Cavelo Channel Chief To MSPs: ‘If You Can’t See The Exposure, You’re Pricing Blindly’
‘You’ve built incredible stacks: more tools, more alerts, more dashboards than ever before. But if your stack is device-centric and the breach is data-centric, then you’re defending the wrong battlefield,’ says Cavelo channel chief Larry Meador.
Rising demands from customers and insurers are pushing MSPs to prove they are actively reducing cyber risk, and it’s pushing a rethink about how security services are sold and delivered in a changing IT services market.
“We’re trying to help you shrink your stack and grow your margins,” Cavelo channel chief Larry Meador told a room full of MSPs. “So let me ask a quick question. How many of you started your MSP just to become a compliance documentation company? Obviously I say that jokingly but the reality is the game has changed. The MSP channel didn’t suddenly get harder, it just got accountable. And that pressure is coming from every direction.”
Meador spoke to MSPs at CRN parent company The Channel Company’s XChange March conference in Orlando this week about how insurance companies are demanding more and more proof that organizations are implementing security controls. Meanwhile, many customers are scrutinizing their IT spending more closely, Meador said.
[Related: ‘We’re Relationship Selling’: Cavelo Launches Tool To Help MSPs Win New Business]
And at the same time, MSPs are grappling with sprawling technology stacks. But despite all the tools, he said MSPs still approach sales conversations the same way they always did.
“If you’re still opening a client meeting by talking about your tool set, or your bundle, or your price, there’s a disconnect,” he said. “The market has evolved, but the sales motion hasn’t.”
One reason, he said, is that most MSP security strategies remain focused on devices rather than the data attackers want. “Risk today is about data. Sadly, most MSP stacks are not about data.”
The mismatch may mean MSPs may be focusing their defenses in the wrong place, Meador suggested.
“You’ve built incredible stacks: more tools, more alerts, more dashboards than ever before,” he said. “But if your stack is device-centric and the breach is data-centric, then you’re defending the wrong battlefield.”
He suggested that while many MSPs could easily cite metrics like patched endpoints, handled alerts and protected devices, fewer may have clear visibility into their sensitive data exposure.
“How much sensitive data is sitting in open shares?” he asked. “How many stale identities still have access? What data is one click away from being publicly accessible? If you can’t see the exposure, you’re pricing blindly. You’re leaving margin on the table.”
That inability to see sensitive data exposure has several consequences where MSPs may underprice risk, struggle to justify their pricing to clients and miss opportunities to generate governance-related revenue, he added.
Instead, MSPs should shift toward a model built around identifying and managing data exposure, which can create new revenue streams.
“The breach economy doesn’t care about devices,” he said. “It cares about sensitive data.”
When MSPs can show customers where their sensitive data resides, who can access it, what vulnerabilities exist and what information is externally exposed, the sales conversation changes. “You’re no longer selling antivirus. You’re no longer selling patching or monitoring. You’re selling exposure clarity.”
That visibility can give way to paid discovery work, risk assessments, data exposure mapping, remediation projects and governance services that provide ongoing reporting and risk oversight for clients.
To help with this, Cavelo last month launched Flash, an agentless, near real-time risk posture assessment tool designed for prospecting launched last month,
“This is how MSPs move away from ticket-based economics,” he said, “When you move from ‘We protect endpoints’ to ‘We govern data exposure,’ you’ve just differentiated yourself from the MSP across town.”
Michael Goldstein, market president, Southeast Florida, for Entech, said Meador’s message about the hidden cost of not seeing exposure resonates as it’s a key issue for MSPs.
“The ability to assess environments, especially with the new Flash tool that lets us inventory agents and run assessments, makes it incredibly valuable,” he said.