How a trust program helps you build lasting business with your clients

Robb Reck, Chief Trust and Security Officer (CISO)
Pax8 Rob Reck Security Blog

Trust is the cornerstone of any successful relationship, business or otherwise. In the world of managed service providers (MSPs), in which small- to medium-sized business (SMB) clients entrust their critical IT infrastructure and data to an outside IT organization, building trust is not just important; it’s essential. In this blog, we’ll explore the significance of a trust program in the context of MSPs and how it can help you save money, maintain relationships, and grow your business.

What is “trust” and what is a trust program?

With the ever-increasing velocity of cyberattacks, and regulatory changes and news coverage around them, customer expectations for trust around security, privacy, and compliance are higher than ever before. And these expectations are likely to continue rising. At their heart, a customer’s expectations around cybersecurity are about the customer’s ability to trust that their service provider will protect and guide them. Put another way, trust means that your clients believe you’re committed to acting in their best interest.

A trust program is a set of principles specifically built to earn trust from customers that you operate ethically and will treat their information with due respect. It starts at the top with the C-suite and their commitment to make decisions with a focus on genuine care for customers. This, in turn, will instill confidence in your clients that your organization is acting with competence and intent to deliver on its promises.

Why is trust so important?

With MSPs, building, implementing, and maintaining a trust program is especially important because you’re not just dealing with clients, but also their end customers and all their data.

In the absence of building an adequate trust program, you’ll have to go through expensive and inefficient ways of maintaining peace of mind for your clients, such as security questionnaires, contractual requirements, and site audits. And if you have insufficient trust, your clients can easily switch to a competing MSP.

Customers are not only looking for the partner with the best technical ability; they want a partner who cares about the things the customer cares about and will reflect those priorities in how they do business. Proactively and programmatically demonstrating how you do business, protect your customers, and align to the outcomes that matter to them can not only help win customers you otherwise might lose, but it can also reduce time in the sales process, by reducing the requests from potential clients who want assurance that their services meet the expected standards.

Without a solid foundation of trust, meeting these expectations can become an arduous task. You’ll have to hire additional staff and resources just to prove you’re doing right by your clients. This approach is not only costly but also inefficient.

How to build trust

Trust is not something that companies inherently possess; it must be earned. To build trust, MSPs must demonstrate a commitment to the principles and actions that matter to their clients.

MSPs can follow the three core principles below, which can be implemented in any order. While these principles are not binary and MSPs can operate within them along a spectrum, they serve as guiding stars for trust-building.

The “say:do” ratio

One key aspect of trust-building is the “say:do” ratio. This concept is deceptively simple: When you say you will do something, you follow through with it. If, for some reason, you cannot meet a commitment, you communicate proactively with your clients, explaining why and what steps you’re taking to rectify the situation.

Conversely, when you are going to make a change, you should communicate this to your stakeholders in advance, avoiding “happy surprises.” The key is that you want to establish a reputation for being a partner that is predictable, consistent, and forecastable. That’s the type of partnership that customers can rely on and build their business around.

Proactive transparency

Imagine you’ve accidentally broken something that was important to your significant other — let’s say, a figurine that was a family heirloom. You might be able to get away with it, hide the evidence, and blame the cat, but in a relationship in which trust is key, it’s always better to just come out with it and say what happened. Your partner will eventually discover the problem and over time figure out that you’re not willing to admit your mistakes, which makes them wonder what else you’re not honest about. By ensuring that bad news comes from you before they can figure it out on their own, you build trust that they don’t need to keep looking for other hidden problems.

The same concept applies to your clients. Be honest and forthcoming with information, whether it’s good or bad news — even if it’s something you could reasonably get away with not telling them. By willingly engaging in difficult conversations and addressing challenges head-on, you establish a reputation for openness and trustworthiness.

Aligned incentives

Perhaps the most important of these principles is the concept of fostering aligned incentives. This means ensuring that your business incentives are closely tied with your clients’ success — it’s the concept of “we win when you win.”

This tenet of trust is so important because it helps eliminate friction in the sales process. Potential clients may question the motives of those selling their services, and disagreements may arise about how much liability each party is willing to assume. By aligning your incentives so that continued MSP success is tied to measurably increased client efficiency and security, for example, this removes concerns about your intentions and strengthens the partnership. Everyone wants to enter relationships in which they know the partner is rooting for their success.

How to implement a trust program

Implementing a trust program is not the responsibility of a single department or leader within an MSP. It requires cross-functional commitment from nearly every department within the organization — including, most of all, the C-suite — to fully align on priorities. Every aspect of the organization plays a role in trust-building.

There are a number of tactics you can employ within the previously discussed pillars of a trust program, detailed below.

Use maintenance windows

A simple yet powerful way to set expectations is through maintenance windows. This is a time frame commitment for any disruptive changes that you share with your clients so they can plan accordingly. Striking the right balance is crucial; failing to use the window can inconvenience clients, while constant “emergency” fixes outside of it erode trust.

Don’t hide the details

Some leaders obscure the details of their teams’ activities, whether due to lack of planning or a desire for flexibility. But this lack of transparency leaves stakeholders uncertain about what to expect. MSPs, and particularly their security teams, must open up about their operations to build trust. Utilizing status pages, public root-cause analysis for issues, and making security and privacy pages available and easily understandable are some of the ways in which you can increase transparency.

Follow product roadmaps

Presenting and following product roadmaps are a vital component of achieving transparency and a 1:1 “say:do” ratio. Sharing major milestones and changes expected over the next year allows clients to prepare for these developments. Overcommitting or under committing can both harm trust, so finding the right balance is essential. Then, when you miss on a commitment (as happens to everyone eventually), honestly talk about the miss. Even misses can help build trust, when properly communicated.

Solve for the customer and provide satisfaction incentives

Aligning incentives is easier said than done, but there are some effective tactics you can take. One way is to “solve for the customer,” meaning you place the focus more on keeping current customers happy by solving their problems rather than hitting sales quotas for netting new clients. You can achieve this by giving both sales and service teams similar revenue retention bonuses so that internally, your team is working toward the same goal of customer satisfaction.

Because getting new customers can cost five times as much as maintaining existing client relationships, this is just smart business. And when a customer hears that you’re incentivizing your employees to keep them happy, they know that you aren’t taking them for granted.

Leverage the best in cybersecurity solutions

To build trust in your MSP, it should go without saying that you should also be using and implementing the best in cybersecurity. Take steps such as creating a solid security stack, staying on top of cybersecurity education, and standardizing your processes so your clients are confident in your ability to handle your own cybersecurity as well as theirs.

MSPs and trust: a natural fit

Not every organization may find it necessary to establish a trust program, but for MSPs, it makes perfect sense. SMBs, in particular, seek MSPs to outsource security and privacy decisions because they lack the expertise to navigate these complex landscapes themselves.

MSPs often find themselves having to educate clients about what “good” looks like in terms of security and privacy. Over time, this education contributes to building trust. Aligned incentives play a crucial role here, as clients appreciate the sense that the partnership benefits both parties equally.

What a well-implemented trust program provides

Ultimately, boards and officers are not primarily seeking the strongest security program from their MSP. Instead, they aim for more business success by reducing regulatory implications and increasing brand awareness. Achieving this success hinges on building trust, which includes having a robust and reliable security function within the organization.

When a trust program is implemented consistently and executed well, it offers:

  • Clear expectations: Clients have a well-understood description of what to expect from the MSP.
  • Proactive issue resolution: If something goes awry, the MSP proactively reaches out to inform the client and take corrective action.
  • Roadmap visibility: Clients have a roadmap showing upcoming changes and improvements to your programs and offerings.
  • Track record: By consistently delivering on your promises, you establish a record that leads to relationship longevity and reduced client churn.
  • Advance notice: Clients receive sufficient notice to make the most of changes as they occur, maximizing any additional revenue, efficiency, or security that comes from these changes.

Our approach to trust

Pax8 is a Marketplace that can help you understand the importance of trust in the MSP-client relationship. We can help you design and implement a trust program that will help you keep your clients happy and coming back to you year after year.

To get started building a trust program that incorporates best business and cybersecurity practices, reach out to one of our experts, and we’ll help you get on the path to building better trust in no time.

Robb Reck is a 20-year security leader who has led security programs for financial services organizations and security vendors. He is the Co-founder of Colorado = Security, a movement to help make Colorado the Mecca for information security. He previously served as Chief Trust and Security Officer for identity security company Ping Identity and managed detection and response provider Red Canary.

Schedule a call