Cracking Cybersecurity’s RMR Algorithm

As changes — more connectivity, more capabilities and more threat actors (nation-state, domestic and nondomestic profiteers, script kiddies and malicious insiders) — the opportunities for systems integrators to resell recurring monthly revenue (RMR) has never been greater.

It’s finally understood that not only government and public and private corporations are getting breached. Poorly manufactured products (lest we discuss Russia, backdoors, deep fake video and banned IP-based cameras from China) have made clients very leery to purchase wireless home automation and security systems, and many corporations have banned new technology deployments entirely until cybersecurity issues are resolved.

Greater consumer education was always needed to identify threats and exposures to your customers. Recent focus on cybersecurity and tech innovation — including public awareness — has finally reached a point in time where security systems integrators can make solid choices on a toolbox of services that can be provided to drive sales and RMR.

The question to be asked is … Are your customers willing to pay for cybersecurity? The answer is yes! Just ahead is a deeper look at this enormous opportunity along with guidance for integrators to align themselves with cyber-driven revenue streams.

Meeting Demand

Security integrators that do business with the government, especially the Department of Defense, are already aware of the new Cybersecurity Maturity Model Certification, or “CMMC.”

This mandate requires a third-party auditor to assess your company’s ability to protect confidential and unclassified information, otherwise known as “CUI.” If you are a security or alarm integrator, customers are willing to pay for cybersecurity.

According to Ken Kirschenbaum, principal of Kirschenbaum & Kirschenbaum and SSI columnist and Industry Hall of Famer, “Customers want to do business with integrators who install products that follow modern cybersecurity practices like secure encryption.”

Kirschenbaum has added language to all alarm contracts for K&K customers that states there is an additional fee that will be passed down and added to each account for providing encryption services for their clients.

He adds that soon customers will let you know that unless your company uses secure encryption in equipment that stores, processes or transmits data, and allow third-party cybersecurity review (monitoring and inspection that complies with industry guidelines), they won’t do business with your firm.

Kirschenbaum’s final word to the wise: Eventually, this isn’t going to be optional, so get onboard now.

Facing Challenges

Installing physical security equipment securely to meet industry cybersecurity best practices will not be as easy as you think. Ensuring that your company’s own IT systems supply chain and risk from third-party suppliers is evaluated is a key component to the process.

Ensuring that your equipment complies with cybersecurity guidelines is going to cost money. Fortunately, this is a cost you will be passing on to your subscribers that will insist on having cyber protection.

Before you get started it is important to remember that if you cannot demonstrate implemented cybersecurity protection within your company, it would be unwise to claim that you achieved that. This is because customers now also insist you can show them provable security that validates compliance from third-party auditors.

Vulnerability scanning is one of the most popular cybersecurity RMR services. Tools are available from reputed sources that will allow you to perform deep inspection of your customer’s home or business computer networks to identify and exploitable security gaps or holes in the system.

Cybersecurity Services to Offer

Most security and alarm integrators think that someone else is probably providing these services. Think again. While there are a lot of services available in the market for these types of services, you may be surprised that your customer has not had the time to evaluate and determine the value of these types of solutions.

It would be helpful to advertise and market RMR services to your clients to identify which services are of most value. Remember, you already have a trusted relationship with the customer, and you are not a cold-caller. Let’s take a closer look …

Vulnerability Scanning

One of the most popular cybersecurity RMR services is vulnerability scanning. Tools are available from reputed sources that will allow you to perform deep inspection of your customer’s home or business computer networks to identify any exploitable security gaps or holes in the system. This includes both wired and wireless network scanning.

The primary reason why your customers want third-party scanning is to check the system periodically for holes or gaps that would make them vulnerable to ransomware, data theft and data breach. Vulnerability scans are usually provided on a quarterly basis and are billed by the month based on the number of IP addresses and types of devices (hosts) on the network.

Data Backup and Restoration

Preventing the risk of lost and/or stolen data due to ransomware and catastrophic natural disasters is a key to business continuity and business resilience. Providing a data backup service (with additional services for restoration if needed) is a service that most of your customers can’t do without.

When you offer these types of services to your customers, you need to determine your service level agreement and the window of time that you are expected to restore the data. Many of these accounts are based on the importance of the data and its availability to the customer. As part of your agreement, you want to periodically test the data to ensure that the data being stored is recoverable and not corrupted.

Threat Intelligence

This is another popular type of RMR-generating cybersecurity service. Threat intelligence is providing your customer information on cybersecurity threats, which is mapped to the specific assets installed at your customer’s location. To provide this service you will need to develop a contractual relationship with a third-party service provider and collect and maintain the current IT assets into a database.

Threat intelligence requires you to have a person dedicated on a part- or fulltime basis to review various open source tools and data feeds that report on types of exploits that are used to attack and disrupt hardware, software, and peripheral components. It applies to edge, field, middleware and core devices with your customer’s network.

Threat intelligence services are billed monthly after a risk assessment is provided for the customer to identify the types of data that needs to be collected and reported. It is helpful to define a format and data structure of how you will send and transmit this data to your customers.

Limiting Your Liability

If you are considering adding cybersecurity services as part of your RMR business strategy, be careful to lay out the appropriate liability disclaimers that include dependencies of customer provided services such as Internet connectivity, network disruptions or other factors that are out of your control.

News of great service travels fast, news of poor service travels faster when you get started. It is very important that you carefully evaluate your solution offerings to make sure that you have reliable partners and staff to launch your cybersecurity RMR program.

Darnell Washington is President and CEO of SecureXperts. He can be reached at [email protected].

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

Snap One Security Market Director Excited About the Future of the Industry

NFID Foundation Aims to Establish Decentralized Identity in Security Industry

Artificial Intelligence Tops List of Policy Priorities at 2024 Security Hill Day

TCG and OST2 Partner to Deliver TPM Usage Training and Develop Cybersecurity Experts