Building a Profitable Security Services Offering Part 2 IT Security Features and Benefits Overview

Trend Micro is excited to partner with SPC International in this 5-part Blog, Webinar and Online Training Series; focused on Building a Profitable Security Services Offering for MSP Partners.  Through the series, SPC will teach you a selling process of leading with security, steps in growing your recurring managed security services revenue and provide you the tools to make it happen.

We value and invest in Trend Micro MSP Partners to help:

  • Maximize Your Cash Flow – self-provision licenses, pay-as-you-go monthly billing, no upfront or minimum costs
  • Enhance the Tools You’re Already Using – integration with 3rd party RMM and PSA (Autotask, ConnectWise & Kaseya)
  • Optimize Your Productivity – manage multiple customers from a single console, anywhere, anytime

Building a Profitable Security Services Offering


Security is the number one concern of business owners today. This isn’t surprising, with all of the hacks, breaches, data thefts, ransomware attacks and privacy violations that we hear about on a daily basis. And those are just the ones we know about – according to the Online Trust Alliance’s (OTA) “Cyber Incident & Breach Trends Report,” cybersecurity incidents nearly doubled from about 82,000 in 2016 to 160,000 or so in 2017. But the report also notes that this number could easily be more than double that, as so many breaches are unreported.

The necessity to thwart these cybercriminals and protect critical business, financial, healthcare data and more has created a tremendous opportunity for IT service providers to evolve to meet this challenge and benefit from a continually growing revenue stream.

In this 5-part blog series and its companion Webinars, I’ll dive deep into the topic of building a profitable security services offering and cover essential topics such as the services that comprise different levels of security offerings; as well as how to lead with security to prospect effectively and set appointments, and how to price, position and sell these services. And once sold, I’ll cover how to properly On-Board new clients and share a strategy to continue to realize healthy ongoing security project profits and exponentially growing recurring managed security services revenues on an ongoing basis.

Watch On-Demand Webinar #2IT Security Services Features and Benefits’ (URL:

Part 2: IT Security Features and Benefits Overview

We know that Security is the #1 concern of today’s business owners, regardless of the industry they serve, and strategic leaders understand that they must increase their security posture to protect their data, systems and users against internal and external threats.

Therefore, offering IT security services is a strategic client service and control point for security providers. These high value, high margin services represent a stable, growing revenue opportunity with an extremely low barrier to entry and delivery.

What are Managed IT Security Services? 

Managed IT Security Services are a defined set of onsite or remotely-delivered services that are prepaid for at a fixed rate on a recurring basis, where the security provider assumes complete responsibility for the management and delivery of these security services and their outcome.

In addition, these services are governed by a Service Level Agreement or SLA, and are scheduled, preventative and proactive. On the other hand, Managed IT Security Services are not measured by time invested. Nor are they reactive services. Finally, they are not billed for on a time and materials basis.

The Old Way of delivering security services vs. The New Way 

The old way of delivering security services to clients means that the service provider is most profitable when their client is in the most pain, as the price of reactive, emergency security remediation services are always higher than scheduled, monitored, preventative services.

And clients are never prepared to pay for these reactive, costly emergencies, which negatively impact their cash flow and operations, and in extreme cases, their brand, image and customer relationships, and create tension between them and their reactive security provider.

The new way of delivering Managed IT Security Services is much more attractive and beneficial to clients, as the security provider actively seeks out and delivers security solutions to protect their clients’ data and environments from security incidents and manages security risk and response for a flat monthly fee.

Because the Managed Security Services Provider; or MSSP, assumes more risk in the relationship, if they are to be profitable, they must ensure their client’s security and reduce vulnerabilities.

As a result, the MSSP is more profitable when their clients experience less threats, and their business goals align with their clients’ in this respect.

This reality creates a much stronger business partnership than a typical vendor relationship for the MSSP and their clients and paves the way for acceptance as a Trusted Advisor.

What comprises a security offering and what are its benefits? 

A basic security portfolio typically includes Firewall Management, Anti-Virus and Anti-Malware solutions, desktop and server operating system security, Email Security, Web Content or URL Filtering, Mobile Security, Data security including Backups, end-user Security Awareness Training and more.

And there are a variety of advantages for a client when engaging an MSSP, including enjoying a high level of confidence that drives continued innovation in their organization, instead of worrying so much about security threats that this concern stifles growth strategies and activities.

Along with improving their compliance posture, clients enjoy rapid detection and remediation of threats at much lower costs than reactive, “after the event” security remediation services, and gain a stronger posture to reduce insider fraud and theft, along with guarding against data leakage.

In addition, a clear path and process to identify and quickly address security incidents brings clients peace of mind, and predictable monthly fees allow them to budget for security more effectively for the long term.

When presented properly to a prospect, these and other factors make a compelling argument to engage in a managed IT security services relationship.

Security Services bundling and pricing 

To provide the best opportunity to engage with as many prospects as possible while maintaining healthy margins, the MSSP will bundle and tier their services to offer various distinct packages, with each successively higher-priced option adding more qualitative value in terms of services and benefits, along with more attractive Service Level Agreements; or SLAs, that govern response time. This allows prospects to select the option that makes the most sense for their specific business needs, risk profile and budget.

There are several considerations for the MSSP when determining their pricing model, and they can price their services in several ways, such as per endpoint, per user or as the aforementioned tiered or bundled services. Or they may price strictly on value alone, with each opportunity quoted individually.

Their ultimate pricing strategy will also be informed by other factors, such as their SLAs’ response times and the hours they provide service to their client  – 8 to 5 Monday through Friday, 24×7, or on holidays or weekends.

Once the appropriate service bundle or tier is selected by the client, the MSSP will provide them a Scope of Work or SOW, that clearly defines what is included and covered in the service relationship, and what is not. Typically, the SOW covers all of the agreed-upon security maintenance and service work the MSSP delivers for the specified endpoints, devices and users within the SLA.

New users added, or new services or licenses installed or provisioned after service go-live normally fall outside the scope of an existing SOW, and will typically be added to the client’s overall agreement at an increased monthly fee by having the client authorize a new SOW or an addendum to the existing SOW.

And to preserve margins, best in class MSSPs will understand the true cost of delivering their services to their clients; including the cost of 3rd party security products and services they bundle into their offerings and establish a minimum desired margin for these deliverables.

Using a pricing calculator helps ensure margin attainment and speeds pricing activities. Once the minimum price is established for a client, the security sales professional will try to increase the ultimate price by using consultative sales techniques to sell on value.

The value of becoming the Trusted Advisor as an MSSP

A Trusted Advisor is a critical business asset for their clients, as they work to understand their client’s business needs and priorities and develop strategies to actively seek out solutions to improve daily workflows, processes and procedures and improve security to best assist their clients reduce risk and reach their business goals.

An effective Trusted Advisor earns their client’s loyalty by understanding their external competitive challenges as well as their internal operational challenges and works to help their clients advance their value proposition to their target market, improve client service, sales, marketing and back-office operational processes through technology to help their clients retain and expand their market base.

These are the reasons that MSSPs operating as mature Trusted Advisors are so successful at consistently identifying up-sell and cross-sell opportunities for new solutions to their clients while increasing their satisfaction.  Watch On-Demand Webinar #2IT Security Services Features and Benefits’ (URL:

Next time on Building a Profitable Security Services Offering: Part 3: Qualifying Prospects for Security Services and Solutions

About Erick Simpson

Co-Founder, Senior Vice President and CIO of MSP University and SPC International Online, Erick Simpson is a strategic IT business transformation specialist that improves top and bottom-line business performance by increasing operational and service efficiencies, helps build and grow new or improve existing MSP and Cloud business practices with proven sales and sales engineering, project management and help desk processes; and packaging, bundling and tiering profitable MRR service offerings.

30+ years of experience in the IT industry as an Enterprise CIO and one of the 1st pure-play MSPs in the industry (acquired in 2007), Erick is a business process improvement expert with hundreds of successful ITSP, MSP, Security and Cloud improvement engagements, and has worked with numerous clients on the buy, sell and integration sides of the M&A process.

A highly sought-after IT, Cloud, Security and Managed Services business growth specialist and speaker, Erick has authored over 40 business improvement best practice guides and 4 best-selling books, including “The Guide to a Successful Managed Services Practice”, the definitive book on Managed Services, and the follow-ups in his Managed Services Series “The Best I.T. Sales & Marketing BOOK EVER!” and “The Best I.T. Service Delivery BOOK EVER!” and “The Best NOC and Service Desk Operations BOOK EVER!”


Read More HERE