Skip to main content

 

ConnectWise

ConnectWise Identify: Frequently Asked Questions

  1. Last updated
  2. Save as PDF

Overview

This document provides answers to commonly asked questions about ConnectWise Identify®.

Frequently Asked Questions

Do I complete the assessment or does my customer?

The answer is, whoever best knows the customer environment. In most cases, this is you, the provider. If your customer has an internal IT team, then it may be best to let them take the lead on completing the assessment. In either case, we recommend that you take the assessment with the customer. Use the assessment to separate yourself from the competition and to establish yourself as the competent resource on matters of cybersecurity. Walk your customers through the questions and answers to educate them on security concepts. For help taking an assessment, refer to Take an Assessment.

Is Identify just a prospecting tool?

The assessment can be used as a prospecting tool, though it should be part of the assessment and re-assessment processes. Use the assessment to help move your customers from their current risk profile to a lower risk, higher awareness profile. Your monthly subscribers will benefit from the longer-term effort to continually identify, reduce, and mitigate their risks over time.

When should I complete this assessment? 

We understand that security is often the least prioritized expense on a company’s budget. If customers are unwilling to accept your action plan, try to time the assessment with their annual budgeting meetings:

  • If they operate on a calendar year, plan to ramp up your assessment resources in early Q4. Companies operating on a calendar year often try to exhaust unused budget in December. For these companies, complete an assessment and propose an action plan project before the end of the year. If they have a surplus, they can put it toward the project.
  • If they operate on a fiscal year, aim for a month or two prior to their budget discussions. This ensures that your proposals are more carefully considered and reduces the likelihood of pushback due to tight budgets. It’s easier to fit an item into the budget when the budget is being planned than to hope your customer adopts it mid-year.

What value does Identify have as a prospecting tool?

The value is two-fold:

  1. Identify establishes you as a competent provider who is focused on security and can help your prospect manage their risks. This sets you apart from your local competition.
  2. Identify helps you to understand the scope of work. If an assessment determines that a prospect is high-risk, you might not want to take them on as a client given your current resources. However, a high-risk prospect who is willing to work with you to mitigate risk opens the door for you to create time and materials revenue opportunities through project work. On the contrary, a high-risk prospect who is unwilling to change will only increase your ticket volume with unnecessary tickets. Their satisfaction with you as a provider will be low at no fault of your own. Turn them away before the relationship starts to avoid that frustration and to save your name from possible negative word-of-mouth communication if they are unsatisfied.

What value does Identify have as with my monthly recurring customers?

That depends on why you want to know their risks:

  • If you want to generate more project revenue by mitigating their risks through an action plan, offer it as an extension to your agreement as a per month cost or as a one-time consulting engagement.
  • If you are mostly interested in understanding the risks your customer base presents to you as a provider, you can absorb the cost as a cost of doing business and offset it with occasional consulting engagements.

Are there other ways I can monetize this offering?

Of course there are more ways! Everyone has risk. Your potential pool for consulting risk assessment clients is as big as your staff resources can allow. Begin a marketing effort in your area for risk assessment as-a-service. Present it as a consulting offering apart from your primary monthly offerings.

Companies often seek third-party consultants to perform the risk assessment. Internal IT departments might not want to partner with you for managed services, but could benefit from a series of quarterly consulting appointments that help them create an action plan to address their risks. If you have a friendly co-opetition provider in your area (someone who you are competing against but have a good working relationship and non-compete agreement with), consider partnering with them for co-consulting engagements. 

Keep in mind that you can offer more than just the risk assessment. Bundle this consultation to increase your revenue:

  • Deploy ConnectWise Automate® agents and do a standards and health check.
  • Generate a network map of the devices found by the probe.
  • Create a standard security process and train your clients to implement it in their environment.

Each service or datapoint you provide can increase both the value of your offering and the amount charged for your service. When backed by a repeatable, documented process and scripted automation, risk assessments can reduce resource allocation drain and increase your margins.

As a smaller company with fewer staff resources, how do I mobilize this offering?

Consider adding the assessment to your next quarterly business review and charging for it rather than scheduling a separate meeting just for the assessment. Quarterly strategy planning is the perfect time to begin the security discussion. Train a technical sales resource to complete an assessment during your quarterly reviews. This allows you to test the pricing that works in your market and customer base. Once you find the right pricing model, add subscriptions to increase revenue. Start at a level that makes sense for your business, then build on it and expand it as your resources allow.

How do I generate revenue from the assessment results?

Use your ConnectWise products to generate the revenue! Create a project in ConnectWise Manage®. Break the project into phases based on the timeframes you want to accomplish (1-3 months, 3-6 months, 6-9 months, etc.) or on the functions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover). Consider using timeframes in environments where budgetary constraints require a smaller number of risk mitigation efforts over a longer time. The NIST Functions might be better suited for a larger effort with approved mitigations across the identified risk areas in one large project. For help interpreting the assessment results, refer to Assessment Results Dashboard.

I already have existing agreements that cover some of the security areas beyond antivirus. How do I convince my customers to pay more for services they already pay for?

In some cases, you will not have to. However, as the cybersecurity landscape matures, you will have to update your security offerings accordingly. There will be a point where the management of certain offerings requires you to break them out as separate security offerings to keep up with the overhead maintenance of changes in the threat landscape.

Determine what you should continue to include in your normal monthly recurring agreements. For example, if you offer automatic patching through ConnectWise Automate, include Microsoft patches in your monthly offering, but make third-party patching its own line item. After you have identified the items that should be a separate offering versus the ones to remain in the current offering, price and package them as “security-as-a-service” add-ons for your new prospects. Then convert your existing customer base at their next renewal. This helps you determine if your bundles are correct for your customer base. Do the majority of your customers want specific services bundled together? Make sure you have those offerings put together based on their success and ensure that your margins make sense for the offering as well.

Remember, you might be under a cybersecurity attack even if there are no visible signs of one taking place. The internet connects everyone. A small business in a rural town is just as vulnerable as a major corporation in Manhattan. The internet ensures that every malicious actor is your neighbor, no matter how remote your location. 

  1. Back to top
  • Was this article helpful?
Leave feedback

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Identify assessment
    2. Identify FAQ
    3. Identify Frequently Asked Questions