As changes — more connectivity, more capabilities and more threat actors (nation-state, domestic and nondomestic profiteers, script kiddies and malicious insiders) — the opportunities for systems integrators to resell recurring monthly revenue (RMR) has never been greater.
It’s finally understood that not only government and public and private corporations are getting breached. Poorly manufactured products (lest we discuss Russia, backdoors, deep fake video and banned IP-based cameras from China) have made clients very leery to purchase wireless home automation and security systems, and many corporations have banned new technology deployments entirely until cybersecurity issues are resolved.
Greater consumer education was always needed to identify threats and exposures to your customers. Recent focus on cybersecurity and tech innovation — including public awareness — has finally reached a point in time where security systems integrators can make solid choices on a toolbox of services that can be provided to drive sales and RMR.
The question to be asked is … Are your customers willing to pay for cybersecurity? The answer is yes! Just ahead is a deeper look at this enormous opportunity along with guidance for integrators to align themselves with cyber-driven revenue streams.
This mandate requires a third-party auditor to assess your company’s ability to protect confidential and unclassified information, otherwise known as “CUI.” If you are a security or alarm integrator, customers are willing to pay for cybersecurity.
According to Ken Kirschenbaum, principal of Kirschenbaum & Kirschenbaum and SSI columnist and Industry Hall of Famer, “Customers want to do business with integrators who install products that follow modern cybersecurity practices like secure encryption.”
Kirschenbaum has added language to all alarm contracts for K&K customers that states there is an additional fee that will be passed down and added to each account for providing encryption services for their clients.
He adds that soon customers will let you know that unless your company uses secure encryption in equipment that stores, processes or transmits data, and allow third-party cybersecurity review (monitoring and inspection that complies with industry guidelines), they won’t do business with your firm. Kirschenbaum’s final word to the wise: Eventually, this isn’t going to be optional, so get onboard now.
It would be helpful to advertise and market RMR services to your clients to identify which services are of most value. Remember, you already have a trusted relationship with the customer, and you are not a cold-caller. Let’s take a closer look …
The primary reason why your customers want third-party scanning is to check the system periodically for holes or gaps that would make them vulnerable to ransomware, data theft and data breach. Vulnerability scans are usually provided on a quarterly basis and are billed by the month based on the number of IP addresses and types of devices (hosts) on the network.
When you offer these types of services to your customers, you need to determine your service level agreement and the window of time that you are expected to restore the data. Many of these accounts are based on the importance of the data and its availability to the customer. As part of your agreement, you want to periodically test the data to ensure that the data being stored is recoverable and not corrupted.
Threat intelligence requires you to have a person dedicated on a part- or fulltime basis to review various open source tools and data feeds that report on types of exploits that are used to attack and disrupt hardware, software, and peripheral components. It applies to edge, field, middleware and core devices with your customer’s network.
Threat intelligence services are billed monthly after a risk assessment is provided for the customer to identify the types of data that needs to be collected and reported. It is helpful to define a format and data structure of how you will send and transmit this data to your customers.
News of great service travels fast, news of poor service travels faster when you get started. It is very important that you carefully evaluate your solution offerings to make sure that you have reliable partners and staff to launch your cybersecurity RMR program.