How MSSPs Can Provide Differential Business Value for Customers
If managed security service providers (MSSPs) partner with the right cybersecurity vendor, they can provide their customers with enormous value that extends beyond traditional technical services.
By aligning their offerings properly, MSSPs can give their clients business-level service offers and insights that will be extremely valuable.
MSSPs should start by asking themselves these questions:
- “How do we add business value to the services we’re providing?”
- “How do we help customers use the metrics we’re providing them?”
- “What does this additional value mean to customers? And how can it enhance our relationship with them?”
Using SD-WAN to Generate Data
For an MSSP that uses an SD-WAN solution that allows data from applications to transverse locations, a lot of business intelligence can be gleaned along the journey. Some SD-WAN environments — like the ones that Fortinet products provide — allow data from applications to move through locations across the world. And in doing so, intelligence can be generated to answer key business questions for a CIO or CISO, like:
- How many customers do I have riding on my network?
- What’s the net growth of those number of customers?
- How often are they on my network?
- Which applications are driving the use of the network?
- Are they increasing their dwell time on my network?
- Is my experience on the network measuring the metrics that I’ve set?
- Is the response time what it’s supposed to be?
- Am I able to give my users an experience that meets what I believe are the aspirations of that service?
In short, this business intelligence can be used to track network growth, compile metrics, and better deliver on service level agreement (SLA) promises.
Use Case #1: Telecommunication Contracts
Currently, most telco customers don’t have a service that can provide them with business-level intelligence and insights they need to have an honest accounting of their billing and contracts. If MSSPs act as “the middle man” between the telco and the customer, they can provide tremendous business value and become their customers’ advocate. Obviously, if MSSPs are in the position of providing more value than what’s expected, they are going to be far more competitive in the marketplace.
Many customers have contracts with telecommunications providers (telcos) that are providing circuits that SD-WAN runs over. Every telco has — or should have — a contract with an SLA. The problem is that despite having a way to measure an SLA, few organizations proactively do it and report against it.
An MSSP can make it easier for its customers to document activity and help them receive what they’re paying for and what the telco has agreed to provide. MSSPs that are providing SD-WAN environments from a vendor like Fortinet could be the point at which all telco SLAs are measured, managed, and reported on.
Use Case #2: Multiple Telecommunication Contracts
It’s very common for an organization to have contracts with multiple telcos. For example, if an MSSP’s customer is a company that owns 100 radiology labs around the country and they’re all connected through a network, there is a strong possibility that it has contracts with three or more telcos.
The radiology lab organization uses all the disparate telcos to link all of its locations because it can’t find one provider that can connect to all of them. Therefore, the company has a network of labs spread across all its providers — a very realistic environment. This means the MSSP customer must have three contracts at a minimum — and three different SLAs.
So, in this scenario, if the radiology labs company has a telecommunication service outage by one (or all) of their providers and they fail on an SLA requirement, then according to the contract that SLA failure could be worth a significant amount of compensation.
By having intelligence and insights at a business level, an MSSP can empower the radiology labs customer to go back to one or all of its providers and say, “You missed an SLA last Tuesday and according to our contract, missing two hours at a $30,000 an hour, means you owe us $60,000. I need to receive that compensation per our contract or I need to see a reduction in my next billing.”
Deepening the Partnership
Clearly, MSSPs that provide this kind of data in addition to powerful cybersecurity will be adding business value that is very attractive to a partner and solidifying a mutually beneficial relationship between vendor, service provider, and customer.
In these use cases, no other entity can do this for a customer beyond the telco — and when’s the last time a telco called a customer to apologize for bad service and admit that an SLA was missed? Never, right? So, this is a unique opportunity for MSSPs to offer great differential business value and be an advocate for their customers to deepen the partnership.
The Right Security Vendor
A security vendor that can help MSSPs understand how to set up a dashboard, how to supply telemetry, and how to put it all in the context of the business that’s driving over SD-WAN makes a very compelling case for an MSSP that wants to stand out and win new business.
Very few MSSPs are currently providing this kind of service as an added value offering. It is somewhat surprising because almost any MSSP is capable enough. If an MSSP has enough wherewithal, it could set up this new service to augment their cybersecurity offerings. Consider this post a call to action.
MSSPs should begin by identifying a cybersecurity provider that has what’s needed to roll out this additional benefit. The vendor needs to have two key things: 1) the ability to implement a network-wide analyzer that can supply telemetry, and 2) the ability to support APIs to interface with reporting tools — all driven by a modular approach to supplying SD-WAN and SASE.
The right cybersecurity vendor will have the needed three building blocks to offer their MSSP’s. At the bottom layer, Secure SD-WAN and SASE are built into a modular environment. Then on top of that, what’s needed is an analyzer that can look at everything across that layer. And then the final requirement is an API layer on top to interface with reporting tools. MSSPs need a cybersecurity partner that can very quickly build these tools, if they don’t have them already.
Raising Your Game
If you’re an MSSP needing to raise your game, the answer is to add real value to what you’re offering customers. Think about how to put a “business face” on the service that you’re providing — and do it in the context of the metrics and experiences that you’re providing your customers.
Author Michael O’Brien is regional VP, strategic routes to market, Fortinet. Read more Fortinet blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.