Selling termed licences escalated – Rob Oud (Datasvar)

We had the pleasure of speaking with Rob Oud, Managing Director at Datasvar in Norway, about his journey to providing 90% of customers with Managed Security Services. The next milestone for Rob Oud is to expand the use of MDR to almost all of his customers.
Olaf: So of this whole range of possible security solutions, you took your choice. So which did you put in your Datasvar portfolio to provide it to your customers?

Rob: Yeah, also, yeah, like most other Sophos partners, I guess we started by selling termed licenses on the mostly on endpoint licenses to protect with Sophos Intercept X, that kind of things. And this escalated and today we exclusively sell MSP services. Mostly it’s Intercept X we deliver together with other software services.

This usually starts with a few end point licenses what the customer needs and of course this escalates quickly that they need more services and more security solutions for the company. So then firewall comes into play and access points and email protection and so forth.

So your focus is in this small business environment. Regarding this there are a lot of possible services. And in terms of communication and conversations with this SMB customers and prospects, do you bundle these services?

Yeah, we have tried putting everything what we deliver in packages, but with not a fixed price. We have packages which contains Office 365 with a backup solution and endpoint security solutions, for example. So, we have many packages that we deliver to our clients. In most cases we make like a technical package where we invoice the exact services which are included into the package. So we don’t bundle up the prices as maybe other IT providers do.

 

Do you have some kind of security assessment as a starting point to be aligned from your experience as an IT expert and from the view of the customer so that you come on the same page with the customer what he really needs from you?

Yes, we do regular health checks and we do make a kind of a report after a security or a health check. And then we come up with a recommended plan for the customer in which they can, for example, three different plans. Heavy duty plan or just a simple security solution.

Play Video
When I see what’s in the press, cyber attacks on larger corporations or government agencies are the majority of the reportings what we all can read on a daily basis. But I guess that small businesses are on the one hand more vulnerable and they probably suffer more if they were breached. So do you feel this in your conversation with your clients that they also have this view on being more vulnerable?

No, I think most small companies would initially think that I’m a small unimportant company and hacking would not happen to me. I think that would be like the, I think that would be the thought in most cases. But reports say different, you know, they are easy targets, because they haven’t spent as much money on security. So luckily we are very focused on security. So this is kind of the first thing that we deliver to all our customers to protect them from any harm.

 

Just this morning I saw a report from Sophos with some statistics on these SMB and really small companies that they absolutely will be daily under attack from these threat actors. So if you compare speaking about or mentioning this and statistics in a customer conversation, what resonates more with you in this client dialogues?

Well, most cases it’s the latter option you said. We try to make a comparison with another same sized company and bring up, for example, a case that we knew about from before. So we don’t use the statistics that much, to be honest.

And of course we use MDR and are protected with firewalls and everything so we don’t have that many attacks at all to be honest. I can say the same for my clients. I think I would guess about 90 percent of all our clients are protected with Sophos and I haven’t heard any incidents in years to be honest. We had one MDR incident yesterday that’s kind of that that’s the one we had.

It was a phishing attack, which one of the end users of our client clicked and went into some mysterious webpage. This triggered a signal into the MDR team of Sophos, which kind of handled the situation immediately, because that’s how the customers was set up. So this was kind of over before you knew it kind of situation. I know that the end user was immediately isolated from other end users in the same company. The MDR took some kind of action to make sure the scan was set up and everything is checked and it was over in minutes to be honest.

 

Because we’re speaking about users and you mentioned phishing. Are regular awareness campaigns, phishing mails etc. also part of your service packages?

Yeah, this is something we regularly take up with our customers just to explain and give some lesson if you will to what to look for when you are unsure of some phishing emails. Of course most of our customers are also protected with the email gateway from Sophos. In most cases they don’t even reach the end user but you have an hour then when it does reach through and then yeah so we try to train all our customers to look for for malicious email when they get from unknown sources.