You never want to say “no” to a customer, especially when they’re asking about something as important as data and network security. Now more than ever, everyone is concerned about the safety of their data, their users and their infrastructure — especially those in the public sector.
Those who serve GSA, federal, state, local or educational customers know how sensitive their data is and what desirable targets they are for cybercriminals. That data that regards every citizen must be protected at all times, and their networks include those controlling many key government operations. Penetration of these could represent a threat to national security.
But if you don’t have expensive security experts on your staff, what are your choices? Send the customer to someone else? Find a competitor to subcontract?
Buy, Broker or Build?
You’ll remember from the time when the cloud was new, the channel was presented with multiple choices for how to get there: buy, broker or build. The same approaches apply to those considering making the leap from MSP to MSSP.
Building your own security practice is something you can do, but not likely to be something you’ll want to do quickly. To do it quickly, you’ll either have to invest heavily in “buying” the talent you need or in training your own people — which will not likely be a fast process.
Brokering a dedicated security firm’s offerings is also available to you, but only if you’re confident that you can still maintain account control to keep the customer your customer while you are building your own practice. And when brokering security services for the public sector market, you must be especially careful to select qualified and certified partners who will meet governmental scrutiny.
Buying the security products needed and subcontracting someone you and the government trust to do the installation and integration work for you, allows you to enjoy a greater share of margin while still maintaining your primary role with your customers.
Who Do You Trust?
If you’re like most channel partners, you are uncomfortable with the idea of partnering with or subcontracting one of your competitors. There’s a threat of your competitor poaching your customer. Why invite trouble?
Here’s where partnering with someone who doesn’t compete with you is so valuable. You want to turn to a partner who is qualified to deliver security services in the public sector — one who’s proven themselves to you by providing the products your customers need in all categories. Think MSP to systems integrator, a vendor without a direct sales team, or in this case, your distributor.
Selling Security Products
Your first concern will be that you don’t yet know which security products to recommend.
You know that data and network security are important, but you’re confronted with a large and growing variety of products from many vendors. If you look at the TD SYNNEX Solutions Product Inventory (SPI) Tool, you’ll see a tremendous list of different security products in a large number of categories.
Use your resources. Whoever is going to sell these products to you should always be able to explain them to you, highlight differences between them and help you determine which ones are best for your specific application. You’ve already experienced that over the years buying multiple products from TD SYNNEX, and this is no different. In fact, we have a team of experts available to answer all your questions and design solutions for your customer’s problems. They are also sensitive to the GSA contract and to which products have earned which regulatory certifications.
This is where you start to multi-task. While you’re getting the right solutions for your customer, you’re also learning about the products involved. Each time you do that, you get closer to the time you’re ready to introduce your own security practice. This is the best on-the-job training you could ask for because it’s specific to real-world customer needs.
When you see the substantial deal size and profitability available from security sales, you will very likely want to continue building your security practice. For more guidance, take a look at our Digital Security Practice Builder. You’ll begin by taking an initial Security Practice Assessment to identify exactly where you are in your development process and where you should further develop your security knowledge. It then guides you to the right courses to raise your expertise level to where you want it to be.
Just for the Fun of It, Spend Some Time on Our Cyber Range
Now that you’re building your own security practice, you should start leveraging the TD SYNNEX Cyber Range. It’s an interactive cyber playground staffed with cybersecurity professionals to provide the guidance you need to increase your knowledge and fine-tune your sales.
Gain Advantage with Assessments and Services
As with any big project you’ve ever done, it’s important to start by assessing your public sector customer’s current state so you know where you’re starting. Where is antiquated, legacy infrastructure falling short? What cloud security applications aren’t being utilized? Where can your clients benefit from advanced security, keeping in mind the public sector often has limited budgets? Then you can design and propose the ideal future state they want to attain.
If you’re lucky, you may already have customers asking you about performing a risk assessment. It’s a big concern — especially these days — in the aftermath of the oil pipeline and meat-packing ransomware attacks.
It’s an even bigger concern for government or educational agencies for whom an incident could represent a breach of public security. Before recommending any assessment, carefully check to assure that the agency allows such explorations of their network and their sensitive public data assets.
The first stage of a truly complete risk assessment is a Security Maturity Assessment. It’s not technical. It’s a business operations assessment to help determine if your customer’s policies, processes, and procedures truly support top security of business-critical systems.
Only then do we get to the technology assessment, in which you carefully identify your customer’s security strengths, weaknesses, opportunities and threats. In addition to this architectural exploration, you should run a full battery of penetration testing to see where the true vulnerabilities lie by seeing if you can’t get past them.
One of the most powerful features of the TD SYNNEX security assessment tool suite is that we provide a complete financial projection of the real impact on budgets that are often very limited in the public sector. What’s the value of the data assets being protected? What would be the cost if any of them were lost, stolen or corrupted? How much should it cost to protect them properly and thoroughly? When you do these sorts of assessments, your customers end up not just knowing the technology involved, they also know the all-important costs.
You may want to begin by having our team perform these assessments. As you shadow us, you can learn to perform them yourself.
Additionally, TD SYNNEX offers a variety of security services through our vendor partners, including SOC-as-a-Service (SOCaaS) and Cybersecurity Maturity Model Certification (CMMC) compliance.
“MSSP” is in Your Future
Many managed service providers (MSP) have added managed security service provider (MSSP) capabilities to their service catalog. Here’s the fast and easy way not only to capture those deals but also to develop your overall security strategy and strength. Talk to your TD SYNNEX rep today about our Security Solutions, email MSPsecurity@techdata.com, or visit https://techdata.com/security for more information.