Email Security: A Hotbed Of Sales For MSPs
By Gennifer Biggs, Business Solutions Magazine
Compliance laws and regulations regarding email security are helping to drive 30% growth for this managed services provider (MSP).
Protecting your customers’ networks used to be straightforward; you simply deployed antispam and antivirus protection to keep threats from sliding into the IT environment via sneaky email attachments and links. But now that process has evolved into a complex, multidimensional security challenge for solutions providers. Just ask Steve Winter, founder and president of ERGOS Technology, who has tracked the progression of both security technology and threats and discovered that protecting his customers’ networks better can really pay off in revenue growth.
When ERGOS opened its doors in 1997, the world of smartphones, mobile workers, multiple email accounts, and on-the-go computing simply didn’t exist. “Even five years ago we didn’t have remote monitoring capabilities; it was all on-site care, and our biggest problem was making sure our clients’ email was backed up,” explains Winter. “There wasn’t any talk of archiving, indexing, eDiscovery — none of that was on anyone’s radar.” Today, that has all changed. Businesses of all sizes are tasked with archiving and making available on demand — due to eDiscovery and compliance laws — any number of email communications. Winter admits that it can be a challenge for a solutions provider to keep tabs on all the regulations that may impact a business’ email solutions. Is the customer a financial institution? Does it face SEC regulations? If a client is a medical facility, what records does it have to keep and for how long? For ERGOS, much of that guidance comes from its vendor partners, in particular Spam Soap (see sidebar), which provides the email security solutions leveraged by the MSP. Overall, the increased security demands have been a boon for ERGOS — pushing it toward a multimillion-dollar increase in revenue this year. But that revenue increase was only possible after the MSP stepped up its security knowledge and IT offerings and turned the shifting security landscape into an opportunity to upsell.
Due Diligence Essential To Comprehensive Email Security
For ERGOS, the impact of litigation on the archiving and accessing of email hit home more than a decade ago. Based in Houston, the MSP had front-row seats to the Enron scandal in 2001. It was that scandal, which revolved around systematic accounting fraud and corporate corruption, which led to the passage of the Sarbanes-Oxley Act (SOX). Within the SOX legislation are strict standards for all public companies, including more open access to financial records, internal communications, and corporate governance. “Even though we don’t deal with a lot of public companies, the impact of SOX pushes down through SMB customers, and because the scandal and subsequent legislation was on the front page here, it raised awareness with our customers,” explains Winter.
ERGOS began to evaluate its email security offering on several fronts as it realized that email filtering was no longer enough to fully protect customer environments. The MSP engaged with existing customers to discuss what email-specific requirements impacted their business. To accomplish that, ERGOS hosts periodic business reviews with every customer to examine and discuss what has changed within a customer’s business that could impact email security needs, as well as talking about what might have changed in terms of laws impacting that customer’s vertical. To uncover where email security policies should evolve and, thus, discover opportunities to upsell, Winter says his sales team uses questions such as, What is changing in your business?, Do you have new satellite offices?, Is yours a mobile workforce? “Ideally, you want to use these questions to identify opportunities beyond basic email security, such as how they are communicating securely between satellite offices, how they are handling archiving and indexing of email when they have mobile workers, whether they allow social media in the office, and what line of business apps connects into email, such as CRM (customer relationship management), which may pose a security threat,” Winter explains. The simple reality is that today you can get corporate email at the office, at home, on your iPad, iPhone, or even on a kiosk somewhere. And when you are looking at that many devices and access points, security and archiving needs are bound to change.
Beyond talking to customers to keep one step ahead of email security issues, ERGOS keeps tabs on compliance laws and other regulations through open communications with its vendor partners, peer groups such as HTG (Heartland Technology Group), and its distributor, Ingram Micro, which maintains a business unit dedicated to heavily regulated verticals in the public sector, including government, healthcare, and education. “We really keep our ears and eyes open, plus we work especially closely with our clients who share our interest in compliance, such as our legal and financial customers,” adds Winter.
Shifting Email Security Needs Impact Bottom Line
Despite the due diligence required to stay abreast of the ongoing evolution of email security needs, Winter says email security sales are foundational to ERGOS growth and continue to be a linchpin in the business. “Email has been and probably will always be the killer application that every single business needs and the reason we’re in business. We use it to open doors and then to open them wider,” explains Winter. In fact, ERGOS has seen email security lead to more in-depth relationships with existing customers as well as bringing in new business. “Staying on top of email security enhances our status as a trusted advisor, especially as we continue to bring innovation to our customers with the help of our vendor partners.”
Over the past few years, ERGOS has watched email security — the spam and virus filtering of old — evolve to include a robust recovery element as well as other security technologies. “What we sell as a company is continuity of operations. It’s all about recovery of data and how we can keep the client going even if something knocks their email server offline,” says Winter. “We can walk into the door and show them a full suite of solutions that empower continuity of operations, bundled and priced as a comprehensive managed offering. It is the mission-critical app that clients care most about and that leads us to the other solutions we have for continuity.”
In ERGOS’ experience, email security typically leads to conversations with customers about retaining and readily accessing email, a service necessitated by eDiscovery and laws such as SOX. With that solution in place, the next step is often privacy issues and encryption services that resolve questions about securely communicating cvxabout patients, healthcare information, credit cards, etc.
Winter notes that the compliance landscape in many of its key verticals, such as energy, financial services, legal, healthcare, nonprofits, and education, is constantly shifting. Consequently, enhanced security technologies, as well as well-defined internal email usage policies, are always in demand. “We’ve found that offering consulting around policy development and enforcement is another value-add for us,” he explains. “In particular, we focus on what our customer’s email policy is and how it is documented.” For example, are employees responsible for purging their own email? Do devices used by employees outside the office require provisioning by the internal IT staff or the organization’s MSP in order to ensure security compliance levels? What is the business policy of personal versus organizational email and retention of those communications? “We believe part of our responsibility as an MSP is to make our customers aware of any potential security risks, help them understand what they need to be thinking about regarding these issues, and even provide them with recommendations for other experts,” says Winter. “Then we help to reinforce those policies on the technology end.”
Email Security: A Greenfield Of Opportunity
Winter is confident the ongoing opportunity regarding email security needs is only just beginning. While encryption is still gaining traction, other trends are driving email security needs in different directions. The growing desire of SMBs to move email to the cloud, eDiscovery rules that are expanding in scope, and the closer scrutiny of text messaging and social media as official corporate communications are all examples of trends affecting email security. “With email remaining the preferred method of business communications, we are only going to see more and more regulations,” says Winter. “It is the one app all businesses have, and until that changes, we’ll be busy.”