Managed service providers (MSPs) looking for a rich vein of underutilized market opportunities should examine the business case for delivering IoT security and risk management.
So many potential MSP clients already have the traditional bases covered when it comes to security information and event management (SIEM), endpoint protection, data loss prevention (DLP), and identity management. Some or all of these areas probably represent your current IT security portfolio and key offerings to your current and potential clients.
Meanwhile, as these businesses increasingly add IoT devices and equipment to their networks, security is an accelerating concern—but one that has thus far remained less commonly addressed by managed service providers. Gaining access to the IoT market means potentially adding clients across the retail, banking, manufacturing, transportation, logistics, healthcare, and government sectors. While these clients may have the big four bases of SIEM, endpoint, DLP, and identity management protected, IoT represents a crucial fifth beachhead, one that cannot be defended with traditional security tooling and methods. MSP leaders can approach these clients with a heads-up, “I can give you continual insight into a whole area of your organization’s network where you have no visibility today. Your IoT devices and systems have vulnerabilities you don’t know about, and an ounce of prevention is worth a pound of significantly more costly cures down the road.”
Be your clients’ rock
With the IoT, fully-effective security requires tools and expertise that many businesses would be hard-pressed to achieve internally. From sensors, cameras, and monitoring devices to mundane printers and more, businesses’ IoT deployments comprise an especially vast attack surface that requires a robust IoT-specific security strategy.
I’ll give one small example that illustrates this point. A vulnerability affecting IoT printers, one that’s been known since 2021, is still exploited by attackers today. Many businesses simply haven’t addressed it. Most likely, that’s because they lack the visibility needed to recognize the risk and take steps to protect themselves. Using the available exploit technique, attackers can (and do) re-spool the printer and then print off a business’s sensitive data or intellectual property.
This goes to show the ingenuity and surprise angles at which IoT risks can arrive, and why businesses that aren’t currently protected should absolutely enlist MSP expertise. Businesses with unprotected IoT environments have a pipe full of muck running through their operations and threatening to make a huge mess, with no visibility into it and no idea how to clean it up. MSPs can make sure clients can expose IoT threats, and bring the expert support it takes to mitigate vulnerabilities and make operations run clean as IoT deployments scale.
Don’t sell on scare tactics
Rather than trying to frighten businesses with horror stories of IoT security failures, I find a positive approach to be more effective. Focusing on the costs clients can avoid by having the right protections in place resonates more and builds trust. Certainly, no business wants to pay regulatory fines or end up named in media headlines as a sieve for sensitive data. That said, business leaders with IoT environments are more likely to approve MSP services when they can focus on the benefits of cost savings rather than the threat of potential risks.
Here’s an example of what that cost savings can look like. An MSP friend has a customer who manages thousands of kiosks located in big-box retail stores. Unfortunately, those kiosks run on Windows 7 and connect to a network, making them IoT devices and potential soft targets for attackers. The client projected a cost of $6 million to replace the kiosks with modernized devices. However, the estimate to add MSP-provided IoT security and risk management came in at a tiny fraction of that cost (approximately one-twentieth) per year. That option means saving millions in capex costs, in addition to the continuity advantages of avoiding a massive technology replacement. That’s the kind of stark benefit in real dollars that can make enlisting an MSP for IoT security a no-brainer.
A clear business case and ROI opportunity
For MSPs, making the investments required to build IoT security capabilities unlocks potential dividends across a number of fronts. IoT-security MSPs gain a clear competitive differentiator as forward-thinking technology partners and early experts in an emerging field that will only grow. That competitive advantage can help you win new high-value clients. These clients are often willing to pay a premium for specialized IoT protections and hard-to-find expertise. And because IoT security requires continuous monitoring and risk management, those income streams are continuous as well. Securing clients’ IoT environments also lays the foundation for future opportunities. It opens the door to offering additional services like IoT strategy guidance and data analysis.
By claiming a market position as a go-to for comprehensive IoT security, an MSP can increase its revenue per client and establish stronger and more lasting client relationships by fulfilling this crucial need.
Photo: jirsak / Shutterstock
This post originally appeared on Smarter MSP.