Differentiate Your MSP Practice With Security Expertise
By The Business Solutions Network
This managed services provider is increasing its average project revenue by 25 percent by becoming a security expert.
One of the biggest challenges managed service providers (MSPs) face is standing out from their competitors. MSP Choice Technologies, Inc. (Choice) has found that becoming a security and compliance specialist is one way to set itself apart from the competition. “Nearly every MSP offers security basics, such as antivirus, firewalls, and patch management,” says Steve Rutkovitz, CEO of Choice. “But these simply aren’t adequate to protect companies from today’s advanced cyber threats, or to meet regulatory compliances.”
In 2013, Choice made a commitment to become a security expert by researching and investing in advanced security technologies, consulting, and compliance training and certifications. A recent win with a wealth management company illustrates how the MSP’s commitment is paying off.
Security Audits Help Shorten Sales Cycles
If you specialize in selling hardware, it’s common for customers to delay purchases until something breaks, and they are forced to make buying decisions. When it comes to security spending, however, Choice is finding another motivator at work: industry audits. That was the case with a 50-employee wealth management company the MSP started working with last year. “We had just formalized our security assessment program, and the company was considering hiring us ‘sometime in the future,’” recalls Rutkovitz. “Shortly after that conversation the client received a letter from an SEC [Security Exchange Commission] auditor who informed them they were going to be audited within the next month. They called us back and wanted our assistance right away.”
Choice has developed a three-step process for its security evaluations, which Rutkovitz calls “Assess, Address, and Maintain.” For the first step, the MSP uses multiple network scanning tools to determine the client’s risk baseline. These internal and external scans are able to detect personally identifiable information, such as Social Security numbers and credit card numbers. “We combine the security scans with a vertical-specific compliance questionnaire containing 50 to 200 questions that we administer to clients,” he says. “This helps us to establish a policy framework and security controls.”
After running its assessments, the MSP meets with the client and provides an executive summary, which outlines the remediation process to bring them within acceptable risk parameters.
Address Security Gaps And Maintain Compliance
After completing its security assessment, Choice sold the wealth management company a multilayered security solution and managed service that began with using the BitLocker drive encryption system to encrypt the client’s laptops. “The company has lots of salespeople who keep sensitive data on their laptops,” says Rutkovitz. “By encrypting the data it protects them from being fined in the event a laptop is lost or stolen. Next, we added LogicNow’s Web filtering product, MAXfocus Web Protection and MAXfocus Managed Antivirus, which includes signature-based and behavioralbased virus detection. And, as part of the ‘Maintain’ step, we added our SIEM [security information and event management] tool, which constantly monitors system logs, looking for anomalies. This is becoming a must-have, especially in highly regulated markets where auditors require companies to monitor and archive their system logs for up to seven years.”
Guide Your Customers Through Security Audits
As a final part of the project, Choice worked with the SEC auditors to walk them through the wealth management company’s security processes. “It’s amazing how much different an audit goes when an auditor recognizes that a company is being proactive about its security rather than waiting for the auditor to find problems,” says Rutkovitz. “In the former scenario, everything can be done and over within a few days. In the latter, I’ve heard of companies spending months with auditors looking over their shoulders and having to outlay large capital expenses that weren’t in their budgets to avoid fines.”
Rutkovitz says that prior to the formal security program, an SMB customer like the wealth management company would typically result in a $3,000-a-month opportunity. After implementing the program, however, the same companies now represent $3,750-a-month opportunities.
“We also started a channel partnership program, which enables other MSPs to use our security tools and program to ‘Assess and Address’ their customers’ security needs,” says Rutkovitz. “The program helps the MSPs stand out from their competitors, their customers benefit from better security, and our expertise is rewarded, too — so everyone wins.”