Interviews - News - Analysis: For successful growth with Managed Security Services

Sale of temporary licenses escalates

We had the pleasure of speaking with Rob Oud, Managing Director of Datasvar in Norway, about his journey to providing 90% of customers with Managed Security Services. The next milestone for Rob is to expand the use of MDR to almost all of his customers.

Why MSS are particularly important for small and medium-sized enterprises (SMEs)

According to Rob Oud, small businesses tend to underestimate their own vulnerability to cyber attacks. They often think that they are too small and insignificant to be the target of an attack. However, the reality is different: Small companies are often easier to attack because they invest less in their IT security. This is where MSS come into play.

How MSS work: A practical example

Rob explains that the implementation of MSS often starts with the provision of basic security solutions such as endpoint security. This is then extended to include other services such as firewalls, access points and email protection. A practical example shows how effective MSS can be: A customer clicked on a phishing email that triggered an alert. Thanks to Sophos’s integrated Managed Detection and Response (MDR), the attack was detected immediately and the affected user was isolated. The threat was eliminated within a few minutes.

Packages and individuality: flexibility is the key

Another important aspect of MSS is its flexibility when it comes to quoting. Instead of charging fixed prices, Rob Oud offers customized packages that are tailored to the customer’s specific needs. For example, a typical package could include Office 365, a backup solution and endpoint security. This approach makes it possible to offer customers exactly the services they need without incurring unnecessary costs.

Safety assessments as a starting point

To ensure that clients’ safety needs are fully understood, Rob carries out regular safety assessments and health checks. Based on these assessments, he produces reports and recommends appropriate security plans. These plans range from basic security solutions to high-performance plans and help clients make informed decisions.

Raising awareness: end user training

An often neglected but critical aspect of IT security is end user training. Regular awareness campaigns and training on topics such as phishing are part of Rob’s service package. These training sessions help to raise users’ awareness of security threats and improve their ability to respond.

'We had an MDR incident yesterday, which was pretty much the only one we've had. It was a phishing attack where one of our customer's end users clicked on a mysterious website.
This triggered a signal to the Sophos MDR team, who immediately took control of the situation as the customer was configured that way. So the situation was over in no time.'

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Rob Oud
Rob Oud
Datasvar
Olaf Kaiser:

So you have made a selection from the whole range of possible security solutions. Which of these have you included in your Datasvar portfolio to offer to your customers?

Rob Oud:

Yes, and like most other Sophos partners, I think we started out selling runtime licenses, mainly endpoint licenses for protection with Sophos Intercept X and similar products. That has expanded and today we only sell MSP services. Most of the time we offer Intercept X together with other software services. Usually it starts with a few endpoint licenses that the customer needs, and of course that grows quickly, so they need more services and more security solutions for their business. Then firewalls and access points come into play and email protection and so on.

Olaf Kaiser:

So you focus on the small business environment. There are a lot of possible services there. And when it comes to communicating and talking to these SME customers and interested parties, do you bundle these services?

Rob Oud:

Yes, we have tried to put everything we offer into packages, but without a fixed price. We have packages that include Office 365 with a backup solution and endpoint security solutions, for example. So we have many packages that we offer our customers. In most cases, we put together something like a technical package where we charge for exactly the services that are included in the package. So we don't bundle prices, as other IT providers might do.

Olaf Kaiser:

Do you carry out a kind of security analysis to compare your experience as IT experts with the customer's point of view, so that you are on the same wavelength as the customer and know what they really need from you?

Rob Oud:

Yes, we do regular health checks and after a safety or health check we produce a kind of report. And then we create a recommended plan for the customer, which can have three different plans, for example. A high-performance plan or a simple safety solution.

Olaf Kaiser:

When I look at the press, cyber attacks on large companies or government agencies make up the majority of the reports we all read on a daily basis. But I suspect that smaller companies are more vulnerable and probably suffer more when they are hacked. When you talk to your customers, do you get the impression that they also feel more vulnerable?

Rob Oud:

No, I think most small businesses initially think I'm a small, insignificant business and won't get hacked. I think that's true in most cases. But the reports say otherwise: they're an easy target because they haven't spent that much money on security. Fortunately, we are very concerned about security. It's sort of the first thing we offer our customers to protect them from harm.

Olaf Kaiser:

Just this morning I saw a report from Sophos that has some statistics on SMBs and really small businesses that are being attacked by these threat actors on a daily basis. When you bring this up in a client meeting or mention the statistics, what comes across best?

Rob Oud:

Well, in most cases it's the last point. We try to make a comparison with another company of the same size and mention, for example, a case that we have seen before. To be honest, we don't use statistics that often. And of course we use MDR and are protected by firewalls and stuff, so honestly we don't have that many attacks. I can say the same thing about my customers. I would estimate that about 90 percent of our customers are protected with Sophos, and I honestly haven't heard of an incident in years. We had an MDR incident yesterday, that's the only one we've had.

It was a phishing attack where an end user of one of our customers clicked on a mysterious website. This triggered a signal to the Sophos MDR team, who immediately took control of the situation as the customer was configured that way. So the situation was over in a flash. I know the end user was immediately isolated from other end users in the same organization. The MDR took action to make sure the scan was set up and everything was verified, and honestly it was over in minutes. Speaking of users, and you mentioned phishing.

Olaf Kaiser:

Are regular awareness campaigns, phishing e-mails etc. also part of your service packages?

Rob Oud:

Yes, this is something we regularly discuss with our customers to educate them and teach them a lesson, so to speak.

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Rob Oud

Profile

Datasvar is an IT company that provides you with personal and future-oriented advice so that you as a customer can benefit from more time and automation in your company. We supply technological products such as Microsoft365, security solutions, ERP systems, CRM systems, payroll systems and much more. We help you in your everyday digital life.
Rob Oud
Managing Director
Datasvar
Avd. Oslo, Ole Deviksvei 10
0666 Oslo

Related articles

Appetite for risk.

Jason Fry, who has already sold an IT company in the UK and has been successful in the UK market with his start-up adnitor since 2019, talks about the managed security aspects that are important to him. Jason says, among other things, "we understand that the traditional way of supporting and managing IT needs to change". And what are the most important security services for him and what makes them successful? What is the "customer experience level" that is important to him as a supplement to the technical SLA?