as an MSP which will touch on security; I think you’ve got to consider the issues of AV—so, your antivirus products and anti-malware. We all know that AV is not just 'AV' anymore; it offers a broad range of services for malware, spyware, etc. So, I think you’ve got to be offering some basic bases to be covered like AV and firewall, but you may also look at OpenDNS, for example, which provides a type of additional 'perimeter' protection. You’ve also got to be looking at things like user education as well. So, a little bit of hardware, a little bit of software, and a little bit of soft skills with education. And all MSPs should really be focused on those as basics.
I think it’s often understood by MSPs that what they think of as basic issues are, to the end user, seen as highly advanced solutions. So it’s important to remember that as an MSP you are their expert; you may discuss things that, to you, are quite typical or obvious, but many small companies don’t have even the most basic introduction of software or services to cover security problems so those may be low-hanging fruit in terms of getting started."
To hear more of Craig’s episode on MSP Radio, subscribe at Continuum.net/podcast.