Security Assessments Can Shift Clients From ‘Basic’ To ‘Advanced’ Security Stack

Security-focused MSPs need to be able to illustrate the need for an advanced security stack, which can be done through security assessments, Galactic Advisors’ CSO told solution providers at XChange March 2022.


Bruce McCully, Chief Security Officer for Galactic Advisors, is on a mission to protect one million people from cyberthreats. But the former MSP-owner-turned-security-expert knows that cybersecurity is a moving target and businesses aren’t always willing to be proactive with their security architectures.

“What worked yesterday when it comes to security didn’t work today,” McCully told attendees Sunday at CRN parent The Channel Company’s XChange 2022 conference, taking place this week in Dallas. MSPs have to educate their prospective clients on why they need an advanced security stack, and they can do that by being visual, he said.

The Nashville-based cybersecurity auditing firm does third-party assessments of security environments through a vendor-agnostic lens that MSPs can use to improve their own security offerings and make sure their own internal security environments are in good health. Solution providers can use security assessments to show prospective clients how their current vendors have “fallen asleep at the wheel,” McCully said.

Sponsored post

And partners should give these assessments away for free, he added.

“If you do everything right and build the perfect security stack, you’re going to put yourself out of business if you can’t communicate and educate your clients [on] why they would spend more by investing in your solution,” he said.

[Related: Nvidia Hack ‘Completely Compromised’ Internal Systems: Report]

Many MSPs package their essential managed services solution with their advanced security stack, which doesn’t work as well as splitting proposals into two separate components, McCully said. That’s because many clients don’t understand what advanced security really is, he said.

Instead, giving the client an assessment of their environments and going over the results together makes it easier to then compare your MSP services over a competitor’s offering, McCully said. “Then, you can educate them on why they would want to invest in your advanced security stack,” he added.

The goal of a security-focused MSP should be to move clients from basic security needs to being security-minded. Separately packaging services gives prospects the ability for them to see the difference between standard managed services and an advanced security stack more obviously, he said.

Having visibility into all the things that are going wrong on the network also creates a sense of urgency, saving some MSPs from leads going cold. Galactic partners that are using assessments have an 83 percent close rate, McCully said.

The ability to speak in layman’s terms and having a “backstage” perspective on security is a tried-and-true method for MSPs selling security, said Sophia Jaber, director of IT operations for CyberTrust IT Solutions, Lake Forest, Calif., which partners with Galactic Advisors.

Cybersecurity insurance for MSPs is getting more difficult to obtain, and MSPs need to be fully aware of the risks that they’re taking on as an MSP. In that regard, a security assessment benefits the partner as much as the client, Jaber said.

“[MSPs] are holding a good amount of risk, and they can be held liable. I think it’s more about transparency. I’m doing a full risk assessment for you, but I also want to know what I’m taking on to support you, and I have the ability to be able to do that with the full scope and full solution for you and for both parties. It’s powerful relationship building,” she said.