Clients rely on you to give them the professional advice they need to protect their business. Whilst you might feel that giving them lots of options and flexibility is the moral thing to do, it often works against you. This is because they don't understand the value of the services or the risk associated with their decisions, resulting in them focussing more on the cost rather than the risks and benefits.

Packaging your Security services into Security Packages is the best way to protect your clients without being chipped down on price on individual line items. By providing turnkey or customized security packages, you are helping them to not only meet their compliance requirements, you are creating a more robust and balanced security posture and reducing their risk of cyber-attack.

Security Packages in HighGround are designed to be easily understood by your clients by using KPIs and visualisations that are both powerful and meaningful. We align to the NIST Cybersecurity Framework 2.0, often referred to as the grandfather cybersecurity framework, giving you and your clients confidence in the credibility behind the robustness of your security stack and the security packages you build and sell to your clients.

You can create 2 different types of security packages in HighGround:

MSP Standard Packages: these are your standard packages that you provide, for example Bronze, Silver and Gold.

Custom Packages: these are security packages you create for specific clients to meet their unique needs. When creating a custom package, you will be prompted for which client you want to create it for and it will not be available for use with any other client.

​

Security Packages are made up of a collection of Security Services and Products:

Security Services: these are the actual security services you offer and are re-usable across different security packages. This gives you the rigour of engineering your security services independently of how you package and sell them (aka security packages). You can read our Building your Security Services article to learn more.

Products: these are the actual products you buy from your suppliers. Think of these as the actual line items on the invoices you purchase, for example Sentinel One Complete License. Products can be created manually in HighGround or imported from your PSA/Finance System and are linked with the tools in your Security Stack.

The image below demonstrates the relationship between security packages, Security services and products.

Whilst building security packages in HighGround is pretty simple, there are a lot of options and flexibility, which can make creating security packages complicated very fast!

Use this section to learn what is possible as well as a handy reference resource.

To create a security package, you must be in the MSP Portal (i.e. they cannot be created from the client portal).
​
Navigate to Sell > Packages > Click 'Add'
​

Select 'Create Standard MSP Package' unless you want to create a custom security package for a client, in which case you can search for and select the client the security package will be for.
​

Give your security package a Name and Description - now you're ready to add your security services.
​

​

Now it's time to start adding the various security services that you will provide in this security package. All security services you have created in the sell module are available for selection in your security package since security services are re-usable (i.e. using them in one security package will not prevent you from adding them again in another security package).

To add a security service to your package, under 'Services', click 'Add'.
​
​

If a security service has already been added to the service, it will appear in the services list above and in the dropdown list highlighted in blue with a blue tick at the end of the row.

You can remove a security service from your security package by hovering over the service in the list and clicking the 'x' button.

The Security Posture of your security package will be displayed dynamically as you build it. This is driven from the Security services themselves and is an aggregation of the security components and their associated security weightings from the security services you have added to your security package.

The security posture of your security package includes the following:

Security Posture: this is a visualisation of the security posture of the security package against the NIST Cybersecurity Framework 2.0.
​
For each of the Functions in the Framework, the maturity of the security package is plotted on an axis of the chart. The further from the centre to the outer point of the axis, the more mature the security package is in this Function of the NIST Cybersecurity Framework 2.0. A numerical value from 0 to 50 is already provided.
​
​Predicted CyberScore: this is the CyberScore that clients would achieve if they had this security package applied, all tools configured correctly and in good health, and all other security attestations removed.

Predicted CyberResilience: this is the CyberResilience score that clients would achieve if they had this security package applied, all governance & reslience activities performed correctly in HighGround, all tools configured correctly and in good health, and all other security attestations removed.

A financial breakdown of your security package is provided so you can see what the package will cost and how much margin you will make.

Billing Model: there are 2 different billing models for Security Packages:
​
​Per Asset: this is the simplest and most common billing model, where clients are charged for the exact count of each asset. The cost and sell prices included within the Security services of the security package are aggregated to show the total cost of each asset type.
​
Here is a fully worked example of a security package using a per asset billing model:
​
​Security Services in Package:
-- Service A: $20 /device /month
-- Service B: $25 /device /month
-- Service C: $50 /user /month
-- Service D: $15 /user /month
-- Service E: $100 /org /month
​
​Package Asset Types:
-- /user
-- /device
-- /org
​
​Package Asset Billing Breakdown:
-- $45 /device /month
-- $65 /user /month
-- $100 /org /month
​
​Per Seat: this is a simpler billing method for clients to understand that also protects your costs. Where per-asset billing ensures you bill for every asset for every service, with per-seat billing you define what is included within a 'seat'. A seat is an abstract unit type that represents whatever you want it to. For example, a seat could include 1 user, 1 laptop and 2 mobile devices.

Seats cost and sell prices are automatically calculated when the package is created, with the option for you to override them at the security package stage, or later on when in the Security Packages module for a specific client where you can manually override the 'Required Seats' and 'Seat Price'.

When billing per seat, the clients asset counts are processed against what is included in a Seat, and a qty of 'Required Seats' is calculated. As detailed above, this can be overridden on a per client, per package basis, as can the Seat Price.
​

Here is a fully worked example of a security package using a per seat billing model:
​
​Seat includes:
-- User: 1
-- Device: 2
-- Mobile Device: 2
​
​Security Services in Package:
-- Service A: Cost: $10 Sell: $20 - /device /month
-- Service B: Cost: $15 Sell: $25 - /device /month
-- Service C: Cost: $10 Sell: $20 - /user /month
-- Service D: Cost: $7 Sell: $15 - /user /month
-- Service E: Cost: $3 Sell: $12 - /mobile device /month
​
​Seat Cost: $73 /seat /month
-- $17 /user /month (* 1 user inc. per seat) = $17
-- $25 /device /month (* 2 devices inc. per seat) = $50
-- $3 /mobile device /month (* 2 mobile devices inc. per seat) = $6
​
​Seat Price: $149 /seat /month
-- $35 /user /month (* 1 user inc. per seat) = $35
-- $45 /device /month (* 2 devices inc. per seat) = $90
-- $12 /mobile device /month (* 2 mobile devices inc. per seat) = $24
​

​Package Pricing:
​
For MSP Standard Packages, a high level breakdown of the security package billing for each asset type is shown including cost, sell, margin and margin %. This is because these packages are generic until they are used with a client in the Security Packages module, at which point the clients exact qty of assets are inputted into the security package to generate an exact price. This generic model is what makes HighGround security packages re-usable, efficient and powerful.
​
For custom packages, a more detailed financial breakdown is provided since the qty of asset for the client you are building the security package for are known. The financial view you will have here is identical to what you will see in the Security Packages module for the client.
​

Period: the billing period of this package - options include /month, /quarter and /year.

Currency: the currency you will sell this package in. This will default to your MSPs own currency by default but can be changed.

Tax Rate: the tax rate to be used for your package - this will default to your MSPs default tax rate.

Package Pricing: As detailed above.

​Summary: a summary of the billing of the security package including subtotal, contributions, discounts, tax rate and total.

Margin: a breakdown of the margin and margin % of the security package on a /month, /quarter and /year basis. The cost and sell prices are also shown too.

The security capabilities give your clients a high level overview of the security components of a security package. These are the security components from the Security services you have added to your package and can be toggled between 2 different views as follows:

Show by NIST CSF Function: these align to the 5 functions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond & Recover). They are inherited from the security components alignment in the NIST CSF Framework and are not controllable by the MSP.

Show by Security Pillar: this is a useful way for your clients to visualise the functional areas that the security components align to and are more recognisable by non-technical people such as business owners and management teams. Options include User Security, Device Security, Network Security, Cloud Security, Business Resilience and Compliance. These are customizable by the MSP on a per security component level when building your Security services.

Security Components have additional status icons as follows:
​

​Pre-existing: the client already has this security component (as defined by their security attestation in HighGround). This is only visible when building a custom security package, or when viewing it from the Security Packages module for the client.
​

New!: the client does not currently have this security component (as defined by their security attestation in HighGround) and this package will provide this as a new security capability

Monitored by SOC: for any security component which will be monitored by a security operations centre, this icon will show at the end of the security component. This is controlled from the Tool which is linked with the security component when you are building your Security services.

When building your Security services, you will define their features. These are often technical and are of limited value to clients trying to understand the bigger picture of what a security package will provide them.

These features are shown in the 'Included Features' section and arranged by security service so it's clear what features are being provided by which security service and its associated billing details.

A security component is a technology or practice that delivers a security benefit.

This section will display the security components included in this package (via the Security services you added) together with the icon of the tool being used and product that is linked with that tool. For practices, a generic icon will be used however a product may not be linked.

When building your Security services, you answer questions about what the service will provide. The majority of these questions are actually controls in the NIST Cybersecurity Framework (known as Subcategories) which have been converted into MSP security service questions.
​

When the security service is added to a security package, the questions that you answered converted into statements about what you will do for your clients, along with the control-ids of the framework that they can use for cross-referencing this against other security frameworks.

This saves you time explaining to clients what actual security activities you are performing/providing, saving you time and giving your clients confidence.

The last time your security was edited, including who edited it, is shown at the bottom of the security package. This is helpful in being able to track changes. In future releases we will provide versioning and an audit log for enhanced auditing capabilities.

You can edit a security package that is not applied to any clients without any complications - simply open the security package you want to edit, make the changes and click save.

If you want to edit a security package that you have already applied to a client the there are some additional considerations and options. By changing a security package that is already applied to a client, you will change the security posture of every client the security package is applied to.

To prevent you from doing this by accident, HighGround will notify you of this, including which clients the security package is applied to, and prompt you to either continue with your editing or to clone the security package.

​

Step 1: Find the security package you want to delete.

Step 2: Click on the '...' at the end of the security package.

Step 3: From the list of options, select 'Delete'.

Step 4: If you are still sure you want to delete the package select 'yes, Delete'.

Your security package will now be removed from your list.

Once you have sold a security package to a client, you should apply it to them in HighGround. This is a quick and easy process to perform:

Step 1: Go to the company dashboard and select the client to manage their account.

Step 2: Select 'Security Packages' on the left menu.

Step 3: In the 'Active packages' block, click 'Select package'.

Step 4: Select the package you want to apply to your client.

Step 5: Select 'Keep' or 'Remove' and your security package will be applied to your client and show as being 'Active'.