10 Steps to Managing Your Service Provider Transition
Now more than ever it’s critical for security integrators to cultivate recurring revenue streams. So dive into this guide for transforming your security business into an MSSP that includes a cybersecurity offering.
What exactly is a managed security service provider? It’s intriguing how the MSSP acronym is being used more and more to describe managed electronic security providers that provide technology such as video surveillance and access control while also being used to describe a managed cybersecurity provider.
Today’s MSSP organization is quickly evolving and the lines are beginning to blur between the segments of electronic security and cybersecurity. It’s happening as a growing number of providers are starting to offer both types of security services to their customers.
Enter the era of the converged MSSP. What are some of the key things to consider when evolving to an MSSP who provides cybersecurity services? The following 10 tips will help get a true cybersecurity offering off the ground.
TIP #1: Talk to Customers
When establishing a new solution offering, understanding the interest level of existing customers is a great place to start and a logical first step. Having conversations with customers to find out if they have a cybersecurity program in place is paramount.
Every organization’s cybersecurity program is managed with a unique team structure of resources depending on their cybersecurity maturity and budget. Especially seen in small to mid-sized organizations is a limited number of resources and skillsets, providing a great opportunity for MSSPs to assist.
It’s important to understand it’s not just the IT leader in organizations involved in the cybersecurity decision-making process. Today it’s often a team leadership conversation with the CEO, CFO and COO also playing a pivotal part in cyber risk management and strategy.
Preliminary conversations with customers clarifies if there is an opportunity to provide cybersecurity. Once the need has been identified, those initial conversations can also serve as the source for trusted test pilots to help get out of the gate quicker, as opposed to starting from scratch with new prospects.
TIP #2: Establish an Internal Champion
Having an internal champion in the business to lead this new initiative is going to be helpful for rapid success, especially given that attention stills needs to center around day-to-day business activities like ongoing customer needs, projects and daily challenges.
Trying to build a new cybersecurity offering in a part-time capacity will make it slow to emerge and may not drive traction, possibly eventually burning out before it ever really catches fire. That is why it’s so important to find an internal champion who has a passion for cybersecurity, understands customer needs, thrives on new opportunities and is aligned on the vision.
TIP #3: Find the Right Vendors
Cybersecurity vendor selection might seem daunting. With thousands of technology companies in close to 100 categories, vetting and selecting the right vendor partners will take work. For an MSSP, the more single point solutions offered, the more challenging it becomes in terms of vendor management, internal technology training and ongoing technical overhead that may result in margin erosion. Finding solutions that have numerous single point technologies baked into one platform, that are easy to deploy and feature built-in automation, can pay dividends to reduce this strain.
TIP #4: A Staff of Cybersecurity Pros Is a Plus
With the right vendor partner in place, it is possible to go to market with sales and marketing without internal cybersecurity pros on staff . The right vendor partner will have cybersecurity skillsets in house and will be ready and willing to have those resources help win business and support customers appropriately.
Since the success of both organizations is directly tied together, it’s important to lock arms and support each other closely, especially when coming to market. A good partner can support efforts around product demos, solution design, training and even customer support.
Many products on the market are automated, and easy to deploy and manage, reducing the need for high-level technical resources. In time, internal resources become better educated in the cybersecurity field, eventually allowing them to take the responsibility away from the vendor.
TIP #5: Customize Solution Packages and Pricing
Every business has a unique customer base, whether focused on a vertical market, specific employee count or the type of organization served (e.g. specifically servicing public or private organizations). No matter the customer audience, there will be an opportunity to build and deliver a cybersecurity offering that is a custom fit for their needs. Packaging does not have to look like a competitor down the street and the more unique an approach, the better chance to differentiate in the marketplace. Focus back on to what existing customers’ needs are and build out the solution from there.
TIP #6: Consider an Acquisition/Merger
If access to capital exists with a management team at the ready and the vision to make it happen, there may be an opportunity to acquire a cybersecurity firm to quickly get to market. The M&A market is on fire with acquisitions of cybersecurity firms. Many of these buyers are even coming from outside the traditional space and include the likes of accounting, consulting and law firms — some regional powerhouses, others national and global leaders. The market is primed and many providers have used an acquisition as a quick way to entire the space successfully.
TIP #7: Get Legal Agreements in Place
It might seem obvious, but it’s not always properly prioritized. Having a proper managed service agreement in place with customers is vitally important. Beyond the terms and conditions needing to include appropriate protections, a properly designed agreement will help ensure hard-earned recurring revenue will be valued at top dollar if and when an acquisition event occurs.
TIP #8: Segment Cybersecurity Recurring Revenue
Track and monitor the cybersecurity recurring revenue segment separately from the rest of managed service offerings, if they exist. Doing so enables an organization to see sales trends, track margin and monitor churn specifically for the new cybersecurity revenue stream. While it’s possible to try to track and monitor this using standard spreadsheets, there are great software tools available that will help streamline and provide critical KPIs needed to drive success. Getting them in place early will be a huge help.
TIP #9: Walk the Walk
Anyone offering cybersecurity must first get their own organization’s cybersecurity into top-notch shape before going to market as a provider. MSP and MSSPs are prime targets for attackers for many reasons, including the fact many of them have remote access to customers’ networks. Recently there have been many reported incidents of MSPs being the pivot point for successful attacks at their customers’ sites.
The FBI has been actively sending notification out to providers explaining the importance of hardening their cybersecurity to protect themselves and their customers against these attacks. Cybersecurity is not an option anymore, especially if offering those services. That’s why it’s critical to get an ongoing cybersecurity program in place and make it a priority to regularly assess and improve.
TIP #10: Pivot Quickly and Often
Out of the gate a new cybersecurity program and offering is probably not going to be perfect. It’s so important to monitor things closely at the start and be willing to adjust quickly. This might include pricing adjustments, slight changes to solution offerings and/or finding new target markets. Successful providers identify ways to obtain honest feedback from prospects and customers, then pivot quickly, iterate, and improve.
Rob Simopoulos is Co-Founder of Defendify, a cybersecurity platform provider. Email him at [email protected].
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.