February 10, 2022
Ensuring Profitability in Cybersecurity: Tips from MSPs for MSPs
Cybersecurity is a lucrative business. The growing risk of being hit by a cyber attack makes it a no-brainer for organisations of all sizes to adopt cybersecurity solutions. This is where MSPs come into the picture. Cybersecurity poses a great opportunity for MSPs to expand, grow their business, and drive revenues while providing customers with more comprehensive solutions. If you are reading this, there is a good chance that you have been seriously considering entering this space.
To help you better understand the potential profits as well as the risks associated with such a business move, we interviewed several Datto partners that have already taken this path to add cybersecurity to their portfolio of offerings. We discussed how they ensure their cybersecurity business is profitable and key advice for minimising the financial risk involved in such expansion.
Cybersecurity is lucrative
Jeffrey Loeb, SVP at Prosource Technologies entered this space a few years ago and was happy to share that “Cybersecurity has become very profitable for us. It's as profitable or more profitable than our core managed services…unlike managed IT, in security it is not so important to identify your ideal customer, because it’s a scalable solution that we can take to any size of company. So not only is it very profitable, we have a much larger audience that we can sell it to.” Today, Prosource uses cybersecurity as a foot in the door with larger clients, and then expands into supplemental IT services. But reaching this point was a journey for Prosource, trying multiple products, vendors, and sales tactics until they found what works for them.
How to ensure profitability?
So how do you accelerate the profitability of cybersecurity? How do you minimise the trial and error phase? Going back to basics, you have to (a) increase your revenue and/or (b) reduce your expenses, headcount, or overhead. The ideal solutions to grow your margins are the ones that do both - increase your revenue without increasing your expenses or even better, while reducing them.
Security solutions have great potential to increase your revenue, but some of them also require a significant time investment from your staff. When building your entrance strategy to the cybersecurity market, pay attention to the following to ensure profitability:
- Select products built for MSPs - Choosing security solutions that are designed for MSPs makes it much simpler. Both Jeffrey Loeb, SVP at Prosource Technologies, and Eric Brown, CISO at RetroFit Technologies, stress this point and based on their experience, highly recommend looking for security solutions that are designed with MSPs in mind. “If you go with a company that's designed specifically for the MSP, that means everything is multi-tenant and you can see everything in one console. So when you log in, you don't want to log into multiple dashboards. This drives the efficiency of your business because you reduce the amount of time spent on each product.” says Brown. “Without a multi-tenant view the labor costs of managed solutions skyrocket and make it very difficult to do it profitably” Loeb adds.
Other aspects to take into account when adding cybersecurity products to your stack include convenient reporting and value realisation, integration with other solutions and platforms you use, and billing, which may become very time-consuming in case it doesn’t fit your MSP’s current billing methods.
- Deployment and maintenance overhead - The effort of deploying, managing, maintaining, and supporting security products should be considered as a cost. While some security solutions are literally plug-and-play, others require complex setup and configuration. The less overhead to manage and the fewer screens to review is a big advantage as it simply translates into hours that cost you as an employer. “Whether we spend one hour per month on that product or 1,000 hours per month, we charge the same. Anything that adds time to us, whatever it is (a portal, maintenance, and so on) is taking profit from us” comments Loeb.
According to Jude Travers-Frazier, COO at Kraft & Kennedy, “products that play nice with other tools we as an MSP use also save time and effort, which ultimately leads to less human power needed on our team”. When asked how to cope with this, Travers-Frazier responded “I think you also have to be critical along the way - for every new tool, how many new dashboards are you going to use? How many new screens are there? Are your technicians going to be able to do that? Take into consideration the risk of a tool actually alerting you but you aren’t paying attention to it. That's not a good situation”.
Loeb of Prosource Technologies shares some insights based on his experience - “If you're not careful, every new tool is going to cost you time and energy both in learning it, implementing it and the ongoing maintenance and management. You can minimise it by being careful. One good model that we found for ourselves is that we will POC every new tool internally for ourselves first, and we will gain some insight and experience with how the tool functions and operates using ourselves as the Guinea pig. So it is real, but it is also a very small implementation compared to what it will be when we will deploy it into our entire client base.”
- The cost of training - Take into account that you are going to need to train both your technical people and your customer-facing personnel on every new security product you add to your offering. This includes building processes around how to sell, how to deploy, how to manage the solution, and how to support customers.
According to Loeb, the level of training the vendor provides is very significant in Prosource’s partner selection. The more hands-on these training sessions are, and the more 1:1 interactive sessions provided, the better. Personally, Loeb prefers to work with vendors that are available for his staff and encourages them to deep dive and ask questions, becoming more proficient in security.
- Hiring security pros is expensive - When it comes to security, staffing may become a large expense. Here you should consider how sophisticated you want to be and how much services you want to provide using your own staff. “As you have more sophisticated tools, as you design a more sophisticated response team within your own staff, this is when you need a special skill set. And in order to have high-level security experts on your team, you are going to have to pay for it. Particularly in today's marketspace where security experts are in high demand” says Travers-Frazier. Take this into account when planning your security offering. You may want to start with products that are easy to manage or do not require deep security skills. Or alternatively, work with vendors that provide the required professional services, support, or training.
Cybersecurity solutions have great potential to increase your business, but you need to be aware of the potential associated costs and pick them carefully. When examining the first security additions to your portfolio, look for light solutions that do not require significant overhead. Simple setup, multi-tenancy, easy reporting, built-in integration with other products you use, and a business model that fits your needs are just some of the things that can make your life easier and your margins bigger.
Interested in adding cybersecurity solutions to your offering? Datto is here for you when considering this move. Contact us to learn more.