Business Security

The MSP Guide to Building Your Managed Security Services

Erik Preisser, 26 September 2018

Part 2: Key Pricing Strategies for Your Managed Security Services

If you are thinking of reshaping your business into an MSP (managed service provider) that offers managed security services to SMB clients, your timing could not be better. Small to medium-sized businesses are in dire need of cybersecurity, and they are looking for MSPs that understand their unique needs and can offer the protection they require. In our first post on building managed security services, we discussed the proper defining and bundling of typical MSP-offered services. In this part, we explore key pricing strategies for managed security.

Just as bundling your security services reduces complexity for your customers, your pricing strategy should also be clear and understandable. Pricing should be dictated by your business needs, existing costs, quality of your services, and ultimately the value you deliver. A good best practice to follow is to ensure your pricing reflects the true value of your services without the influence of competitor rates.  

While there are several pricing models used in the MSP market today — per device, per user, flat rate, or a value-add approach — it really comes down to determining the model that works best for your business and the clients you serve. In our new white paper The MSP Guide to Building Your Managed Security Services, we lay out and break down the key cost categories you need to include in your price calculations in order to determine total cost and true value for your services.

Assigning markups  

Once you have a good picture of the costs to run your business and deliver security services, you should also evaluate the markup you will assign to your service bundles. A good rule of thumb here is to consider the types of SMBs you currently serve — number of users, locations, data, type of business, and any ongoing support costs.

Risks should be considered as well in terms of complexity or age of their IT infrastructure or level of attention required. There are other considerations to keep in mind including highly sensitive data, critical uptime, network monitoring requirements, and high-touch clients. Learn more from the full white paper, and stay tuned for our next piece in this series, which explores best practices for marketing your security services.