MSP Community Blog
The ASCII Blog highlights articles featuring MSP members from our community as well as ASCII staff
Why MSPs should stop selling security
Trying to convince SMB clients they need cybersecurity services can be a fruitless endeavor. Net Sciences president Joshua Liberman explains how he changed his approach.
I’ve been amazed for years by the failure of small businesses to feel the burn when it comes to securing their data, their networks and their future. The more time and effort I’d spend trying to reason with them and work with them to grasp the importance of cybersecurity, the less I got done. I couldn’t understand why I was failing so utterly.
It finally dawned upon me that clients and prospects alike suffered from the general miasma of “security fatigue,” brought on by the endless media reports of breaches, hacks and intrusions. They couldn’t process any more information about security. After all, if you believe the situation is hopeless, why bother to do anything at all?
I decided it was time to stop selling security and change approaches.
Selling the invisible
As IT service providers, most of us think we sell abstract concepts and provision complex, highly technical products and services to deliver on those concepts. But our clients don’t buy those products and services. They buy our expertise.
Clients believe in our ability to weave together and deliver IT solutions that safeguard their livelihood. Their faith in us and our teams is not based upon reason, and we are not selling them on facts and figures. We are selling trust.
If you turned the tables, you would recognize similarities in your own purchasing behavior. In evaluating professional services, we all must rely on trust to some extent — which is why referrals are so powerful.
Think of referrals as “referred trust.”
The usual approach to selling security is to sow fear. While this tactic works to a point, it has lost some of its power. It is time to adopt a new way to reach those clients who have retreated into indecision and inaction. The new way of selling security offerings has little to do with selling security at all.
Why you should stop selling security now
When it comes right down to it, the only time we really sell a ‘box of security’ is when we install a firewall on a network. I am not saying there aren’t other security devices out there, or that we don’t use them (we do), but the firewall is the only device that most SMBs easily associate with security and — generally — know they must have in place. What about the rest of their security needs?
We sell our security services by hiding them inside other services. For example, our entry-level managed service offering, SilverCare, is not marketed as a security suite, despite being based entirely upon six different security services. Since the security services are underpinned by a remote monitoring and management platform with remote access, we can use security as the basis of our managed services offerings as well.
For example, our next level of services, cleverly called GoldCare, adds two more security services and remote support (Monday through Friday, 8 a.m. to 5 p.m.). Once again, we don’t sell GoldCare as a security offering, despite it providing a total of eight security services. The same goes for PlatinumCare, which adds 24×7, on-site support among other benefits, plus six more security services.
In the end, we almost never sell security services, any more than bakers sell sugar, flour or eggs. Security is baked into everything we provide. What we do sell is business continuity, data protection, productivity, connectivity and other solutions to business problems. And we provide each of these in a truly secure way.
We don’t sell security. Security sells itself.
About the author: Joshua Liberman is president of Net Sciences Inc., a managed service provider based in Albuquerque, N.M. Liberman is also a member of The ASCII Group Inc., a North American association of more than 1,300 MSPs, solution providers and systems integrators.
Reprinted with permission, courtesy TechTarget