Managed Security Has Become A Top Selling Point For Small Businesses
A few months ago, John Hill, CEO of Tech Sage Solutions, altered his pitch to potential new SMB customers. The San Antonio-based MSP quickly confirmed that leading the conversation with security was a winning strategy.
While attending The Channel Company's NexGen Cloud conference last week in Anaheim, Calif., Hill heard the same sentiment from many of his peers.
"The ones I talked to were saying, 'That's actually very effective and sets us up above the standard MSP,’" Hill told CRN.
[Related: Cryptojacking Now The Leading Cyber Crime, One Vendor Says]
Tech Sage Solutions, like those other MSPs who came to NexGen, have found that security has become a way to differentiate their practices with small customers—and an entry point for tapping new sources of revenue.
"The old traditional MSP-type of designation is kind of becoming commoditized, so you’ve got to do something that’s going to make you stand out a little bit," Hill said. "And I think security is a big component of that because a lot of traditional MSPs are not doing a big focus on security."
That security-focused approach has become effective because of rapidly increasing awareness in the SMB community of the cyber-threats they face.
Whereas small businesses once thought hackers only targeted large enterprises, many are learning—often from first-hand experience—that they are on the front lines.
"They used to seem to feel, ‘I'm small, nobody is going to think it's worthwhile to mess with me,’" Hill told CRN. "You tell them it's kind of the opposite—you're low-hanging fruit, they know you're not going to have much security as a business and it's going to be easy to break into you."
Vation Ventures, a Denver-based technology consultancy that advises many channel partners of large tech vendors, is seeing its clientele take a like-minded approach.
"Enterprise typically leads the trends, and then it gets pushed down to SMBs," Joe O'Callaghan, a partner at Vation Ventures, told CRN.
"It started with the big guys, the Sony hack and the Target debacle," O'Callaghan said.
With those high-profile intrusions, and subsequent firings of CEOs and board members, investments in security have increased dramatically among enterprises and SMBs. "They all want to cover their butts now," he said.
Target and Sony make the headlines, O'Callaghan said, "but the SMB gets attacked all day."
By now, almost all small companies have dealt with phishing scams, where an employee clicked on a link in an email they shouldn't have.
"It's just not headline news if a dentist office gets hit with some malware," O'Callaghan said.
That ramping awareness is why VARs and MSPs are starting to invest heavily in developing security practices geared to all sizes of customers. But MSPs addressing those concerns should recognize the selling motion is different for small businesses.
While enterprises are still interested in talking products, SMBs respond to conversations around services and solutions. They want outcomes, not vendors.
"What I've seen is a shift in VARs going from product-specific security practices to more service-related practices," O'Callaghan said. "The VARs that are taking it to the next level are now developing, and really should have developed over the last three years, security practices."
Mark Fielding, who advises partners for Vation Ventures, said the hard part for MSPs and VARs is identifying the emerging technologies that facilitate delivery of those services.
But solutions are emerging that are particularly geared toward the channel, as well as certain vertical sectors.
"That makes it a lot more relevant to smaller companies to look for something that's going to give them the edge," Fielding said.
Froogal, a master MSP based in Minneapolis, sees the channel shifting toward a security-focused conversation with SMBs. But too often the motivation is to capitalize on a buzz word.
Security is "the hot-button topic, so it's easy to sell, which is why they're leading with it," Froogal President Caleb Driscoll, who also attended NexGen Cloud, told CRN.
"But I don’t think small businesses have any idea what [security] means for them from a deliverables perspective. I don’t think most MSPs even know what that means as a deliverable," Driscoll said.
SMB perceptions of the threat landscape have, indeed, drastically changed of late.
"I think customers are becoming aware of it because it seems over the last couple months phishing is going crazy through small business. Everybody is getting phished. They're learning about security and the need for it from a different perspective," Driscoll said.
It's advantageous for MSPs to talk about those types of threats with potential customers.
"But we also find it can hurt them if they go in to talk about it just to talk about it, but they don’t know what they're talking about," Driscoll said. "They'll quickly paint themselves into a corner they can't talk themselves out of."
In the past, small offices thought of security as simply preventing a virus. "Beyond that, there wasn't this discussion about user and identity protection for multiple software applications and platforms in the cloud like there is now."
What MSPs need to offer is a comprehensive set of managed solutions. Those should include endpoint protection, firewalls, DNS protection, threat intelligence and even dark web scans.
And most of all, Driscoll said, they must address the biggest gap from a security perspective—the human being.
Froogal advises MSPs to help raise awareness among employees of their SMB customers and train them to follow best security practices.
Hill said it's the ability of Tech Sage Solutions to offer those kinds of solutions that has won customers away from their long-standing IT service providers. Those customers' direct experiences, and the inadequacy of their previous providers responses, often trigger competitive defection.
"When we start that security discussion they say, 'We did get hit by ransomware a few months ago and it was a mess,’” Hill told CRN.
While there's more awareness of the need for top-notch security, small businesses typically don’t know what that entails, Hill said. Many don't have an advanced firewall and are using a free version of anti-virus software.
Tech Sage introduces to those suddenly security-conscious businesses a line card of simple products—a next-gen firewall, advanced endpoint protection, backup and disaster recovery, DNS filtering, threat intelligence—that can deliver true protection at a reasonable price.
Then the company can come in with its traditional managed services offering that has managed security as a component, he said.
That approach "seems to work really well," Hill told CRN. "It seems to have a lot more traction and credibility then just saying you want to support them and fix their computers."