This solution selling guide is for managed service providers (MSPs) interested in providing IT security services for their client organizations. Small to medium-sized businesses (SMBs) are increasingly in the crosshairs of cyber attacks and data breaches, highlighting the need to better protect themselves. A common approach is to outsource IT security to MSPs using that are using comprehensive, reliable solutions.
Translating Security Challenges Into Service Opportunities
IT security is a massive industry overrun with “best practices” for how to protect a network. This often leads to confusion, frustration, and significant unrequited costs if the possibilities aren’t proactively evaluated. Many smaller organizations don’t have enough time to do full evaluations and often just give up trying to implement IT security altogether. For MSPs, IT security represents a massive opportunity to offer value-add services and grow their customer base.
In order to sell IT security to small to mid-sized businesses (SMBs), the solutions offered need to be practical and cost-effective. SMB owners aren’t budgeting to try out the latest gadgets. Rather, they’re looking for guarantees of protection from data breaches, compliance fines, and of course, the reputational damage to their business that often follows.
According to CompTIA’s survey of 650 SMBs, 35% of participants said cybersecurity is a leading area they need help with. Why? The average organizational cost of a cyber attack has been estimated to be around $3 million — enough to sink 60% of small businesses within 6 months.
Small businesses realize they need to protect themselves with stronger security and are outsourcing their IT as a practical defense strategy. However, actually winning their business as an MSP means delivering competitive services and providing strategic IT advice for overcoming growth roadblocks.
Core Strategy for Positioning IT Security
When considering a core strategy to sell IT security to SMBs, it’s critical to start with some foundational values. MSPs should consider building their IT security services around these four core pillars:
Identities are the #1 Target
The easiest path for attackers or bad actors to access confidential data is by identity theft. Once a hacker knows their victim’s credentials, they can bypass virtually all security and steal confidential data. In 2018, 80% of all data breaches involved stolen credentials.
Layered Approaches are Powerful
Each layer of IT security should protect the critical data, applications, systems, and employees. Avoid leaving any area unmonitored and unprotected by implementing a consistent, layered approach.
Systems are the Gateway
Systems, aka laptops or workstations, are the conduit to everything users are doing online and within their organization. These systems and the users need to be protected to verify that the organization is secure as well. The concept that systems don’t matter anymore and that Mac® and Windows® laptops/desktops are just stale dumb terminals to browse from is far from the truth in modern organizations. Help change the conversation for the better, and your customers will see the benefit long term.
Security Training for Everybody
As the employees of SMBs are continually targeted, security has become a problem that’s bigger than your product stack. Beyond implementing layers of security solutions, it’s also critical that each client’s end users are educated and thoroughly trained. Simple mistakes, like not recognizing a phishing email, can have serious consequences.
Creating a Client Security Service
With these foundational security tenets in mind, MSPs can build comprehensive programs to secure their clients’ IT environments and protect valuable data. Our advice is to use the values above to roll out IT security throughout the following layers of the IT infrastructure:
As we discussed above, protecting your employees’ and your clients’ identities should be the primary focus. Ensure that users are leveraging strong, complex passwords with multi-factor authentication (MFA or 2FA) wherever possible. In conjunction, MSPs should implement a core directory service to control user access to all the IT resources a client needs, and limit the possibility of identity sprawl.
All data should be encrypted at rest and secured when in transit. Hard drives can be secured via full disk encryption (FDE is a free utility on Windows and macOS). Thankfully, databases generally have encryption capabilities built-in and most web traffic these days is encrypted by default.
Lock down access to all applications and enable multi-factor authentication (MFA or 2FA) wherever possible. Single sign-on technology can help tightly control access to web applications, and the right directory service can help with legacy on-prem applications that often require LDAP. Adding MFA is important to implement on application access especially for Office 365™ and G Suite™ email accounts. MSPs can make a massive impact across the board by helping their clients secure access to their applications while providing end users with simple ways to leverage applications.
Don’t let compromised systems be the weak link. Go beyond offering just personal firewalls and anti-virus software. In addition to identity, data, and application security, focus on the systems: turn on screen saver lock, update the OS regularly, disable USB ports and guest accounts, and other security settings. None of these tasks has to cost an arm and a leg, nor do they take much time to implement. Use GPO-like policies whenever possible to handle group actions at scale.
WiFi networks are the norm, but as MSPs know, they are notoriously insecure. Lock down the network by turning on cloud RADIUS capabilities so a user’s credentials are required to access the network. Add VLAN segmentation to take security to the next level and ensure users gain access appropriately. Both of these areas are significant security improvements that can act as revenue streams for MSPs.
Finally, don’t forget about the opportunity to train your client’s end users. Leverage documentation, webinars, and even simple security tests via surveys or forms to help level-up the knowledge of your clients. A little extra effort here can go a long way.
The bottom line is that building an IT security practice and selling those services doesn’t need to be a taxing, monumental task. Layer a few core security values within a network defense to create sales opportunities and differentiate your business from other MSPs.
The JumpCloud® Directory-as-a-Service® platform can be a core piece in any IT security practice. As a cloud identity provider, JumpCloud’s solution is critical for protecting identities, controlling access to IT resources, managing Windows®, Mac®, and Linux® systems, encrypting data via FDE policies, and locking down the network with RADIUS services.
Overview of Selling IT Security Services
Use the following IT security service outline to create your own marketing emails, deliverables, social media campaigns, etc., and feel free to contact us for further co-marketing support.
Service: Directory Services
- Protect digital assets such as user information, credit cards, healthcare data, proprietary technology
- Avoid costly breach clean-up and reputational damage
- Comply with regulations and statutes
- Identities are the number one path to a compromise — protect them
- Security “basics” can have a much larger impact without tremendous cost
- Training end users to care about their online security is essential
- SMBs are as much a target, if not more, than large enterprises
Protect Your Business by Outsourcing IT Security to Experts
Move Forward with Our Partner Program
To learn more about how you can introduce your clients to the benefits of IT security and build effective security services, drop our Partner Support Team a note. We’d be happy to work with you on training, co-marketing campaigns, setup calls, or even conduct a joint webinar.
JumpCloud’s Partner Program empowers IT Service Providers with central identity management from the cloud. Fine-tuned for MSPs with cloud security offerings or clients transitioning to the cloud, Directory-as-a-Service can be easily bundled at the center of any product stack to make your business, and your clients’ businesses, as efficient and scalable as possible. Make Work Happen™ for your clients while improving the bottom line for your business.