Interviews - News - Analysis: For successful growth with Managed Security Services
MSP Journey · Exploring the truth · Managed Security Services · Logo
Premium Content
learn more

History and data analysis are crucial for contract design

Managed Security Services: The journey into the future of IT security We spoke to Marc Frank, department head at Steep GmbH, a company with over 800 employees and an impressive range of IT services through to defense solutions. His experience shows how IT service providers can successfully implement managed security services – even if you […]

Managed Security Services: The journey into the future of IT security

We spoke to Marc Frank, department head at Steep GmbH, a company with over 800 employees and an impressive range of IT services through to defense solutions. His experience shows how IT service providers can successfully implement managed security services – even if you start from scratch.

The beginning: From license sales to services with added value

Marc Frank describes the starting point at Steep as follows: “When I started in 2021, the IT department was still geared towards classic license sales. Customers received software and hardware, but there was a lack of long-term support.” A crucial step was to develop standardized service contracts from recurring activities. For example, the first managed service contract for firewall updates was introduced, which was very well received by customers.

His tip for IT service providers who want to start: “Look at your systems. What services do you provide frequently? Which could be mapped on a recurring basis? Start small, for example with a manageable service such as updates or vulnerability scans.”

Challenge: Get everyone on board

A key success factor was convincing the stakeholders – from management to sales to technicians. Marc explains: “Sales is convinced with efficiency: standardized offers save time and nerves. The technicians, in turn, appreciate clearly defined processes and know exactly what to do – and what not to do.”

Structured communication is the key here. Technicians were involved at an early stage to make the service portfolio realistic. This enabled everyone involved to get behind the new models.

Stumbling blocks and lessons learned

“The biggest mistake is to set the complexity too high,” warns Marc Frank. In the initial phase, it is essential to draw clear boundaries about what a service includes – and what it does not. “We have learned to define exactly what is included in our service contracts. This protects against false expectations and misunderstandings.”

Another tip: Start with customers you know well. “We only offer managed services if we have thoroughly analyzed the customer’s IT beforehand. An unclear starting situation otherwise leads to problems.”

Looking ahead: What does the future hold?

For Steep, the introduction of a traffic light system for security reports is on the agenda for the coming year. “Reports and transparency create trust. Customers want to see what has been done for them. With a traffic light system, we give them a simple overview of the state of their IT security.”

Another topic is preparing for regulatory requirements such as the NIS-2 directive. Marc emphasizes: “We help our customers not only to be technically secure, but also to provide the documentation and processes necessary for audits.”

  • Highlights in 90 Seconds

Take a look at your systems. Which services do you provide frequently? Which ones could be mapped on a recurring basis? Start small, for example with a manageable service such as updates or vulnerability scans.

Marc Frank
steep GmbH
  • Our expert's main points
Olaf Kaiser:

Good morning, Marc. Thank you for taking the time today to tell us about your journey towards Managed Services. You are a company with a unique set-up and an impressive journey. Before we get started, please introduce yourself and tell us a bit about your company.

Marc Frank:

Good morning! My name is Marc Frank, I am 47 years old and have been working in the IT system house business for 25 years. During this time, I have witnessed many technological developments - a very exciting journey. I work at Steep GmbH, a broad-based company with around 800 employees and around 35 locations. Our head office is in Bonn, while the largest branch offices are in Ulm, Schrobenhausen and Ottobrunn.
Our business areas are diverse: from defense solutions such as deployable airports and control systems for the German Armed Forces to training services for large automotive companies, facility management and, of course, IT services. In the IT department, which I manage, we have 30 employees and four teams: Helpdesk, Cybersecurity, Data Center and System Administration. Our portfolio ranges from printers and firewalls to backup solutions.

Olaf Kaiser:

Your broad spectrum is impressive. How did you come to focus more on managed security services?

Marc Frank:

When I started at Steep on January 1, 2021, I was already familiar with modern managed service approaches, as I had introduced them in my previous company. At Steep, I found a more traditional sales model: We sold licenses and hardware without offering in-depth services. I wanted to change that.
One important step was to streamline our portfolio. Previously, it was very diversified, which reduced efficiency. When it comes to security issues, every detail matters - every tick can be crucial. That's why it was essential to set clear standards and focus on managed security service

Olaf Kaiser:

How did you convince the management and your team to take this new path?

Marc Frank:

You reach different people with different triggers. I won over management with efficiency arguments: standardized services are more economical because they simplify processes and save time. I was able to convince sales by showing them that predefined offers and price lists make their day-to-day work easier. And the technicians? They were happy that they no longer had to look after each customer individually, but had clear processes and onboarding guidelines. This meant that everyone knew exactly what to do - and also what not to do.

Olaf Kaiser:

Were there any stumbling blocks along the way? What advice would you give to other IT service providers who want to develop in this direction?

Marc Frank:

The biggest mistake is to start too complex. In the initial phase, it is important to clearly define what a service contract covers - and what it does not. Clear communication protects against misunderstandings. We have learned that customers' expectations often go beyond what we originally offered. That's why we now explicitly state in our contracts what is not included.
Another tip: start small. Our first managed service was a contract for firewall updates. We saw that many customers regularly requested this service, so we standardized it and offered it as a service. The success was overwhelming.

Olaf Kaiser:

How did you get customers excited about these new services?

Marc Frank:

We know our customers very well because we often look after them face-to-face. That is a great advantage. Another recipe for success was a free security check, which we offered to many customers. This enabled us to identify weak points and offer targeted services to rectify them. It is important that the customer understands the added value of the service - and this is best achieved through transparency and clear reports.

Olaf Kaiser:

Speaking of reports: How do you make sure that customers can understand the results of your work?

Marc Frank:

Transparency is crucial. We produce regular reports on the state of our customers' IT security. In future, we would like to introduce a traffic light system that shows customers at a glance how secure their IT is. This creates trust and shows the added value of our services.

Olaf Kaiser:

What is your strategy for 2025? What topics are on the agenda?

Marc Frank:

One major topic is the integration of new security solutions into our portfolio, such as internal vulnerability scans. We also want to support our customers even more with regulatory requirements such as the NIS 2 directive. This is not just about technical security, but also about documenting and verifying the necessary processes

Olaf Kaiser:

In conclusion: What tips would you give IT service providers who want to get started with managed security services in the coming year?

Marc Frank:

The most important thing is the mindset. Create a clear vision and take your team with you. Involve both sales and technicians in the development of the services. Start small and grow organically. With a clear strategy and a motivated team, you can achieve great success.

  • The full video interview
  • Let's hear it
Apple Podcast
Spotify Podcast

Profile

steep GmbH is an internationally successful technical service provider with more than 35 locations and around 800 employees in Germany and Europe. Our strength is the project business, in which we analyze all requirements, take on all relevant tasks and implement an ideally tailored solution for our customers in close coordination. In addition to the key services listed below, steep GmbH is characterized by a wide range of expertise. By combining the individual business areas, you benefit from the unique opportunity to have all coordinated individual services in a holistic solution from a single source.
Marc Frank
Abteilungsleiter Service&Projekte
steep GmbH
Justus-von-Liebig-Straße 18
53121 Bonn, Germany

Related articles

Business Transformation

We want control.

When we have more control over things, and it sounds a bit strange that we want to have that control, we do it because it allows us to move the infrastructures that are a problem. For us, it was all about making sure that the people with us who provide the technology and the service cover the issue as quickly as possible and lose less time.

WEITERLESEN ➝
Business Transformation

Appetite for risk.

Jason Fry, who has already sold an IT company in the UK and has been successful in the UK market with his start-up adnitor since 2019, talks about the managed security aspects that are important to him. Jason says, among other things, "we understand that the traditional way of supporting and managing IT needs to change". And what are the most important security services for him and what makes them successful? What is the "customer experience level" that is important to him as a supplement to the technical SLA?

WEITERLESEN ➝

Recommended articles

Tell a friend

LinkedIn
XING
X
WhatsApp
Email

About MSP-Journey

MSP-JOURNEY is the information portal for all managers in the IT channel who want to grow and transform their business with managed security services.

The unique concept of MSP-JOURNEY is that those who successfully implement this business on a daily basis have their say and know what they are talking about: the decision-makers at IT service providers and MSPs.

As managed service and security specialists, we analyze SOPHOS and Systemhaus Coach Olaf Kaiser analyze the success factors for growth with managed security services. To give system houses and MSPs an easier and more effective way to reach their customers and their individual growth, the articles are made accessible and searchable in different categories.

Supported by