CONTINUUM NAVIGATE — The security business is the Day 1 focus of Continuum Navigate 2018, and business is good for many of the 700 MSPs converged at Boston’s Seaport Hotel and World Trade Center. At the event, chief revenue officer Bob Kocis told Channel Futures that most of Continuum’s MSP partners are focused on increasing business with current clients versus seeking net-new, and that adding protection capabilities is a major part of that effort.

“We’re seeing security opportunities growing the fastest,” says Kocis. “It’s hard to find new clients. It’s a much longer sales cycle.”

Given the fast-changing nature of threats and the increasing number of products available to counter them, Kocis maintains that the small-to-midsize MSPs that he works with need a partner to offer best-of-breed security to SMB customers.

“Could they go build a SOC?” he asks. “They probably could. But I think they’d rather have us do it and focus on client-facing opportunities. I think that’s where we’re winning.”

Webroot, titanium sponsor of Navigate, and SentinelOne, in at silver level, are major suppliers to the Continuum security bundle, along with the EventTracker SIEM and SOCs in Atlanta and Punjab. And Kocis says the company’s investments in security are paying off.

“1.25 million endpoints and growing,” he said. “Seventy employees in our security division, up from almost none a year ago. We’re managing over 100,000 endpoints with our security. And 5,800 partners and growing.”

He says Continuum is one of the only providers actually doing remediation for the MSP and believes that, for partners that have a certain level of technical competency and want to be that virtual CIO, security is the opportunity.

Still, Kocis admits that the up-sell conversation can be challenging.

Robert Kocis

Robert Kocis

“Nine out of 10 MSPs are telling me, ‘Hey, the client says we already pay you for security, so why do we need to pay you for more?’” he says.

Gauging the success of a sales team is complex. Join us in Philadelphia next month, where You can also hear Gary Pica’s guidance on pricing managed services, security and cloud for maximum profit and attend dozens of other keynotes, conference sessions and networking opportunities. Check out the agenda now.

 The answer is that the landscape is changing so fast that SMBs, which are the focus of about 40 percent of attacks, according to Continuum, need additional layers of protection.

“The most progressive MSPs are realizing that security is a great conversation starter with SMB clients,” says IT and MSP consultant and blogger Richard Tubb, who has a global perspective. “MSPs in Europe are beginning the conversation with clients about GDPR, for instance, which then expands into a wider conversation about managed services and managed security. Security is the foot in the door.”

Jay Ryerse, CTO of the security products group and himself a former MSP, says attendees must increase the sophistication of the security capabilities on offer, including adding incident response as a service. It’s “one bill, one throat.

“SMB clients don’t want to buy IT services from one MSP and security from another,” says Ryerse, so providers that don’t have a plan to deliver comprehensive security to customers will be at a disadvantage.

Jay Ryerse

Jay Ryerse

Judging by the packed room for his session on building an MSSP business, attendees agree.

Profits & Pitfalls

“Selling security is about compelling events,” said Ryerse. Among the drivers to open a conversation: An incumbent provider was unable to recover a client from an attack, or the customer wants to enter a new line of business that comes with compliance challenges. That provides an opening to grab new budget — if the MSP has the sales acumen.

As CRO, Kocis often advises partners foundering on net-new business to take the step of hiring professionals.

“Most MSPs are very nervous to hire their first salesperson,” he said. “At some point, you have to invest in that capability if you’re a growing business and want to be a $5 million or a $10 million MSP.”

For an owner torn between hiring new technical staff versus partnering with a supplier like Continuum and investing in a sales team to earn that MSSP status, the numbers seem to support the latter path: Security spending is expected to grow at a rate of 14.5 percent year over year, and the billable rate for incident response is between $350 and $400 per hour, says Ryerse, with a typical per-TB ransomware recovery time of 39 hours. A virtual CISO fee can run $10,000 monthly. Yet Ryerse estimates negative 20 percent unemployment for security professionals, with 13 people needed to run a SOC in-house at average compensation hovering around $100,000.

That could buy a lot of sales and marketing.

“The [MSPs] that we’re seeing get to $10 million the fastest are the ones who created that small team of sales and marketing professionals,” said Kocis. “With that said, I caution people not to waste money. It’s really easy to throw X amount of dollars at sales and get no return on your investment. You need to have metrics.”