By Terry Cole, Founder, Cole Informatics
For fellow MSPs, the technology solutions we choose to provide are the lifeblood of our business. Selecting the correct ones is often a make-or-break proposition, and this is perhaps particularly true when it comes to ensuring client data is secured as part of the service offering.
MSPs vetting new data security solution additions to their managed services repertoire would do well to ask themselves these three questions.
- Is the security solution advantageously aligned to the MSP service model?
This is, in my opinion, the biggest factor in your selection: will it perform in a manner that satisfies the client and continues to win their business over the long term? With data security offerings, the more seamlessly and transparently an MSP can deliver the solution, the better. Clients want security so effective and simple they can forget about it. At the same time, MSPs should prefer technologies that avoid unnecessary client involvement and the overhead that comes with it. Any solution requiring end user training or assistance runs counter to most MSPs’ business models.
For these reasons, data security solutions that are remotely managed through the cloud are preferable. Beachhead’s SimplySecure is an example of such a cloud-based option with which our MSP is familiar. With remotely managed solutions, data stored on computers and devices can be overseen and security measures can be enacted without a clients’ employees even noticing or needing to take action.
The two main alternatives to cloud-based approaches both carry disadvantages when it comes to achieving these objectives. Server-based, on-premises security solutions, by their nature, require an employee or MSP technician to perform security operations locally — a far more cumbersome position for both the client and the MSP. Solutions that utilize pre-boot password protection on computers and devices suffer from the same limitations. They require either an on-site technician, or for the hardware to be shipped in the mail whenever any maintenance, upgrading, or troubleshooting is necessary.
Each of these approaches also requires some degree of end user education in order to train employees to operate these security interfaces. (Ongoing end user support is usually required as well.) In comparison, cloud-based remote management offers both MSPs and clients a superior experience that is generally mitigates these issues.
- Will the security solution provide closer engagement with my customers?
An MSP must understand the ins and outs of not just the tools and technology it provides, but also the industry and the context in which those solutions operate. When it comes to protecting sensitive data across client devices, this means becoming knowledgeable about the specific compliance requirements those clients must work within, whether it’s HIPAA in the healthcare industry, FINRA in the financial sector, ALTA in the real estate insurance business, or any other industry-specific regulations.
MSPs can better engage with clients by concentrating on building trust and positioning themselves as knowledgeable thought leaders able to address the industry-specific issues affecting the clients they serve. Those MSPs who invest the effort to add a consultative aspect to the data security services they provide will outshine others that simply slap together the cheapest possible offerings. After all, many of the standard security features (firewall, anti-virus, etc.) are commoditized anyway, with no room for differentiation.
The security solutions an MSP adds to its portfolio should demonstrate and reinforce the MSP’s expertise and commitment to meeting clients’ needs. For instance, where FINRA requires encrypting personal financial data, the MSP should present solutions and services that are knowingly constructed to meet FINRA’s stringent requirements. In another interesting example of compliance regulations in the healthcare industry, HIPAA actually requires any MSP working for a HIPAA-covered client must enter into a legally binding Business Associate Agreement (BAA). HIPAA also requires the MSP must comply with the same safe data security practices as the client, and that it’s actually the client’s duty to make sure that this is the case. This is a situation where an MSP has the opportunity to show its knowledge of the law and provide a service package built to fulfill needs the client may not have even been aware of otherwise (and in our experience, most are not aware).
- Will the security solution increase my margins?
By taking a proactive lead in addressing various (and often industry-specific) data security requirements, an MSP can distinguish itself in the marketplace — and offering security technology solutions to match is an essential part of this. In the end, MSPs are really competing for clients not just on price but also on confidence, and the right solutions are key elements in building that trust.
It’s my belief that when an MSP’s security offerings differentiate it in areas beyond price, its margins will benefit. Demonstrating technical competencies above and beyond that of the standard competitor leads to a shift in clients’ decision making, so that MSPs are no longer compared simply on a basis of cost, but on the expertise and ability to address specific customer needs that they offer. On that measure, the MSP with the better solution and service comes out favorably.
By selecting a data security technology strategy that enhances customer engagement, increases business margins, and develops client relationships by delivering value and appealing to their needs, an MSP is much better equipped to grow its reputation as an expert provider of quality services and achieve its goals in the marketplace.
Terry Cole is the Founder of Cole Informatics, an IT and business telephone professional services and support company in West and Middle Tennessee.