Pivoting to sell security and properly position your MSP in the security space is not easy, nor is it fast. What I experienced myself as the first step was the conversation with my clients around their risk, what I am learning, and how we can start to team up to protect their digital assets. Often for my MSP, that meant working with them to train their staff on security awareness and following up with the basic elements of a good security posture—both the website DNS filter and the online SAT (plus email phishing), to continue the learning that we instilled.
Where to Start
Most MSPs have done something similar in the way of selecting a few security solutions and starting with those at their entire client base. Whether it’s a more robust email filter/spam solution; whether it’s a comprehensive backup solution, advanced endpoint protection, or like me —DNS and SAT, we see MSPs starting with improving their own risk by getting a few solutions in the door and on the networks of their clients. Those initial few solutions are not always ones that MSPs bill their clients for, either. We have seen many that will get a layer of security into their client sites just to ease their own sense of impending doom—or some that will implement the basic solutions without profit; charging only what they are paying, to ease the burden on their clients.
What is missing in this scenario is education and setting proper expectations with the clients. Too many MSPs are viewing the implementation of additional security as too large of an ask of their clients, and I understand why—price sensitivity is a very real burden that MSPs deal with on a daily basis. So, the leaders in the security space identified early on, the conversation and constant education around security is what allows for the relationship expansion to address security properly. An educated client will not only understand their risks, but partner with their MSP to budget in the highest priority security on a timeline that makes sense. They won’t say no, if they truly understand and appreciate the MSP’s efforts to partner with them.
The second step in pivoting to security would be to make sure the MSP’s entire team understands each of the security solution layers themselves—and uses them—so they have confidence in their ability to speak to and justify the solutions they are selling. This is a crucial step as it allows the MSP to experience their own wares, if you will, and provides for better internal adoption and a culture shift that will translate to expertise with their clients. Messaging on social media about each of those solutions—why they were chosen, what they were compared to, what was learned in the implementation process—all of these details are important to get out there in ongoing dialogue with your prospects and clients.
Walking Away Prepared
And the third step is to develop the pricing and packaging behind all of those selected solutions, so your MSP has something to take to the clients and walk through. I used the 15-ways infographic with my clients, so they could understand all of the elements, which is a handy way to demonstrate the solutions the client has in place already vs. the ones they don’t have and need. In that conversation, asking for the security assessment go-ahead opens the door to returning with a plan of action, incorporating the appropriate security package, budget and timeline to address the highest priority gaps in their security posture. Being able to get sign-off on any solutions presented but declined by the client is integral to protecting the MSP and also reinforces the critical importance of that solution as a missing piece of the puzzle.
Whatever path your MSP takes to pivot to sell security, I hope it’s something that is made priority above all else. Continuum’s recent report on the state of cybersecurity for MSPs and SMBs proves a point I’ve been driving at for almost five years now: the SMBs are indeed underserved and underprepared for what is happening now and yet to come. Your role as their MSP has never been so important, and the opportunity never so great as it is right now.
To learn more about what it takes to master your approach when selling cybersecurity, you can find more videos from me here, where I address MSPs' top questions and concerns.
By Steve Lowing
By Meaghan Moraes