Small businesses that outsource information security face a variety of choices, starting with the type of infosec company they hire \u2014 options range from simple reseller to system integrator. The most common types for SMBs are value-added resellers (VARs) and managed service providers (MSPs). How will they choose an information security provider?<\/p>\n
In the past, when MSP was a developing market, the natural choice was VAR. Value-added resellers not only supply software (and hardware in some cases), but also help with deployment, provide product support, and answer product questions that may arise. But their main goal was to provide a client with a new license, when the previous one expired. The client in this scenario owns a license for the software. And that is why VARs were always viewed only as a reseller. <\/p>\n
If a company chooses to work with a VAR, it needs to have an IT team on site. Even if a company owns just a dozen laptops, there should be an IT person in house (or, next-best, someone in a part-time IT role). Value-added resellers are ready to help that IT person with the product; they can help install it and probably provide training on how to use it, but they will not manage IT for the company. Moreover, this IT person will be in charge of security solution management as well. In other words, this should be an IT security expert. And here is the major drawback: IT security specialists are rather expensive and in high demand<\/a>. When it comes to small and even medium-size businesses, it may be costly to have a dedicated person. <\/p>\n MSPs take a different approach, not just selling licenses but providing full-fledged IT service. When a company delegates its IT responsibilities, including security, to an MSP, the MSP takes charge, making decisions about what would be best for the company. A managed service provider becomes a trusted advisor that takes care of all IT for the client. An MSP gets to know a client\u2019s needs, makes suggestions about best practices, and then comes to decisions with the client and sets everything up. <\/p>\n What does that mean for the client? It means always having qualified support, and that all IT is set up and functional, including security. When it comes to security, it means a qualified person is charged with protecting the business, and it means the client doesn\u2019t need to retain a security specialist, or any IT personnel, on staff. <\/p>\n It may seem that an MSP achieves the same goal as a VAR but spends much more. That is not necessarily true. Both types of security solution providers have their own experts on security. The main difference is in their level of involvement. In fact, many VARs eventually expand their range of services and become MSPs. <\/p>\n What do they gain? Mainly, a much higher client retention rate. A trusted IT advisor \u2014 someone who understands a company\u2019s needs and helps with any IT security issue, who already knows the infrastructure and can predict what problems may arise \u2014 is an invaluable asset. <\/p>\nTransforming from VAR to MSP<\/h3>\n