As a managed service provider, your customers have entrusted you to manage their IT infrastructure and their security so it’s important that you are making the right choices to secure their environments and keep cyber criminals at bay. In my years of working with our Managed Service Provider partners, I’ve seen a number of mistakes made by MSPs that I wanted to share with you in the hopes that you can avoid them and keep your customers safe.
You believe that AV is just AV
Let me start by sharing a story you’re familiar with, and may have personally experienced like me, regarding the details of a now infamous credit card breach.
In 2013 Target was the victim of a carefully planned and executed cyber attack that resulted in 110 million credit card credentials and other customer information getting stolen. I won’t bore you with all the details, but the ensuing investigation revealed three interesting pieces of information I want to highlight:
Cybercriminals have become increasingly more sophisticated in recent years which demands more feature-rich and intelligent security solutions backed by global threat feeds and big-data analysis capabilities. It’s naïve to think that AV vendors just sell AV products. The fact is, if any vendor just focused on anti-virus today, they would be out of business. AV vendors today have a broad set of techniques to protect against old and new threats like ransomware, malware, bots, rootkits, viruses, spyware, etc. Don’t fall in to the trap of thinking legavy vendors aren’t constantly innovating and developing new protection techniques like machine learning to combat new types of threats beyond just AV.
You’re letting the customer dictate which security solution to use
Most, if not all of you, probably have a diverse set of customers you work with including doctors, lawyers, accountants, pet stores, dentists, coffee shops, and so on. These customers are likely very good at their respective professions, they aren’t experts in security though. That’s where you come in. Your customers trust and rely on your expertise to keep them secure so they can focus on doing what they do best, whatever that may be.
Often times the customer may already own a security solution or let you know which solution they would prefer. By letting your customers choose their own vendor, not only will you incur additional costs by having to support and train your technicians on many different products, but you also create a dangerously inconsistent security posture across your customer base. You wouldn’t tell your dentist which tools to use for a root canal, so why would you let your customers tell you which security solution you should be using to protect their environment?
Don’t pick a security solution based solely on price
I took a marketing class in college and while I don’t remember much about that class specifically, one case study stuck with me throughout my career. It was about a company that made smoke detectors. Smoke detectors aren’t terribly exciting, but we all have them, we are all familiar with what they do and we understand their importance in keeping us and our families safe and secure in the event of a fire. The short version of the case study was that the company decided that in order to increase sales, they would lower the price of their smoke detectors. If you have even a basic knowledge of supply and demand, you would expect a decrease in price to result in an increase in sales. Strangely, that wasn’t what happened – sales actually decreased. When all was said and done, it turns out that when it comes to personal safety and protecting your family, people perceived a lower priced smoke detector to be of lower quality which wasn’t a risk people were willing to take. In other words, people were willing to pay a premium to protect what they perceived as valuable. In this case it was themselves and their families, in your customers’ case it’s their data, intellectual property and business assets.
When the security you’re offering your customers is chosen based on price not only are you putting your customers at risk due to reduced feature sets, but you may also be incurring costs that aren’t factored in to the price of the product such as having to purchase bulk licenses up-front, committing to terms that may not align with your business model, spending money on additional products to supplement missing features, and any costs associated with having to handle renewals, such as tracking expiration dates, co-terming licenses, chasing down missed renewals, etc.
You’re not leveraging the cloud.
Many of you have likely been in business for a long time with established customers and processes in place. One of which is probably renewing and managing legacy on-premise security products for your customers because they either “just work” or you’d rather not incur the costs of migrating your clients to a cloud-based equivalent, which is likely a non-billable activity. It’s easy to overlook the hidden costs of on-premise security solutions, such as patching and upgrading, as well as difficult to justify the cost of out-of-date remote or roaming employee machines increasing the risk of infection and burdening your bottom line.
Many MSPs I talk to view SaaS and cloud applications as a threat to their legacy, and out-of-date, business model that was heavily dependent on hardware margins and setting up and maintaining servers. The reality is, while SaaS eliminates hardware and server maintenance, there’s still value in providing your expertise, setup, configuration, and management skills to customers utilizing SaaS applications.
You’re missing out on these opportunities.
Customers and their employees have never had it easier to do their jobs. With a plethora of smartphones and mobile devices to choose from and an ever-increasing number of SaaS applications like Office365, workers can do their jobs anytime, anywhere and on any device. Of course, these devices and SaaS applications are often neglected from a security perspective either out of stubbornness, ignorance or oversight.
Some interesting data points to share about these often neglected platforms:
As a managed service provider, you should be educating your customers about the need to protect these platforms and it’s an opportunity to build additional recurring revenue streams for your business.
The good news is whether you are making one or all of these mistakes, it’s not too late to turn things around. Here’s a short-list of things you should consider when choosing a security vendor to partner with for your managed services business:
Are you making any of these mistakes? If so, it might be time to make the best switch for you and your customers.