I regularly speak with managed service providers (MSPs) and one of the biggest challenges I hear them share is selling the concept of managed services to prospects.
Many small and medium-sized businesses have yet to move past the concept of break-fix—only paying an IT company to fix things when they break. They don’t fully appreciate the value of the proactive approach that is managed services.
But I’m seeing an increasing number of European MSPs who are winning managed services clients—by not leading the sales conversation with managed services.
Instead, they’re leading the sales conversation by talking about cybersecurity. It’s a lead that any MSP worldwide can follow.
GDPR and the importance of cybersecurity to small businesses
I saw this shift in sales focus for European MSPs happen in the lead-up to the General Data Protection Regulation (GDPR) coming into effect. Love it or loathe it, GDPR has raised awareness of cybersecurity in a way that few other initiatives have.
Cybersecurity has always been important, and the financial implications for small businesses who’ve been breached have always been immense. But in the past, many businesses, especially smaller ones, simply shrugged off the possibility of attack with an “it will never happen to me” attitude. GDPR has changed that.
GDPR has helped shift cybersecurity from a “nice to have” option for small businesses to a “must-do” act of regulatory compliance. If ignored, GDPR can cost these businesses huge fines.
Even so, many SMBs are treating GDPR compliance as a tickbox exercise, something they can bring an external consultant in to help them achieve and then dust their hands.
Of course, MSPs know that GDPR compliance isn’t a one and done project at all. The smarter MSPs I’ve observed have used the door opened by GDPR to talk with their prospects about ongoing cybersecurity as part of a managed services offering.
Managed services and cybersecurity
Many of the things that will help a business become GDPR compliant are the fundamentals of good cybersecurity. Protecting the personal data of clients, employees, and suppliers isn’t achieved by any single action but by making sure:
- Internal data is secure (permissions)
- Data shared externally is shared securely (encryption)
- Internal networks are kept safe from intruders (firewalls, web filtering)
- and much more besides
I’ve seen a number of forward-thinking MSPs advertise their GDPR compliance services to small businesses as a packaged solution.
A compliance project is a lot easier to sell than managed services. The business has an immediate problem (becoming GDPR compliant) and the MSP is offering a defined solution (typically an audit).
As part of the project, the MSP can bring the client’s IT infrastructure up to date with better firewalls, encryption software, web filters, and so on. This is not dissimilar to the upgrade work that many new managed service clients are required to sign up for before an MSP will start supporting them.
At the end of the project, the business is considered GDPR compliant—at that point in time. Of course, the MSP then turns the conversation to ongoing compliance with questions such as:
- Employees come and go. How is the business going to ensure internal data security is maintained at all times?
- Web filtering and firewalls prevent many external attacks, but how is the business going to deal with an intrusion when (not if) it happens?
- If internal data is lost due to a breach, what backup and disaster recovery options does the business have?
Over the course of the compliance project, the customers will have slowly become aware that IT pervades every part of their business. They’re reliant on IT. It’s not a “nice to have,” it’s essential—and it needs ongoing maintenance.
And so the conversation between the business and MSP turns to managed services. It’s a conversation that, prior to the GDPR compliance project, the prospect didn’t want to have.
In this scenario, I’ve talked about how European-based MSPs are talking to their prospects and clients about GDPR. But in every geographical location around the world, there are regulatory compliance challenges.
No matter where your MSP is located, helping companies comply with relevant statutes gives you an opportunity to start a conversation about managed services. Will you use it?