Archives For end-node

Adding Security to Managed IT

Security is the most important part of your managed program.

Last Thursday I spoke to resellers in Atlanta, sponsored by Check Point Software.  This all day event included several important updates for resellers on what to consider in your managed program.  Keeping patches up-to-date and backing up data is important, but just about any reseller can do this.

What Small and Medium Size Businesses are Missing is the Ability to Detect Security Issues  

Following my session, was an excellent overview on how Check Point manages security at the end node. Small businesses are not going to stop their people from using their own phones and tablets for work (BYOD).  So how will these companies stop all the mobile device malware coming out?  This is a perfect role for the future SMB MSSP.  Can your company detect when a mobile device has been compromised? Are you able to help your clients make sure unauthorized users are not connecting to their wireless network? What about monitoring their IPS or correlating their events and providing reporting to show attacks you are blocking?  It’s all about intelligence. Helping small businesses (the businesses most targeted by today’s hackers) detect when someone is trying to access their data, and then responding to stop it.

It’s Not Just Technology – Marketing Science I Needed

In my session I showed how resellers should market and sell this. Not all business owners immediately see the need. As an example, the event I did last week in Richmond had over 30 attendees – every attendee (with the exception on one person who left early) signed up for an assessment provided by the hosting reseller. But I can tell you, not all of these attendees thought they had a need when we started the meeting. It was only after they heard the message.

This is the place to start.  These attendees where business level people, interested in keeping their businesses safe and growing. Assuming they are pretty safe, their focus is on profit and growth.

They may not all need more security, but the assessment process we are using is designed to uncover urgent issues such as compromised end nodes. If we don’t find problems, they should just keep checking. But we almost always do.

I spoke with one reseller yesterday who performs several assessments every month. While just about every assessment shows urgent issues, his assessment-to-project conversion is only about 15% (Which is average for our industry). Something is wrong here. If all of the assessments reveal urgent issues, why is the conversion rate so low?  It’s the assessment process. It’s designed to uncover vulnerabilities, but not designed to convert clients.

In my session I reviewed how to move business people from thinking they are fine, to understanding the truth about security. From there, we talked about how to assess and convert, to help businesses take the right actions to keep their data secure. Once things are under control, the MSSP offering should be designed to maintain an acceptable level of risk.

Providing this to your customers will make you one of their most important strategic partners.

© 2015, David Stelzl

P.S. if you’re interested in selling more security, consider the Security Sales Mastery Program – contact us to see if your company is eligible for training sponsored by Check Point Software, or one of several other well known security manufacturers.

Advertisements

Don’t ignore security if you work in the SMB market…I continue to see smaller resellers focusing on managed services, but neglecting the security side of this program.  Don’t do it.  Managed services contracts justified on security remain the most stable contracts for long-term recurring revenue.

In this attached article, Cyber Thieves Hit Owners (From the Wall Street Journal), the writer shows how small businesses are often held responsible for financial losses caused by hackers…in other words, while you as an individual can usually recover by placing blame on the bank, it is only on some recent cases that the bank was held responsible for small business losses.  While the writer takes the positive side, seeing a trend to help small business, we are not there yet.

Every project should incorporate security, and every reseller should assume their SMB clients are clueless about security.  That’s just the way it is, and this article says exactly that.  Consider these sound bites from the link above:

  • “The proportion of those attacks that were explicitly focused on small business rose to more than 30%, compared with 18% at the end of December 2011, according to its findings.”
  • “In the first half of 2012, the total number of targeted attacks on organizations rose to an average of 151 a day during May and June.”

Make sure you have security built into your discovery process – look for weak end-node security, poorly configured firewalls, unstructured data outside the firewall, unsecured web applications, and personal devices full of sensitive data (such as Smart phones lacking passwords and encryption).

© 2012, David Stelzl