Is ROSI Important for Reseller to Sell Security?

Upkar Singh, Director- IT, FIS | Thursday, 09 November 2017, 12:45 IST

From customer point of view, I would like to highlight few traits which any Security Reseller must focus to sell Security Solutions. There are multiple reasons why a po­tential customer wouldn't be interested in buying security, but perhaps the most common one is the belief that the customer simply doesn't need what Reseller is selling. Many business owners and IT professionals suffer from, "It won't happen to me," syndrome. They're convinced that because "It hasn't happened yet," or they "don't have any data people want" or "are too small to be a target," that they can relax on security.

Finding the ROSI (Return on Security Investments)

In my experience selling information security, the most common objection of a Customer is that Reseller’s lack of focus on tangible Return on Security Investments, as well as the belief that security is expensive and interferes with operations. Unlike a new server, upgraded productiv­ity software, etc., showing return on security investment (ROSI) is less intuitive because people see it as a disabler. But in fact, a security investment can also yield productiv­ity gains. If a reseller takes a closer look in search of return on investment (ROI), he may not only close the sale, but he may also become a trusted business consultant as well.

One major source of return on security investment is productivity. Yes, productivity can be substantially in­creased by driving employees to be less distracted and to follow organized procedures for doing their daily tasks. For example, the implementation of web filtering and user monitoring software can ensure users are spending their work hours doing productive work for the company. Another example is data-loss-prevention. By not allowing documents to enter and exit the network unchecked, there is far less time spent searching for the documents and vali­dating their security status, a process that can be quite time-consuming and costly during IT or compli­ance audits.

When selling information se­curity, a reseller must also find the risk or tangible losses that may come from not having your product or service, and seek to quantify those potential losses. They can help the client calculate the costs due to loss of intellectual property or goodwill and the cancelling of key partnerships. Identify any significant fines they may face and the expense of legal defense and lawsuit settlements.

Handling Security Fears and Resistance

A reseller must also help client deal with the employee complaints, often caused by security initiatives. Share real examples of tragic information security incidents in other small or midsized businesses that are like them. Show cli­ent the actual regulations and tangible penalties for failure to comply. Be prepared to counter the common mindset that everything is good and they need not worry. Patching systems are a great measure of the most basic security with­in a network. It is also one of the most despised and least effectively managed IT processes. Do an inventory of the patches. Then use that as a benchmark assumption to get the decision maker to realize there are bigger hidden issues and maybe IT isn't as on top of it as they thought they were. Show them how you are there to help their IT environment become more secure and to make them the leader of their security initiatives.