Inside the Modern MSSP
When deciding on internet service for your home, how much time did you spend shopping for the modem or router to support your connection? If you are like most people, little to none.
That’s because most customers are leased a standard-issue WAN device from the internet service provider (ISP). The ISP deploys and supports the appliance. And even though customers pay for this equipment installed in their homes, they don’t treat it like other purchases. Rather than investigate the available options, customers typically rely on their ISP to test, purchase, deploy, manage and support the modem as part of the service they provide.
This mindset is not unique to household internet subscribers. Many MSSP customers express interest in having a one-stop-shop option. In fact, this bundled consumption model is a rapidly growing — and soon to be prevailing — desire of the MSSP’s target audience. The bundled, end-to-end experience represents a major opportunity for the security industry.
How to Bundle Security Services
MSSPs should see bundles as an opportunity to set their business apart from competing providers. The focus should be on minimizing undesired complexity for the customer and, simultaneously, eliminating their need to include competitors in the conversation.
Where possible, it’s smart to bundle key underlying infrastructure into your services. A bundled MSSP proposal should:
- Ensure services and infrastructure are seamlessly packaged together
- Minimize references to underlying technology via private-labeling (in some cases)
- Position solution as a zero-touch, all-in-one turnkey service
- Confirm that it’s not a product purchase or ‘sold separately’
- Clarify that large, upfront costs aren’t required
- Explain simplicity and benefits of recurring pricing model
Become a Security Partner
When MSSPs present a bundled solution as a private-labeled service (e.g., OEM), several benefits appear. First, the MSSP is no longer identified as another product vendor. They’ve automatically differentiated themselves from the long list of vendors pushing hardware.
The narrative shifts from highlighting product data points to reliable SLAs, which places the MSSP in a position of trusted advisor and valued cybersecurity partner. From here, potential customers will begin to trust the MSSP to evaluate, procure and manage the hardware.
It’s simple on paper, but will require a change in customer behavior — something the MSSP will need to patiently nurture. In the end, the high-margin service becomes more attractive and “stickier” for the customer and reduces the number of competing variables for the MSSP. If structured properly, there is also the benefit of no upfront capital exposure for the customer or the MSSP, and no leasing will be involved.
Close the Door to Distractions
Customers want security and simplicity. As such, the ISP customers described above do not have a sense that they are being asked to purchase or own the service delivery equipment. They are purchasing an outcome.
They trust that their service provider is taking care of their best interests. Ideally, this is where MSSPs want to be with prospects and customers. If this balance is not struck, service providers are not in the best position to simplify and shorten the customer acquisition and retention cycles, eliminate competition or capitalize on the “sticky,” high-margin recurring revenue.
In other words, if you are not able to offer your customers infrastructure bundled as a convenient and cost-effective part of your recurring service, then they have no choice but to procure and own the infrastructure separately.
When that door is opened, customer attention is now diverted elsewhere. Several variables will be introduced that you will be competing against unnecessarily.
Investigating the Purchase Process
To get a better understanding of what’s occurring, let’s look at the challenges associated with a typical purchase process for the customer and the MSSP.
In this hypothetical, a customer wants to refresh a firewall and is also interested in outsourcing the management and monitoring. Shortly after the customer begins their investigation, there are multiple security technology developers, value-added resellers (VAR) and MSSPs engaged and presenting their offerings.
The customer will consider a number of competitive proposals. Unfortunately, each is only slightly more or less appealing than the next. And all seem to be able to meet the requirements in one way or another — albeit none are all that convenient.
There are common resource-draining pitfalls across all the proposals (e.g., selection, procurement and hardware maintenance). Faced with no alternative but to own this overhead, the customer is compelled to become (or outsource) a firewall expert to properly assess the options. This introduces pains to each party in the sale.
- Assign knowledgeable and “objective” internal or external resources who understand the technology and are qualified to assess competing products
- Identify, engage and vet product vendor claims
- Attend countless presentations, demos and proof of concepts (POC)
- Decide who is qualified to manage and monitor the chosen product
- Allocate costly internal resources who could be spending hours elsewhere
- Budget for sizeable upfront expense
- Own equipment that requires more resources to run, maintain and replace
- Manage and monitor security aspects post-sale
- Differentiate in a crowded market with the same proposal formula each vendor is using
- Propose one or multiple firewall options for the customer to consider, purchase, own and operate
- Invest time and resources educating the customer on product “speeds and feeds”
- Understand that firewall vendors will introduce preferred MSSPs to complete their solution proposal
- Submit (hopefully) the winning proposal to wrap implementation, management and/or monitoring services around the product purchase
- Repeat this process again when the hardware needs to be refreshed
Those pain points are summarized at a high level, but only begin to articulate the challenges of the typical prospect engagement. Even eliminating or improving some of these will simplify the sales process and improve the chances of closing the deal.
Implementing buyer-friendly practices
To evolve the traditional vendor-based purchasing process, MSSPs will need to proactively embrace buyer-friendly services like that of the common ISP. This will be as much about changing behavior — both internally and externally — as it is about hard selling.
Once this strategy is in place, the approach will clearly differentiate modern MSSPs from the crowded field of product and services vendors that rely on legacy approaches to getting products to market.