Guest Column | May 19, 2017

How To Add Security To Your Offering

Scott Spatz, VP of Sales Administration, Cooperative Systems and ASCII Group Member Since 2012

Scott Spatz

One of the most dynamic components of our services offerings is security. Not only is it ever-changing, but there are countless variations and forms of protection we need to be aware of and be providing to our clients. When you then consider the number of software manufacturers in that security space, it can become overwhelming and confusing as to how to approach security for your clients.

The good thing for us is clients are inevitably far more overwhelmed and confused about security than we are. That said we need to ensure we educate our clients and offer protections that are appropriate for their businesses, as well as make sure we will be able to efficiently and effectively support and maintain these for them going forward. As we’ve developed and refined our security protection offerings, we’ve determined the following elements to be vital to a successful security offering.

  • Multi-Layered Approach
    • There is no silver bullet out there that can protect against it all so make sure you layer on the security protections. As a standard core protection for the endpoint devices you support and maintain, you should include anti-virus, anti-malware, anti-rootkit, DNS filtering, etc.
    • Of course, there is some added cost to having multiple products in place on every endpoint you support, but it is well worth the peace of mind as well as a reduction in the quantity of remediation work you’ll need to do for your clients.
    • As a standard, each of your clients should also have firewall/gateway security protections (IDS/IPS) in place as well as an e-mail protection platform.
  • Standardization Of Products And Services Used
    • There is absolutely no way your staff could possibly be, nevermind remain, proficient and efficient at supporting every available security offering out there in the marketplace. Develop your own standard set of security protection software platforms, and stick to it. Choose one anti-virus platform, choose one anti-malware platform, etc. and base your offering on those standard platforms. In most cases, you’ll need to rip and replace your clients’ existing security protections and install your standard set, but it’s easy to explain why that’s valuable to them and how it ensures your staff can do their jobs effectively for them going forward.
    • Our staff is trained and well-versed on the standard set of security products/services we offer — we do not support multiple manufacturers of each type of protection, and will standardize on these platforms prior to day one of a service contract.
  • Categorization Of Offerings
    • Different types of businesses require different levels of protection, often taking into consideration industry-specific regulatory compliance requirements and best practices. Make it easy to educate clients on what their business may need for protection. Start with a base endpoint and e-mail protection suite for your core (as mentioned above), and then categorize your additional security offerings such as device encryption, security monitoring (SIEM), data loss prevention, etc.
  • Ability To Centrally Monitor And Report
    • Security is all about immediate notification and central repository of the information
    • Make sure you are able to centrally receive alerts from all of your security platforms; use an RMM tool to centrally monitor and script and a PSA tool to centrally ticket and document all activity.
    • Deliver high-level, meaningful reports to clients during technology business review meetings. Don’t bore them with details, but show value in the protections you have in place.
  • Security Awareness Training
    • Humans are still the weakest link in any security program. You can have the most comprehensive, multi-layered security protections in place, but humans can still easily introduce vulnerabilities into your clients’ environments.
    • Implement a security awareness training program as a standard to your base security offering. There are a few platforms out there aimed specifically at MSPs that are affordable and provide a great value to us and to our clients. It’s a nice differentiator, too, that many MSPs and IT service companies aren’t doing yet.

Regardless of resource constraints, we’ve found SMBs are unanimously receptive to the message there is an imminent need for cybersecurity protections for their organization. By integrating security services into your MSP offerings, you are reinforcing that you are building your offerings with the client’s needs top-of-mind and placing security as a high priority.

About The ASCII Group, Inc.
The ASCII Group is a vibrant reseller community of independent MSPs, VARs, and other solution providers. Formed in 1984, ASCII has more than 70 programs that provide turnkey cost-cutting strategies, innovative business building programs, and extensive peer interaction. ASCII members enjoy benefits such as marketing support; educational information; group purchasing power; increased leverage in the marketplace; and multiple networking opportunities. These programs enable ASCII members to increase revenue, lower operating costs, and grow service opportunities. ASCII is the oldest and largest group of independent information technology (IT) solution providers, integrators and value added resellers (VARs) in the world. Learn more at