Managed Security: The Mary Poppins Method
Written by: Charles Weaver, CEO of MSPAlliance
There are a lot of opposing ideas concerning the issue of whether MSPs should be offering manage security solutions to clients. I’m sure those of you reading this article will also have your opinions, one way or the other.
But, I would like to offer a perhaps unique perspective on the topic of managed security and attempt to reconcile some of the differing opinions circulating within the profession.
First, I would like us all to acknowledge that the terms and definitions legacy MSPs have used for several decades have mutated in the last few years. I am speaking specifically about the use of cybersecurity as a new term not previously used amongst MSPs before 2015.
Up until that time, MSPs were mostly offering managed security to clients through the following solutions: management of firewalls, anti-virus, and anti-spam. Sometimes these offerings were labeled “managed security,” and sometimes they were not. The point is, security has always been a component of what an MSP provides to customers. We may not have called it “managed security.”
Clients Opting Out of Managed Security
One thing that has changed over the years is the perception and understanding of the client concerning issues and threats related to cybersecurity. Clients know cybercriminals are targeting them. In the early 2000s, I would wager more clients dismissed the idea that they had anything of value for a cyber-criminal. As such, most clients dismissed the advice given to them by their MSPs.
Today, cyber threats are well known, and the preventative measures MSPs can help put into place are also known. However, you still have clients who refuse to implement cybersecurity measures, whether it is stubbornness, lack of budget, or lack of other resources. And that leads us to the technique I think all MSPs should be switching to, something I call the “Mary Poppins technique.”
Mary Poppins Technique
In the movie Mary Poppins, the famous nanny gave the children something sweet to help them tolerate the medicine they were being asked to swallow. That same technique can work effectively for clients and cybersecurity. If your clients don’t like the taste of the medicine, add a spoonful of sugar, and it will help. What does this mean, exactly?
I think it is time to begin embedding the security into your primary managed services offerings. Whether you call it managed security or not, it should not be an optional offering the client can refuse. Make it sweet, hide the medicine in the other services the clients do want, and force them to participate int he positive cyber hygiene all organizations should be practicing today.
I’m not suggesting that you “hide” services or actions from your client. Instead, I am saying you should embed those security solutions you believe are critical to proper cyber hygiene and make them part of what you offer. If you have to charge more, then charge more. If the client says they already get those services from someone else, that’s fine; make them prove it to you so you can feel confident they are truly protected.
The time has come for MSPs to stop giving clients the option to forego managed security. Every client should be protected by an IT department (either internal or external by an MSP). If the client is not protected against cybersecurity threats, why would you want to take them on as a client?
Try the Mary Poppins method out and see if it works. If this is what you’re doing now, I’d love to hear from you.