Trent Schwartz (SkyKick): Welcome to the state of MSP security, where we have industry experts discuss the cloud security industry. I'm your SkyKick host, Trent Schwartz. Today, our guest is Brian Minker, who joins us from SkyKick partner, Able Technology Partners. Thanks for joining us today, Brian. A few words about yourself.
Brian Minker (Able Technology Partners): Sure.
Again, I'm Brian Minker. I'm a partner at Able Technology Partners. We're an MSP that services the Philadelphia market area, and we've recently started delving into the world of security for our customers a lot more than we have in the past.
Trent Schwartz (SkyKick): Yeah, the industry is trending up, isn't it? Um, what, recent trends are you seeing in the cyber security industry?
Brian Minker (Able Technology Partners): Uh, really a lot more demand for it. Um, in the past, it was kind of a hard push to get customers to pay more attention to security and to consider spending money on it, unless they had an incident already. And then it was kind of too late, but at least they were. Educated and willing to talk about it more, but now with there's a lot more media coverage now, data breaches being being kind of like a regular occurrence.
It's just getting a lot easier.
Trent Schwartz (SkyKick): Yeah. Are you guys dealing with a lot of actual cyber security incidents?
Brian Minker (Able Technology Partners): Not many? Um, we have always kind of tried to have a baseline security that we require customers to have. It's just that it's evolved to be a lot more than it used to be. And some of the products that they need to start, um.
Yeah. Making use of or are definitely more expensive and they had a lot more overhead to, uh, for maintaining them when it comes to, uh, installation maintenance and call, you know, different calls against the help desk because of the products.
Trent Schwartz (SkyKick): It, it sounds like customers are really more aware of a lot of cyber attacks, right?
And is, is that helping sell your security services more?
Brian Minker (Able Technology Partners): Definitely. I mean, between the media, um, bring a lot more awareness to it, but they've also got other things that are happening. They apply for cyber liability insurance. The insurance companies are requiring them to have some type of baseline security standard in order to get that coverage.
Um, there's a lot of different things that have really helped get get it to the front of their attention. things like some vendors like Microsoft, their banks all requiring multi factor authentication. So, before when you went and you said, well, your user is going to have this additional step. A lot of them understand that now, whereas before they just felt like it was.
It's counter-productive was less productive to have their employees doing these additional steps and it was going to impact their performance. But now they understand it. They see it in day to day life at home with their banks with a push from Microsoft or their products that it's a little easier now.
Trent Schwartz (SkyKick): Yeah, it sounds like they're sort of connecting the dots with the expense of needing to invest in security, be it licenses or your excellent services. and the business impact, um, any recent stories with the customer that actually was able to get better insurance or save money on insurance or, increase their bottom line because they were more secure.
Brian Minker (Able Technology Partners): Sure, I mean, we've had several that weren't able to get the insurance or the reinsurance was extremely expensive. And so we were able to prove that they were meeting some baselines and doing the right things to be secure. One of the other recent stories we had was a company that did medical billing collections, and they were trying, they're recording a very large client, and that client required them to have.
A very high level of security because they were handing over some very sensitive information that that our client was going to be responsible for maintaining in order to do these collections calls. So the fact that we are able to reduce the written information security plan and show that we have all our ducks in a row and all the pieces that they expected to be there were there and we're regularly monitoring and making sure it's done right.
It helped them win that client.
Trent Schwartz (SkyKick): Yeah, it's funny. I sort of look back to, the turn of the century. I can almost see a parallel between, you know, what's going on with the requirement for security nowadays. And around the turn of the century, you remembered asking a business, Oh, do you guys have a website yet?
Do you guys have professional email? Do you, do you have a domain name? and now it seems like, that's obviously a given. Now it's all right, tell me about your security posture. As I approach doing business with you, right. Yeah. And, there's clearly a monetary result of, customer being secure, just curious and not to get into your secret sauce too much, but, um, do we think these, any of these customers actually, um, achieve ROI on their security investment and in your services like, what do you think the timing is on that, when a customer decides to invest in security?
Brian Minker (Able Technology Partners): So, you know, obviously they're, they're paying a lot more in order to gain that level of security, but trying to prove the ROI is very difficult because the ROI comes in that if they didn't have this, what could have happened? Right? And some of that would, it could be catastrophic.
There are companies that end up not every recovering, especially now that we have a lot of legislation that specifically says what's going to happen if a certain amount of public data is lost. Is out, is released nefariously. And they have to, you know, what they have to do as far as cleanup, what they have to do as far as notification and making the people hold whose information that they allowed to be released.
Trent Schwartz (SkyKick): Yeah. Yeah. So it sounds like there's sort of a multi pronged sales strategy. You've got on one hand, you know, the obvious threat of. A catastrophic event, uh, but then you've got the upside in revenue.
So that's really insightful. Thank you for that. So as you, work on delivering your security services, I imagine, you know, part of that is incident response. Uh, but a big part of that is, likely just strengthening the tenant, protecting the users and the data. Um, how do you guys actually approach.
Articulating that offering that you're going to bring to a customer,
Brian Minker (Able Technology Partners): right? Like I said, it has gotten a lot easier in some regards, but still customers want to know, you know, why do I need this? You know, what are we actually doing here? And with that, they, they want something that you can kind of put in front of them.
And so we've been doing. Um, some NIST based surveys to kind of show them where they're at based on security standards, and we also use reports from SkyKick Security Navigator, which really paints a picture of where they're at now and where they could be if we start implementing change.
Trent Schwartz (SkyKick): Yeah, that's fantastic.
Yeah, we're thrilled that you're using Security Manager and we hope it's doing the trick for you. Um, and, what would you say are the biggest challenges in delivering your security promise to a customer?
Brian Minker (Able Technology Partners): So the biggest challenge is the overhead of doing it.
Um, like I mentioned earlier, the actual implementation of it can be very daunting and you end up having to have a lot more staff in order to make that happen. And then once it's all implemented, When you're more secure, you're going to have more help desk calls. There's going to be false positives.
There's going to be people that have trouble using the multifactor authentication, or they get a new phone and it needs to be reset back up. So it really impacts a lot of that. And so trying to find tools that really help. Automate this process to try to make it to where it's consistent across all our customers has been very important and we've picked out a few a few tools.
And 1 of the big ones we use as you mentioned is SkyKick security manager because it gives us that ability that we have a configuration. That's pretty much based on Microsoft recommendations, but it also allows us to put our custom settings in on top of that and push it out to our customers in a very fast and uniform manner.
Trent Schwartz (SkyKick): Yeah, that was our vision, and it's awesome to see that in action. Curious if you have any recent, uh, stories of heroism on you or your team's part where you really accomplished a big thing for a customer.
Brian Minker (Able Technology Partners): There was one I mentioned earlier, but we also had one recently where a customer didn't realize that they were bound by HIPAA requirements and we were able to go in and very quickly get them within compliance in a very short amount of time.
And it had to do with a lot of hard work and some really good tools.
Trent Schwartz (SkyKick): That's awesome. Um, what was the time frame on that? If you can. If you recall
Brian Minker (Able Technology Partners): from the phone call to a being done, um, was 4 and a half weeks.
Trent Schwartz (SkyKick): Wow. That's awesome.
Yeah. And, you're not only helping that business, but obviously protecting the data of, those, that they serve, is, is very noble.
And I think that's why being in the security industry is, such, a good industry to be in. Everybody wins.
Brian Minker (Able Technology Partners): It is. I mean, I love the fact that it's gotten a lot easier. we're never been a very strong sales focused company. So, uh, having customers come to us and ask about security has made it a lot easier and be able to go in front of them and show why this needs to be done has made it a lot easier for us.
Trent Schwartz (SkyKick): Right. Yeah, because to some extent. Microsoft with M365 security, they do a little bit to make security tangible. They've got a secure score, um, that sort of gives you a number to shoot for. But, that can be a little bit nebulous, can't it? Because the target of a secure score isn't going to be the same for every customer.
As you mentioned, a customer such as a hospital who is bound by HIPAA, they're going to need a lot higher secure score than, say, an auto dealership or something like that. Right. so, right. Yeah, so you mentioned standardization and also bringing something tangible, uh, to customers, that's really interesting. And so, as you get a new customer, I imagine there's sort of an assessment phase that you go through. Can you tell us a little bit about that?
Brian Minker (Able Technology Partners): Sure, initially we go in and we try to gather as much information as possible. Based on make recommendations on things that they need to improve and we'll come out with a report and lay it out where they're at now, where we need them to be before we're even going to take them over.
Trent Schwartz (SkyKick): Yeah, that's awesome. Measure twice and deliver a lot.
And, where do you see your business going with security as far as this offering amongst the other things that you do?
Brian Minker (Able Technology Partners): So, as I had mentioned earlier with this is something we've started just in the past year, and we've always had customers that had more security needs and others, but we never had a dedicated.
Spelled out in a contract security offering like we do now. Um, when we first introduced it, I really thought it was going to be difficult to sell. It really hasn't. And I foresee that within the next year or two, this is going to be our standard offering. We're not going to offer anything but this package with security overlaid with what you typically found in the past from an MSP.
Trent Schwartz (SkyKick): Yeah, times are changing and you guys are, you know, definitely leading the way with security. It's great to see. Brian, I really thank you for your time today. Um, and for the listeners, for the listeners, thank you for joining. We hope this was insightful, uh, hearing from Brian and all the great stuff that they're doing.
Uh, you can always log into SkyKick. com for more and stay tuned for additional podcasts coming soon.
