ConnectWise CEO Arnie Bellini says MSPs must create a new revenue stream and better protect customers by adding security services around encryption and penetration testing.
Security is center stage in every boardroom and presents MSPs with as big of an opportunity as cloud services, Bellini told the roughly 3,000 attendees of IT Nation 2016. But he said too many ConnectWise partners haven't even thought about establishing a managed security practice.
"You've sort of become complacent," Bellini said Thursday at the Hyatt Regency Orlando. "You've built your monthly recurring revenue and you're happy with that, but you're going to have to evolve."
Some forward-thinking partners no longer include security as part of their basic managed services contract, Bellini said. Instead, Bellini said they add a 20 percent upcharge to the basic contract in exchange for providing customers with comprehensive security protection.
Those MSPs have been able to establish an entirely new revenue stream, Bellini said, with customers paying for both a 150-hour up-front assessment and as much as $2,500 per month for managed security services. MSPs should work to monetize their security offerings, Bellini said, since clients will turn to them first in the event of a security breach.
"You really have to add security to your managed services practice," Bellini said. "If you're selling managed services without managed security, it's like selling a hot dog without a bun."
The table stakes for any managed security practice are virus detection, malware detection and firewall intrusion detection, Bellini said, and all three of those are commonly offered by MSPs today.
But to truly add value around security, Bellini said MSPs must add penetration testing, disk encryption and network encryption to their line card, as well as an SSL for traffic coming from the outside.
"Security breaches are happening inside the office," Bellini said. "You've got to protect the network from the inside as well."
The most difficult part about providing true managed security, though, is creating an operations manual that documents how each individual client does all of its IT functions and processes, Bellini said. This should be done as roughly a 150-hour project up front, Bellini said, and billed to customers separately.