Interviews - News - Analysis: For successful growth with Managed Security Services

What does an ‘IT Security Assistance Program’ do and what is the ‘CEO Module’?

Volker Bentz, Managing Director of Brandmauer IT GmbH, talks about managed IT security and customer communication, the importance of choosing the right language and the right customer channels.

The importance of managed security services

Managed security services are outsourced services that include IT security tasks such as monitoring, management and response to security incidents. These services offer a comprehensive solution for companies that do not have the internal resources or expertise to manage their IT security themselves.

Advantages of MSS:

  1. Around-the-clock monitoring: Managed security services provide continuous monitoring and protection against threats, which is particularly important as cyberattacks can occur at any time.
  2. Access to expert knowledge: MSS providers have specialized experts who focus exclusively on IT security and thus ensure a higher level of protection.
  3. Cost efficiency: By outsourcing security functions, companies can save costs that would otherwise be incurred for setting up and maintaining an internal security infrastructure.
  4. Scalability: Managed security services are flexible and can be adapted to the needs and growth of the company.

 

Target group-oriented approaches

A key aspect of MSS is addressing specific target groups. IT security is an issue that affects all levels of a company, from management to end users. It is therefore important to segment and adapt the offers accordingly.

Example of an MSS program:

  • CEO module:
    This module focuses on strategic issues, budget planning and the development of a long-term IT security strategy.
    It aims to provide management with clarity and transparency.
  • Admin module:
    The focus here is on technical aspects, such as the implementation and administration of security solutions.
  • User module:
    Training and awareness-raising measures for end users to ensure that all employees understand and comply with the security guidelines.

The challenge of communication

As Volker Bentz, an expert in the field of IT security, emphasizes in an interview, communication is a key factor. IT security must be communicated in an understandable and non-technical language in order to effectively address the management. This requires a deep understanding of the target group and the ability to present complex topics in a simple way.

Effective communication strategies:

  1. Comprehensible language:
    avoid technical jargon and use simple, clear language.
  2. Use different channels:
    In addition to blogs and social media such as Facebook and Instagram, which appeal to different target groups, a presence on Twitter can also be useful for reaching a wider audience.
  3. Ongoing content creation:
    Regular creation and analysis of content to ensure relevance and reader interest.

 

The role of cyber insurance

Another important topic in IT security is cyber insurance. In view of the increasing number and severity of cyber attacks, many insurers have tightened their requirements or no longer offer policies. Companies must therefore ensure that they have robust security measures in place in order to be insurable at all.

Key points of cyber insurance:

Strict requirements:
Companies must meet certain security standards, such as two-factor authentication and patch management, to obtain an insurance policy.

Increase in insurance premiums:
The growing threat level is leading to higher premiums and stricter conditions on the part of insurers.

'I work with goals and making 1,000 customers safe is a goal I want to achieve. And I base my measures and all my activities on this goal. These must contribute to this goal of 1,000 companies.'

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Volker Bentz
Volker Bentz
BRANDMAUER IT GmbH
Olaf Kaiser:

What is your experience of the language used in your posts and in your communication?

Volker Bentz:

The topic of IT security is a matter for the boss and belongs on the management's desk, so we should also address it. That's why we deliberately chose to use non-technical language in the blog. For us as IT people, or for me, this was a shift towards simple, non-technical language, so that people who didn't grow up with IT can understand us. This is also something where we still face a challenge today, namely to develop our understanding of the target group to such an extent that we speak the language of our customers.

Olaf Kaiser:

You are talking about an IT Security Assistance Program. There is an admin module or a CEO module or a coaching module. Please explain what brought you to this form of presentation.

Volker Bentz:

IT security is a holistic process that I cannot limit to a specific group of people, for example the administrators, but has many addressees. It starts at the very top with the management, then goes through divisional management and reaches the users at the very bottom. And with IT security, I have an issue throughout all levels. So here too, I have to present things in a way that is appropriate for my target group. The CEO has completely different IT security requirements and I have to work with him on completely different topics than the administrator or the user. That's why we have sorted the whole thing into packages, so that the company can select the respective packages for its needs.

The CEO module deals with strategic issues. Where should the company develop? How should the company shape this path? And then we inevitably come to the question: What does this mean in terms of investment? What does that mean in terms of operating costs? We usually have discussions on a strategic level and we do this in the CEO module. In the CEO module, we also provide support with budget planning for the strategy that we have agreed with him. In other words, we develop an IT security strategy that covers a three- to five-year horizon. The CEO module works with the company on the topic of IT security in order to provide the management with a degree of clarity and transparency at this point. What steps, what milestones do we want to achieve, what budget do I need for this? This is a roadmap, so to speak.

And the moment we work with a CEO on this, we realize that the loss of control that the managing directors have experienced up to that point disappears, because the roadmap is suddenly transparent for them and they can sort it accordingly. With our help, he can also monitor his progress.

Olaf Kaiser:

In the CEO module, you perform strategy and consulting work. And you do this at a fixed price in advance and not on a time and material basis. How do you implement this?

Volker Bentz:

That's right, it's a subscription. The subscription has the advantage for us that we can respond to the company. This is an issue that can't simply be dealt with in three or four days; we have a year's work to do. As a rule, companies submit their business plans in late summer and we have to work on them.

This means that we start the discussions in May so that we can prepare the figures for September. And once the data is in the business plan, I have to make sure that things are incorporated into the project plans for the following financial year or calendar year in October and November. That means I always have phases during the year where I have to go in, where we have to be there to make things happen. So I need the subscription in order to work strategically with the company, with the managing director here, on the topic over the course of a year, because he also has different phases throughout the year in which he needs my support.

Olaf Kaiser:

You produce a lot of good content and, in addition to language, the communication channels are also important to you. Which channels do you rely on and what experience do you have?

Volker Bentz:

At the moment, we mainly rely on our blog and our subscriber count is around 1,200 readers, which we have regularly. We've built that up over the years. And, of course, we're clearly focusing on Facebook because it's our target group. We reach our managing directors as our readers via Facebook. But we are also active on Instagram. Because the companies, i.e. the people who leave university today, may be buying from us in five years' time.

And I can't ignore this channel. And then, of course, it's also very important to make the IT brand known as an employer brand. And Instagram is the channel where we are currently addressing our future employees. And when we talk about channels, we are not yet on Twitter, but we will also be on Twitter in the medium term. Content creation is an ongoing process for us, just like it is in any editorial office. We have an editorial plan, we think about the topics that could be interesting. What interests people, what is well read? We also regularly check our access figures, what went well, what didn't go so well?

It's a process that we've developed over the years and where 2 to 3 people are currently involved in producing and publishing the relevant content. From time to time, we also advertise an article that has gone particularly well. We then also put a bit of budget into it. That works quite well.

Olaf Kaiser:

I recently read that the time may come when insurers no longer insure IT security losses at all. What is your view on the cyber insurance aspect?

Volker Bentz:

The time has already come when some insurers are no longer offering insurance policies because they can no longer bear the risk. Because the amounts of damage are increasing and because the frequency is increasing. It is relatively difficult for cyber insurers to calculate and predict whether they will be able to cover the settlement with the premium they receive.

And this can be seen from the fact that insurers are constantly raising the bar under which they grant insurance cover. We have now reached the point where the insurance company says that if you have not implemented two-factor authentication and if you have not implemented the corresponding processes, if you have not implemented patch management and a whole host of other requirements, then you have a problem. Without fulfilling this catalog of requirements, you can no longer get an insurance policy.

MSP Journey · Managed Security Services · Sophos & Olaf Kaiser · Portraitbild Volker Bentz

Profile

With over 40 employees and large medium-sized companies as customers, we are one of the leading IT system houses in the Palatinate. We owe this above all to our versatility in the following areas: high-quality IT services, customized IT security solutions, and 24/7 real-time cyber protection. Customers throughout the DACH region select individual IT modules from these three mainstays. This can be a single module or a complete solution. We will find out what makes the most sense for you in a comprehensive analysis meeting with you.
Volker Bentz
Managing Director
BRANDMAUER IT GmbH
Im Gahnerb 3
76756 Bellheim

Related articles

The importance of starting the conversation

In this conversation, Mark Copeman discusses the importance of starting conversations and building trust in the MSP industry. He highlights the need for personalization and storytelling in marketing content. Mark also emphasizes the importance of nurturing conversations with existing clients and the role of webinars in marketing campaigns. He advises aligning marketing and sales efforts and predicts that the MSP market will become more competitive in the future.