Written by Dave Stelzl CISSP

Downtime Is A Security Issue – It’s Also a Risk Sale Opportunity

stock exchangeUptime – Something Every Client Needs

The New York Stock Exchange was down this week!  How many people lost money, or at least lost sleep over this?

United Airlines had 1400 delayed fights and 76 cancelation in just one hour this week – all due to down time.

Remember the old phone system? It was always up. Now that everything runs on networks and Microsoft, 5 – Nines uptime is hard to achieve. We have more functionality, but less reliability. Yet we have become far more dependent on these systems.  Everything is on the computer – including my alarm clock, and my personal trainer.

Downtime is a security issue.

The ISC2.ORG common body of knowledge includes three pillars in their CISSP training programs.

  • Confidentiality
  • Integrity
  • Availability

You can remember that by remembering the CIA…which has a “security” ring to it.  Some things need to be right (integrity), but don’t need to be confidential. For instance, the prices on Amazon.com.  If a hacker up’d Amazon’s prices by 20%, they would starting losing sales.  The integrity of those prices is critical. Uptime is also critical. If I go to buy something on Amazon, and the system is down, I’ll probably look for another place to buy.  If your client needs any one of these three – it’s security.

MSP is Security, If You Sell It That Way

Most managed services offerings provide some level of monitoring, with the promise of detecting problems before they result in downtime or data loss. This service is becoming more and more of a commodity. Just about every reseller I know has an offering, and they all sound pretty much the same.

The difference is coming down to price. 

The root of this price problem is in how the proposal was originally sold. If it was sold as a more cost effective way to keep systems up and running, the client is already thinking about cost savings and price. If a cheaper solution comes along, it would seem right to move to it.  After all, they signed your contract to save money. Why not look for ways to save more?

But if your contract was sold to mitigate risk – some impending threat, justification was built on stopping that threat. The key to keeping the first contract is keeping your price below the competition’s. The key to keeping the second contract is keeping the client focused on the threats you are stopping.  The more you can show that, without you there would be problems with one of the C-I-A pillars, the more likely they’ll stick with you.

Stop selling the commodity offering based on price, and start thinking about MSP as part of the operational security equation. From there, start thinking about the rest of the C-I-A puzzle. What other risks are your clients facing, and what is the likelihood they’ll encounter big problems if not well protected?

© 2015, David Stelzl

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s