{"id":11076,"date":"2015-01-28T13:41:11","date_gmt":"2015-01-28T18:41:11","guid":{"rendered":"http:\/\/www.enxmag.com\/twii\/?p=11076"},"modified":"2015-02-06T13:04:57","modified_gmt":"2015-02-06T18:04:57","slug":"the-role-of-the-msp-as-security-educator","status":"publish","type":"post","link":"https:\/\/www.enxmag.com\/twii\/managed-services\/2015\/01\/the-role-of-the-msp-as-security-educator\/","title":{"rendered":"The Role of the MSP as Security Educator"},"content":{"rendered":"<div id=\"attachment_7426\" style=\"width: 130px\" class=\"wp-caption alignleft\"><img aria-describedby=\"caption-attachment-7426\" loading=\"lazy\" class=\"size-full wp-image-7426\" src=\"http:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2014\/09\/Sobel_Dave_sm.jpg\" alt=\"Dave Sobel\" width=\"120\" height=\"179\" \/><p id=\"caption-attachment-7426\" class=\"wp-caption-text\">Dave Sobel<\/p><\/div>\n<p>he lack of a comprehensive IT department equipped to implement security protocols and keep employees up-to-date on the latest threats is common among many MSP (Managed Service Provider) customers. As a result, many breaches occur because an employee clicked on an infected link, or didn\u2019t understand security risks and best practices. Inevitably, MSPs now find themselves in the security business, which raises questions around the responsibility of MSPs to create awareness and provide education around security best practices to their customers.<\/p>\n<p>To better understand how MSPs can add value to their Managed Services offerings with security, I spoke with Dave Sobel of LogicNow where he is MAXfocus\u2019s Director of Partner Community. (MAXfocus is a MSP platform with more than 10,000 monthly subscription customers in more than 100 countries.) Sobel is an expert at identifying the business opportunities and shared his thoughts on how MSPs can turn security into a recurring revenue stream, including leveraging their role as a security educator.<\/p>\n<p><em>Is Managed Security something from a channel perspective that MSPs and dealers getting into Managed Services should be looking at as a way to make money among their menu of services?<\/em><\/p>\n<p><strong>Sobel: <\/strong>The answer is definitely yes. Managed security is a big opportunity. Thinking of this from a 2015 perspective, it\u2019s a big deal. Whenever I talk about security I always start with a reminder, security is not a checkbox that you buy. I can\u2019t sell you a SKU that automatically makes you secure. I wish I can bundle it up as a product and sell it to everybody, but it doesn\u2019t work that way. It is a service because it is not only an initial set of workflows, but ongoing maintenance around that. And it\u2019s done as an ongoing risk management and process management exercise.<\/p>\n<p>For example, a lot of the things we look at from a security perspective. From a SMB and MSP perspective, there are a lot of different ways to go about this and small businesses need to combine a couple of different things. Combining malware management with proper patch management and perimeter security like e-mail, with managing users to make sure they\u2019re using things like Web protection and not going to [questionable] Websites. Couple those technical services with the ability to provide policy management and help customers make sure they have \u2018use\u2019 policies for all the various technologies\u2014all of those different pieces combined are managed security.<\/p>\n<p><em>So you view security as a separate offering?<\/em><\/p>\n<p><strong>Sobel:<\/strong> You <em>can<\/em> sell it as an independent offering, but it works well rolled into the overall infrastructure offering and managing all the components of an environment. We also offer user support and all of the other components that go into running a network, and security is also covered with disaster recovery and backup management both onsite and onto the cloud.<\/p>\n<p><em>Are small businesses in tune with this, meaning do they understand they need to think about security and it\u2019s something they should be spending money on?<\/em><\/p>\n<p><strong>Sobel:<\/strong> They do, especially the more you start talking about compliance issues and legal requirements. If they take credit cards, at a minimum users should be PCI compliant. My advice is to make it practical to your customers. It\u2019s not going in and saying \u2018I\u2019m going to make everything secure.\u2019 Talk about why it affects their business and what you need to do that\u2019s relevant to them for their markets.<\/p>\n<p><em>As far as educating the channel, how do you do that as far as getting them to understand what to look for and how to best present managed security?<\/em><\/p>\n<p><strong>Sobel:<\/strong> We do that in different ways. We have a set of products that can help them do that. More importantly, we help by making sure they understand how to put it all together into an actual service. We offer online education, including videos and white papers. We also provide training at our conferences. We visit other communities we\u2019re involved with like CompTIA and their security community. There\u2019s lots of different ways we bundle this all together to make sure we\u2019re providing the education to help these guys understand exactly how to take it to market.<\/p>\n<p><em>When you were referring to products earlier, can you give me a couple of examples of what you meant by that in this context?<\/em><\/p>\n<p><strong>Sobel:<\/strong> We have various software solutions that when combined do a nice job of delivering what an SMB needs for managed security. Remote management, patch management, MaxMail for mail security, and a Web protection utility built into MAXRM.<\/p>\n<p><em>From a channel perspective on the education side, do you need to be proactive about educating your MSP customers or are they coming to you, especially since education is essential for them to be successful at selling managed security?<\/em><em>\u00a0<\/em><\/p>\n<p><strong>Sobel:<\/strong> \u00a0We do this as required as part of our obligation to deliver the software. Some solutions providers, the best in class guys, it comes naturally to them and it comes to them quickly; others need more hand holding, so we invest heavily to make sure they have the resources to do that, including having a security expert like Ian on our team.<\/p>\n<p><em>Is that something that sets you apart from your competitors?<\/em><\/p>\n<p><strong>Sobel:<\/strong> I think so and that\u2019s one of the reasons I work at MAXfocus. I was a former Managed Services provider for about 10 years and ran my own firm in DC. Everyone on my community team has a channel background. We have a team of four customer-based people who have nearly 60 years of combined experience in the channel.<\/p>\n<p><em>Is there anything that you know now from a security standpoint since joining MAXfocus that you wish you knew back when you were an MSP?<\/em><\/p>\n<p><strong>Sobel:<\/strong> The fact that there are so many tools that can be combined into a service. The piece that\u2019s most obvious to me now is the real value of the scale of integration, having everything integrated into a single platform. That has compelling value. When I first started offering Managed Services about 15 years ago it took a lot of work to combine this all together and a lot of product components that the MSP had to do. Now it\u2019s straightforward to put this all together and offer a compelling service. The other thing that\u2019s interesting is there\u2019s been so much thought and investment going on in security, particularly when you combine what we\u2019re doing from an education perspective with resources like CompTIA. As solutions providers become educated, it\u2019s just a small investment of time on their part.<\/p>\n<p><em>Are there certain questions that MSPs need to be prepared to answer when they\u2019re out there marketing your products?<\/em><\/p>\n<p><strong>Sobel:<\/strong> Number one is measuring business outcomes. That more than anything is the area where you need to be prepared. Your customers are going to want to measure success based on business outcomes more than technical delivery.<\/p>\n<p><em>How do you prepare yourself to answer that question?<\/em><\/p>\n<p><strong>Sobel:<\/strong> By measuring things like downtime and showing what the downtime costs the business and where the cost of downtime can be mitigated, as well as helping them understand the end customer\u2019s business and cost of operation and security, and helping maintain that.<\/p>\n<p><em>Anything above and beyond that someone from the channel should be prepared to answer?<\/em><\/p>\n<p><strong>Sobel: <\/strong>The other area is making it relate to the end customers\u2019 market. If you\u2019re focusing on medical, financial, manufacturing, or retail, understand what those customers\u2019 specific business needs are and apply the technology to that. For example, understanding the difference between PCI compliance and HIPPA compliance. The good news is that vendors like MAXfocus have invested in resources to make sure that a solutions provider is well educated.<\/p>\n<p><em>As far as your existing partners are there certain areas where you see them consistently falter and where there is room for improvement?<\/em><\/p>\n<p><strong>Sobel: <\/strong>The best solutions providers are the ones that master the ability to understand the cost of delivery and base their models around that. One of the areas we\u2019re working to help our solutions providers across the board on is understanding what it takes for them to deliver a particular service. How are they making money?<\/p>\n<p><em>Why do you think it\u2019s difficult for some of them to figure that out?<\/em><\/p>\n<p><strong>Sobel: <\/strong>Many solutions providers come from a technical background and the business skills come as they\u2019ve grown their business. That\u2019s one of the areas we\u2019ve invested in by building a Community Team to help on the business side of things.<\/p>\n<p><em>What other ways are you helping them grow that we haven\u2019t discussed in our conversation so far?<\/em><\/p>\n<p><strong>Sobel:<\/strong> We\u2019ve been putting a lot of time and effort into white papers and sales playbooks, which are strategies for sales engagement that solutions providers can take and help bundle solutions. We\u2019ve got one coming out around Managed Security for example that takes a lot of the things we\u2019ve been doing from a security perspective and helps them bundle it together in a service. We show them how to sell that service and position it, how to overcome objections, and what the market is looking for.<\/p>\n<p><em>If I were a Managed Services provider reading this, I\u2019d get serious about security if I wasn\u2019t already.\u00a0<\/em><\/p>\n<p><strong>Sobel:<\/strong> Managed security opens up a lot of doors for a solutions provider to continue to position themselves as the outsourced CIO. There\u2019s angles around being the compliance officer, there\u2019s angles around helping them manage their business needs, and I would be continually elevating my conversation because we\u2019re the best solutions providers. That\u2019s what the data tells me. I implore everyone to look at Managed Security from the position of how can I become the CIO, how can I be the chief compliance officer, how can I help with these business challenges, and how can I use technology to deliver them?<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><em>\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>he lack of a comprehensive IT department equipped to implement security protocols and keep employees up-to-date on the latest threats is common among many MSP (Managed Service Provider) customers. As a result, many breaches occur because an employee clicked on an infected link, or didn\u2019t understand security risks and best practices. Inevitably, MSPs now find themselves in the security business, which raises questions around the responsibility of MSPs to create awareness and provide education around security best practices to their customers. To better understand how MSPs can add value to their Managed Services offerings with security, I spoke with Dave Sobel of LogicNow where he is MAXfocus\u2019s Director of Partner Community. (MAXfocus is a MSP platform with more than 10,000 monthly subscription customers in more than 100 countries.) Sobel is an expert at identifying the business opportunities and shared his thoughts on how MSPs can turn security into a recurring revenue stream, including leveraging their role as a security educator. Is Managed Security something from a channel perspective that MSPs and dealers getting into Managed Services should be looking at as a way to make money among their menu of services? Sobel: The answer is definitely yes. Managed security is a big opportunity. Thinking of this from a 2015 perspective, it\u2019s a big deal. Whenever I talk about security I always start with a reminder, security is not a checkbox that you buy. I can\u2019t sell you a SKU that automatically makes you secure. I wish I can bundle it up as a product and sell it to everybody, but it doesn\u2019t work that way. It is a service because it is not only an initial set of workflows, but ongoing maintenance around that. And it\u2019s done as an ongoing risk management and process management exercise. For example, a lot of the things we look at from a security perspective. From a SMB and MSP perspective, there are a lot of different ways to go about this and small businesses need to combine a couple of different things. Combining malware management with proper patch management and perimeter security like e-mail, with managing users to make sure they\u2019re using things like Web protection and not going to [questionable] Websites. Couple those technical services with the ability to provide policy management and help customers make sure they have \u2018use\u2019 policies for all the various technologies\u2014all of those different pieces combined are managed security. So you view security as a separate offering? Sobel: You can sell it as an independent offering, but it works well rolled into the overall infrastructure offering and managing all the components of an environment. We also offer user support and all of the other components that go into running a network, and security is also covered with disaster recovery and backup management both onsite and onto the cloud. Are small businesses in tune with this, meaning do they understand they need to think about security and it\u2019s something they should be spending money on? Sobel: They do, especially the more you start talking about compliance issues and legal requirements. If they take credit cards, at a minimum users should be PCI compliant. My advice is to make it practical to your customers. It\u2019s not going in and saying \u2018I\u2019m going to make everything secure.\u2019 Talk about why it affects their business and what you need to do that\u2019s relevant to them for their markets. As far as educating the channel, how do you do that as far as getting them to understand what to look for and how to best present managed security? Sobel: We do that in different ways. We have a set of products that can help them do that. More importantly, we help by making sure they understand how to put it all together into an actual service. We offer online education, including videos and white papers. We also provide training at our conferences. We visit other communities we\u2019re involved with like CompTIA and their security community. There\u2019s lots of different ways we bundle this all together to make sure we\u2019re providing the education to help these guys understand exactly how to take it to market. When you were referring to products earlier, can you give me a couple of examples of what you meant by that in this context? Sobel: We have various software solutions that when combined do a nice job of delivering what an SMB needs for managed security. Remote management, patch management, MaxMail for mail security, and a Web protection utility built into MAXRM. From a channel perspective on the education side, do you need to be proactive about educating your MSP customers or are they coming to you, especially since education is essential for them to be successful at selling managed security?\u00a0 Sobel: \u00a0We do this as required as part of our obligation to deliver the software. Some solutions providers, the best in class guys, it comes naturally to them and it comes to them quickly; others need more hand holding, so we invest heavily to make sure they have the resources to do that, including having a security expert like Ian on our team. Is that something that sets you apart from your competitors? Sobel: I think so and that\u2019s one of the reasons I work at MAXfocus. I was a former Managed Services provider for about 10 years and ran my own firm in DC. Everyone on my community team has a channel background. We have a team of four customer-based people who have nearly 60 years of combined experience in the channel. Is there anything that you know now from a security standpoint since joining MAXfocus that you wish you knew back when you were an MSP? Sobel: The fact that there are so many tools that can be combined into a service. The piece that\u2019s most obvious to me now is the real value of the scale of integration, having everything integrated into a single platform. That has compelling value. When I first started offering Managed [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[237],"tags":[1805,2066,2411,1900],"_links":{"self":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/11076"}],"collection":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/comments?post=11076"}],"version-history":[{"count":3,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/11076\/revisions"}],"predecessor-version":[{"id":11259,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/11076\/revisions\/11259"}],"wp:attachment":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media?parent=11076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/categories?post=11076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/tags?post=11076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}