
Is ROSI Important for Reseller to Sell Security?


Finding the ROSI (Return on Security Investments)
In my experience selling information security, the most common objection of a Customer is that Reseller’s lack of focus on tangible Return on Security Investments, as well as the belief that security is expensive and interferes with operations. Unlike a new server, upgraded productivity software, etc.,showing return on security investment(ROSI)is less intuitive because people see it as a disabler. But in fact, a security investment can also yield productivity gains. If a closer look
in search of return on investment (ROI), he may not only close the sale, but he may also become a trusted business consultant as well.
One major source of return on security investment is productivity. Yes, productivity can be substantially increased by driving employees to be less distracted and to follow organized procedures for doing their daily tasks. For example, the implementation of web filtering and user monitoring software can ensure users are spending their work hours doing productive work for the company. Another example is data-loss-prevention. By not allowing documents to enter and exit the network unchecked, there is far less time spent searching for the documents and validating their security status, a process that can be quite time consuming and costly during IT or compliance audits.
When selling information security, a reseller must also find the risk or tangible losses that may come from not having your product or service, and seek to quantify those potential losses. They can help the client calculate the costs due to loss of intellectual property or goodwill and the cancelling of key partnerships. Identify any significant fines they may face and the expense of legal defense and lawsuit settlements.
Handling Security Fears & Resistance
A reseller must also help client deal with the employee complaints, often caused by security initiatives. Share real examples of tragic information security incidents in other small or midsized businesses that are like them. Show cli-ent the actual regulations and tangible penalties for failure to comply. Be prepared to counter the common mindset that everything is good and they need not worry. Patching sys¬tems are a great measure of the most basic security with¬in a network. It is also one of the most despised and least effectively managed IT processes. Do an inventory of the patches. Then use that as a benchmark assumption to get the decision maker to realize there are bigger hidden issues and maybe IT isn't as on top of it as they thought they were. Show them how you are there to help their IT environment become more secure and to make them the leader of their security initiatives.
One major source of return on security investment is productivity. Yes, productivity can be substantially increased by driving employees to be less distracted and to follow organized procedures for doing their daily tasks. For example, the implementation of web filtering and user monitoring software can ensure users are spending their work hours doing productive work for the company. Another example is data-loss-prevention. By not allowing documents to enter and exit the network unchecked, there is far less time spent searching for the documents and validating their security status, a process that can be quite time consuming and costly during IT or compliance audits.
When selling information security, a reseller must also find the risk or tangible losses that may come from not having your product or service, and seek to quantify those potential losses. They can help the client calculate the costs due to loss of intellectual property or goodwill and the cancelling of key partnerships. Identify any significant fines they may face and the expense of legal defense and lawsuit settlements.
Handling Security Fears & Resistance
A reseller must also help client deal with the employee complaints, often caused by security initiatives. Share real examples of tragic information security incidents in other small or midsized businesses that are like them. Show cli-ent the actual regulations and tangible penalties for failure to comply. Be prepared to counter the common mindset that everything is good and they need not worry. Patching sys¬tems are a great measure of the most basic security with¬in a network. It is also one of the most despised and least effectively managed IT processes. Do an inventory of the patches. Then use that as a benchmark assumption to get the decision maker to realize there are bigger hidden issues and maybe IT isn't as on top of it as they thought they were. Show them how you are there to help their IT environment become more secure and to make them the leader of their security initiatives.