2 min read

Six steps to building an effective SMB security practice

Follow these steps and you're on your way to a potentially lucrative and recurring revenue stream

MARKHAM, ONT . — Industry IT channel expert Mark Williams was a presenter at Intel Corp.‘s (NASDAQ: INTC) first-ever SMB security channel event this week, and he outlined some key steps on how partners can build an effective SMB security solutions practice.

Partners who are looking to build a security practice must first realize they’re not selling security products, but instead, they’re selling IT security solutions to end-users, Williams said.

“Selling security is different from selling a typical IT solution because you often have to convince the customer they have a security problem in the first place,” Williams said.

If partners follow these steps, Williams said they’re that much closer to establishing a solid practice in security: understand why SMBs buy IT security, develop a repeatable security methodology, leverage multiple security technologies, optimize your security practice, build a security sales process and apply best practices in real-world scenarios.

Williams outlined two paths to IT security opportunity: just providing secure solutions and acting as a security specialist. While the former offers faster ramp up and sales cycle times, the con to this model is that the partner has less specialist credibility. This differs from the latter, where specialized partners have expert-status and credibility because of the relevant skills and training required. The cons to this sales strategy are that it’s a costlier ramp up process and it often takes more time. While a partner can make money when they use either of these sales strategies, security specialists who build a practice around security will be more likely to see recurring revenues and long-standing relationships with their customers.

So what makes up a security practice? Williams said it’s many things.

“A security practice consists of assistance and planning, solution sales and implementation, active security monitoring and security incident response,” he said. “Revenue is derived from a combination of product sales and services engagements.”

In terms of SMB budgets, it’s no secret that these businesses don’t have that much money to spend. Partners can address SMB IT security needs by helping these companies prioritize their environments.

“Ask your customers questions and understand their IT strategy and intentions,” Williams said. “Identify recent security events, determine business and IT priorities and do a security assessment.”

Furthermore, partners can help their customers rank the importance of what they feel their top security and custom priorities are.

“Apply a consistent numerical scoring system for low, normal and high risk to measure each priority factor and then calculate these using a balanced scorecard for your customer,” he said.

Williams said today, most SMB customers only think of one or two security dimensions for their business. As the partner, your opportunity comes once you start asking them questions. Think about what security drivers matter most to your end-user customer, what security technologies and controls they already have in place and what short-term solutions can be implemented to immediately improve their security profile.

“It’s virtually impossible to address every single ‘possible’ vulnerability, so SMBs need to focus on what’s most likely to happen to them,” Williams said. “Do an assessment with your customers to show them where there are potential risks, vulnerabilities and threats. There’s a potential for services opportunities if you do this well.”

Perhaps most importantly, Williams advises partners to not bite off more than what they can chew.

“Go through an inventory of what you do today and what skills you have to create a methodology,” he said. “Also make sure you have a detailed plan to track, measure and adapt so you can keep up.”

Follow Maxine Cheung on Twitter: @MaxineCheungCDN.