Justifying the Cost of Security...

Security is always a balance between available money and potential for threats.

Ever been in that situation with a client were they NEED some righteous security upgrades, but you haven't figured out how to get them to pay for it?

Yep, if you have been in business any amount of time, you can say "YES" to that statement. I have often been there and have tried different methods to get the client to do the right thing. So, here are my thoughts on how best to do this.

FIRST, decide if this is a keeper client. If they fight you on every upgrade that you advise, then disengage with them. This becomes the item you can use to "request" the client become serious. Let them know that, if they do not "get with the program", you will have to refer them to another tech firm.

SECOND, Do not result to lists of feature sets. Most smaller clients (50 desktops and under) could care less. They do want to know that this will help them be compliant, and that you truly believe it is best for them, but they do not want to understand the plumbing.

THIRD, Use your Trusted Advisor status. If you have done well with the client, then you will have it. If they see your confidence in the security solutions, and they have confidence in you, then they will buy in emotionally.

FOURTH, Relate to them that this is STANDARD security, and that you are not selling them anything exotic. Let them know that you require this level of security in your clients because it will save the network from disruption and downtime. This means better ROI from their investment in personnel and capital.

FIFTH, Explain the possible consequences of not doing it. While Amy Babinchak of Harbor Computer Services makes a very good point about the dangers of using FUD (Fear, Uncertainty, and Doubt) to sell, the client still needs to be focused on the problem to solve. If no evident risk, no need for solution. Use examples of botnets, etc to focus the client on the fact that a solution is needed. Preventive in nature, but still needed.

SIXTH, Sell them on the fact that this is a duty to their clients to keep their client data as secure as possible. You can also relate the legally mandated (in some states) cost of having to inform their clients of security breaches.

SEVENTH, Help them find some way to pay for it. Either spread it with financing (such as Microsoft Financing) or leasing or HAAS. Another idea is to use a vendor such as Calyptix that can bill a monthly MSP fee so the client can "pay as they go".

So many of our clients are out of balance. Hopefully, this will help you help them get the security that they need.