The three Cs of successfully selling security

clock • 8 min read

The move towards a managed security model requires a major evolution of the channel's sales and marketing strategies. In this article, sponsored by SolarWinds MSP, we examine how MSSPs can make sure they get it right

Four years ago a well-known security vendor undertook a successful advertising campaign for one of its core B2B products using the slogan ‘See it. Control it. Protect it'. A quick visit to the same vendor's website today finds that that bold and impactful statement is no longer anywhere to be seen in conjunction with the product in question. In its place is the rather less strident strapline ‘Agile cybersecurity for businesses of any size'. Considering the two phrases are intended to encapsulate the same product, the difference in tone could hardly be more stark.

So, what's changed?

Whatever it is, the first thing to note is that it has seemingly changed for everyone; examining the company mottos of other major security brands reveals a similar absence of conviction and absoluteness. Examples include ‘security made simple', ‘together is power' and, perhaps most tellingly, ‘keeps you one step ahead'. Considering that these are all companies entrusted with the task of protecting their customers' most valuable assets - and, indeed, their very existence -the lack of certitude could seem a little surprising.

But, then again, perhaps not. In the last few years the IT landscape - and the wider global climate - has increasingly come to feel like a world in which little is certain, and nothing is safe. Huge multinational corporations are regularly breached, as are the highest levels of government in major nations. Meanwhile terms like ‘ethical hacker' are no longer oxymoronic, and many security specialists openly trade on their ability to catch and attackers only once they have successfully broken through, and not before.

Meanwhile as-a-service models have revolutionised the way IT is provided and consumed. For end users, the key benefits are clear: a huge reduction in capital expense; and round-the-clock access to a level of expertise they could never hope to recreate in house. But the managed services model comes with some stiff challenges for VARs whose cashflow has always been maintained by upfront product revenues and generous rebates.

Not to mention channel salespeople used to selling big projects that come with equally hefty commission payments. And perhaps most challenging of all is the task facing marketing teams trying to promote security in such an obviously unsecure environment.

However successful they have been in the past, the old sales and marketing tools of the channel - and the individuals that provide them - need to evolve, and quickly. But the process need not be a painful or puzzling one, if a few principles are observed.


Compensation
The old saying has it that salespeople are coin-operated. While most modern sales professionals would baulk at such a reductive characterisation, not many would deny there is a fairly sizeable grain of truth in the statement. Certainly there are few, if any professions, where reward is so relentlessly coupled to performance.

And the best performers are, typically, happy to work within a reward structure that takes that symbiosis to an extreme. The sales director of a security channel player once told me that, in an ideal world, he would work for a salary made up of five per cent basic and 95 per cent commission - and that he looked to recruit staff who felt the same way.

That may be a radical and unrealistic example, but the fact remains that commission is a major part of how all salespeople make a living. And, if they want to be successful, managed security services providers (MSSPs) need to make sure their sales force is incentivised effectively and geared up to sell.

Ten to 15 years ago the equation for security resellers and their frontline commercial staff was simple: the bigger the sale, the bigger the reward - with everything paid upfront. A large project booked by a salesperson in one month could mean a healthy commission payment in the next. This simple model clearly benefited both VARs and their employees, with both parties profiting financially.

Nowadays the proposition is far trickier. A salesperson earning 10 per cent commission that closes a £20,000 on-premise licensing and hardware deal can, clearly, expect extra earnings of £2,000 in their next pay packet. If the same deal is converted to a two-year managed services contract in which the customer pays monthly, the salesperson will - in theory at least - see an increase of just £83.33 in their next paycheque.

This creates a clear conflict of interest between companies wanting to offer managed security services and the people they are employing to sell them. If a salesperson enjoys far more - or at least far quicker - financial benefit from selling product than from selling an equivalent amount of services, then what incentive is there for them to direct their accounts away from the former and towards the latter?

Depending on how quickly and to what extent companies want to move their business towards as-a-service models of delivery, they must ensure that sales staff are just as well incentivised and compensated - if not considerably more so - for selling services as they are for selling product. This could mean offering commission on something resembling a leasing model, with channel firms covering the cost of upfront payment, and recouping the expense in monthly chunks.

This system not only allows salespeople to enjoy the same rewards they are likely used to, but also gives their employer an extra slice of predictable recurring revenue. What is more, it is easy to build flexibility into this model, and make it even more employee-focused by offering a range of compensation options allowing them to choose whether they receive payment on a monthly, quarterly, or biannual basis.

Consultancy
But selling services successfully is not merely a matter of changing how you pay your staff, and letting them get on with it. The sale itself is a far different proposition, requiring new skills and approaches.

In the early days of mainstream internet adoption, selling content and network security was a simpler proposition. Threats - and the people and entities behind them - were far less sophisticated, and antivirus vendors and their channel partners could, effectively, promise customers that they could erect an impenetrable wall around their organisation's IT estate. Sales were almost certainly signed off by IT managers whose chief concern was technical fortitude. So long as the technology came with the assurance of an industry-leading detection rate, money - within reason - was a lesser concern.

Nowadays, the pitch needs to be a great deal broader. In all areas of IT, impressive-sounding technical specs are no longer enough to seal the deal. And nowhere is this more true than in the world of security, where the limitations of the technology can make global headlines.

And that is without factoring in the move from selling a product to selling a service. Selling machine learning and software engineering expertise - not to mention a contractual engagement and ongoing relationship that could extend a number of years into the future - requires a more consultative sell. Not to mention the skill to sell on ‘soft' benefits such as productivity gains and the prevention of reputational damage, and the patience to stay the course of a longer sales cycle.

Channel firms wishing to evolve into MSSPs need to ensure they have the right sales skills to prosper in the new world of managed security. This will, at the very least, involve investing in training incumbent staff. In most cases it will also require hiring experienced services-focused sales staff to help set the tone.

 

Candour
Marketers, meanwhile, also need to develop different approaches and cultivate new skills. The key function of the IT security industry has shifted from ‘protect' to ‘detect and mitigate'. It would be easy for end users to construe this as a concession on the part of the security industry, and demonstrable ground gained on the part of the attackers.

It is important that the marketing professionals ensure that this notion is swiftly and decisively disabused. Because the reality is that, in the MSSP world, the IT security industry is more on the attack than ever before.

With the move to proactive monitoring and threat intelligence - which only comes with true managed service - the focus has changed from simply putting up a barrier to keep threats out, to actively and aggressively pursuing each breach and its perpetrator. Not only to remove the threat, but to identify and isolate it, and to mine as much information from it as possible, so as to combat other attacks better.

It is of crucial importance that channel marketing teams are completely candid in acknowledging the huge challenges facing IT security providers and their customers: the new-found sophistication of the threat landscape; the increased attack surface; and the fact that security technology sometimes has to play catch-up to emerging forms and methods of attack. But, alongside this, it is key that they paint a detailed picture of how managed security services allows MSSPs to fight threats in a far more proactive and combative way than ever before. Or, put another way: attack is the best form of defence.

For more information about how SolarWinds MSP can help managed services providers, click here

 

You may also like
Gartner: 'The talent problem is unsolvable'

Reseller

Analyst John-David Lovelock claims the skills shortage will continue for another five years as firms should turn to managed services

clock 23 January 2024 • 2 min read
Logicalis unveils updated Digital Fabric Platform as it pursues growth in managed services, security

Reseller

New platform release comes amid wider push across security and services

clock 10 January 2024 • 1 min read
SysGroup H1: Managed services up while VAR sales plummet almost 40 per cent

Reseller

The mid-market MSP saw managed services go from strength to strength while its VAR revenues continue to shrink year-on-year

clock 27 November 2023 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Services and Outsourcing

UK SME reliance on MSPs rises but some still have 'no plans' to work with them - report

UK SME reliance on MSPs rises but some still have 'no plans' to work with them - report

JumpCloud’s sixth biannual SME IT Trends report found that the cost effectiveness of MSPs is driving growth in SMEs

Kelsey Rees
clock 13 February 2024 • 2 min read
XChange MSP: How can MSPs help their customers through a recession?

XChange MSP: How can MSPs help their customers through a recession?

Kicking off the chief event for managed services, John Booth of Carbon3IT will tackle the major issues facing MSPs and how to overcome them

Kelsey Rees
clock 07 August 2023 • 1 min read
Accenture plans to cut 890 Irish staff

Accenture plans to cut 890 Irish staff

The new round of cuts, coming after an earlier round of 800 layoffs for the global solution provider’s Irish operations, is part of a larger plan to eliminate 18,000 jobs over the next year-plus

Joseph F. Kovar
clock 01 August 2023 • 1 min read

Highlights

Staff & Salaries 2022

Staff & Salaries 2022

A snapshot of pay and headcount trends in the UK channel

Doug Woodburn
clock 09 March 2022 • 1 min read
Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Stephen Fenby talks to CRN after Midwich’s 2021 results in which profitability exceeded pre-pandemic levels

Josh Budd
clock 08 March 2022 • 3 min read
4 more vendors suspend sales in Russia following Ukraine invasion

4 more vendors suspend sales in Russia following Ukraine invasion

IBM and Microsoft are among a number of vendors which have also announced that they will halt sales in Russia following the invasion of Ukraine.

clock 08 March 2022 • 3 min read