How Security Integrators Can Find the Value of Offering Managed Services
Originally posted on LinkedIn by ProTecht Solutions Partners, LLC | April 8, 2024
Many of us have heard the story of the goose that laid the golden egg. Like clockwork, every day, it laid a golden egg. After an initial stage of shock, the owner decided to start selling the eggs, making him very wealthy. Let’s be honest and admit that we would all like to have THAT goose and that recurring revenue.
This may come as a surprise, but according to the Security Business Magazine State of the Industry Report 2023, approximately 30% of the security industry has less than 50% recurring revenue. In contrast, only 28% of the industry receives more than 75% of its revenue from recurring costs.
While these numbers do not seem that far off, the difference in revenue is huge. It is the difference between having to sell every week and having a two-week schedule to keep employees paid, or having guaranteed revenue to keep the lights on and the employees paid, even if the entire account management team went on vacation for two weeks. It’s not just revenue, it’s peace of mind. I have seen both firsthand, and the latter is significantly less stressful.
The reality is that security integrators are facing a paradigm shift. Selling in the Security Industry has long been relationship-driven. However, that is changing. More corporate structure and involvement of other stakeholders, such as IT, have forced security integrators to adopt new methods of building trust. One way of doing this has been to shift from the relationship to a partnership; being a good partner to the organization rather than having a relationship with just one or two key influencers. Partnerships can look very different, but one key element is that partnerships are built on A) a level of trust, and B) being proactive; to see and fix issues before the end-user has to call. As a consultant, I look for the best partners for my clients; service(s) and workmanship are paramount to a good partnership, the products sold are secondary.
That is the difference between selling a Service Level Agreement (SLA) and being a Managed Services Provider (MSP). An SLA is typically reactionary, with maybe a proactive component for preventative maintenance. The MSP offers proactive solutions to identify issues before they become a problem, shifting the timeline of when the issues are addressed.
The MSP may be a new concept for the security integrator and the security industry, but it is not new. Let’s face it, since the word “Cloud” became a topic about something other than white puffy things in the sky, the IT world has embraced the concept of managed services; managing and maintaining hardware and software implementations through subscription or contractual basis. Managed services offer proactive system and device monitoring and management, without a truck roll at every service call. It “flips the script” if you will from selling systems to offering the full solution. The difference between everyone else, and a long-term partner. End-users are looking for partners who can provide solutions. They can buy systems anywhere.
MSPs offering proactive solutions are finding they retain customers and build trust not only with the one or two influencers but that they embrace the corporate structure and build trust with the new stakeholders, such as IT and Compliance; stakeholders who are used to purchasing managed services. The IT vendors have been offering managed services for years, and the security industry is just now beginning to catch on. End-users are becoming hardware and resource adverse, finding it easier to justify a low (very subjective) monthly cost over a large capital cost. Again, we can thank the IT companies like Microsoft 365 and QuickBooks for laying this groundwork. Embracing this service offering can lead to stronger, longer-lasting partnerships; and many times opens the door to new opportunities with these new stakeholders.
Managed Services is the goose that lays the golden eggs. This is the difference between running in the race to the bottom in price and value, and succeeding; whether for obvious wealth or for those security integrators looking to be acquired. Managed Services are viewed as a multiplier for valuation, resulting in a more favorable indicator of profitability.
The problem is defining managed services. What does it mean to be an MSP? This is something the security industry has struggled with. In my opinion, that definition really falls onto the integrator, and what services they are willing to offer. Do they offer proactive monitoring of systems, or do they offer a GSOC-as-a-Service? The spectrum between the two is very wide and has obvious substantial financial and manpower differences.
One of the most basic services that can be offered is proactive network monitoring. This is a category of managed services that is necessary for almost any end-user. Most end-users have network monitoring tools, such as Solar Winds, for the IT stakeholders. The issue now being identified is that security infrastructure is moving beyond conventional IT to non-traditional devices such as cameras, sensors, and wireless technologies requiring network monitoring tools been born out of the security industry and combined with detailed management of traditional security infrastructure within an IT framework, allowing security integrators to deliver security related solutions within a model that IT accepts and uses.
One of the proactive network monitoring tools is EyeOTMonitor (https://www.eyeotmonitor.com/), a cloud-hosted remote network management (RNM) platform. EyeOTMonitor is a single pane of glass application that allows security integrators and the end-user to monitor and manage the core network, IoT, and physical security infrastructure Sure, there are IT systems out there that can manage the network. However, the security integrator does not just care about the network. There are devices, end-points, edge sensors, hardware, and software platforms that need more than just “ping”. To do this, there must be a library of communication protocols and integrations, and there is. The EyeOTMonitor integrations include cameras, routers, switches, firewalls, point-to-point wireless radios, IoT devices, and on-premise or cloud-hosted servers. These assets need to be managed; in real-time, with actionable data and key performance indicators (KPIs); with outcomes such as reducing asset and network downtime, reduced truck rolls, asset and lifecycle management, and more.
Topology and Spatial Mapping
EyeOTMonitor offers simple drag-and-drop options to create topology mapping of networked assets. This traditional view of network topology offers a very granular application for security and other operational technology (OT) applications to see problematic devices or networks; before the system may alert. This also helps the MSP identify upstream failures that cause the alarmed effect. For someone who has used Google Earth to map out citywide surveillance designs, EyeOTMonitor also offers ESRI or custom geospatial mapping, offering a digital twin for spatial referencing of assets on a map.
Remote Management
Managed Services relies upon remote management using secure communications. EyeOTMonitor offers secured communication from end-to-end from the endpoint to the platform. They are currently undergoing ISO 27001 and SOC2 compliance audits for acceptance later in 2024.
Data Dashboards
We know that security is rarely just about security these days; rather it’s about using the existing sensors to provide actionable business intelligence data that can be shared with other organizational stakeholders. EyeOTMonitor comes with standard data dashboards; but also allows the MSP the ability to create custom solutions-driven dashboards. Within the dashboards; each system, device, or end-point there are a multitude of settings that provide levels of alerting and levels of communication, allowing the Security Integrator to acknowledge potential issues to address before they become an issue; allowing the Security Integrator to become a true partner, with the end-users best interest in mind.
To the Security Integrator – Is becoming an MSP going to be easy? Rarely anything of value is easy. It will take for many a change in business model, to focus on the partnership rather than the new business. For those system integrators who embrace managed services; from proactive network monitoring tools like EyeOTMonitor to GSOC-as-a-Service, there are truckloads of golden eggs just waiting.