There’s no denying the fact that selling managed security services can be hard. But it’s also critical if you want to run a successful MSP business that includes security offerings.
Below, we walk through common challenges that MSPs face in selling this type of service, then identify solutions.
(You might also want to read our Providing Managed Security Guide for a better understanding of the concept of managed security services.)
When selling managed security services, you may face the following types of challenges:
You may think that you can’t control your customers’ outlook. And to a degree, that’s true. But there are several steps you can take to make the value of managed security services clearer and to emphasize to your prospects why managed security will benefit them.
These days, the typical MSP customer or prospect knows that cybersecurity is an issue. But because news stories about cyber threats tend to focus only on breaches at large enterprises, some companies may think that the risks don’t apply to the SMB space. Or, they believe that none of the data they store is important enough to attract attackers.
You can help dispel these notions -- and make the importance of managed security services clearer -- by educating your customers and prospects about real-world cybersecurity threats that affect businesses like theirs. Use statistics about cyberattacks in their industry, and explain the specific risks that impact the types of systems or applications they use. This approach will drive home how cyber threats matter to their particular business.
Further reading 17 MSP Statistics to Show the Value of Managed Services
If you have offered managed security services to another client for a period of time, you could prepare a case study that identifies how your services reduced the time and money that the client had to spend on in-house security operations or data about how the occurrence of breaches and attempted breaches decreased once you took over.
Security threats evolve constantly, and smart clients are looking for managed security service providers who are up-to-date on the latest vulnerabilities and tools. Make sure your customers and prospects know that you fit this bill and that you’re not simply going to set up outdated monitoring tools or protect against types of threats that are not the most common today.
You can do this, in part, through direct communication with clients. But you can also create blog posts, eBooks, videos, and other forms of media that discuss modern cyber threats as a way of showing off your expertise. These assets can be reused with multiple clients, making them valuable MSSP marketing tools. Promote them via social networks, LinkedIn, or Facebook, to get more traction with potential customers.
By the way, if you’re searching for information on the latest types of threats, sites like the following can be good places to look:
If like many MSPs and MSSPs you come from a technical background, your first instinct when pitching managed security services might be to talk about super-tools or polished processes. This, however, can be a turnoff for business decision-makers, who are usually more interested in learning about results, rather than technical jargon or flashy tools.
So, focus on making a business case, not a technical case. Resist the temptation to talk about buzzworthy security strategies like dynamic baselining and immutable infrastructure. Instead, talk in terms of reduced risk. Mentioning compliance requirements that are relevant for your prospects, and how your security strategies address them, will also help.
At the same time, it’s generally a best practice to avoid a fear-based approach to marketing your services. Typically, your prospect already realizes that the IT landscape is filled with threats. More negativity is not going to help them feel optimistic about the value you provide, and it may make them feel that you are criticizing their current operations. A better approach is to present yourself as a partner who can help strengthen their security posture even further. Mention the things they are currently doing well on the security front, and explain how you can add additional value (or allow them to achieve the same level of security without having to manage security operations themselves).
Cybersecurity is a complex discipline. There are many different types of security threats, processes, and tools, and they impact different industries or verticals in different ways.
For that reason, selling managed security services successfully requires you to bundle your services in ways that make sense for your clients and prospects. If all of their infrastructures are local rather than cloud-based, for example, avoid bundling cloud-focused security services into your offering. Doing so will make prospects feel that they would be paying for services they don’t need. Likewise, if you are dealing with an all-Windows shop, don’t include Linux or Unix-related security services or tools in your bundle.
Depending on how many verticals you serve, you may need to create multiple bundles, each tailored to the needs of different types of clients.
Further reading MSP Packages: How to Build Your Offer
MSSP sales don’t stop with signing a contract. Once you begin offering managed security services to a client, be sure to collect data about the effectiveness of your operations. Record information such as the number of breach attempts, the number of successful breaches, the amount of data exposed to the public Internet, how many user accounts you are protecting, and so on.
When it comes time to renew your contract -- or use your work with one client as a case study that helps you sell to others -- this data is highly useful for demonstrating the value of your services.
Selling managed security services can be hard work. But by deploying the right tools and strategies, and tailoring your approach to the individual needs of your prospective customers, you can help them understand the value of your services, and perceive you as a partner who will play a critical role in helping to meet their security and compliance needs.