Is it better to be cyber secure or cyber resilient?

If you think this is a trick question, it isn't. There are many who believe that security is solely a matter of defense. While defensive measure are crucial to any MSP (or their customers), preparing for eventual attacks which are successful, is also crucial.

 

So, what is an MSP to do? Here are some simple measures every MSP ought to be doing right now to be both prepared for cyber-attacks, but also resilient to them if they are successful.

PlanningDocumenting your plans

Identifying where your risks are

Anticipating those attacks, and eventual breaches

TestingTest means test

Test, and often

Document your test results. Learn from them

MonitoringKeeping a watchful eye on your internal MSP network and IT assets

RMM isn't enough

 

More Fake MSPs

I no longer trust websites. When you hear this story you may not either. While this story is completely true, it is also, regrettably, a reality we must face as a profession and fix!

 

Urgent News for Break/Fix Providers

Three decades since the first MSPs were created, we still have IT organizations who are in doubt as to the business model around managed services. If these non-MSPs can't be persuaded based on the logic of the business model alone, perhaps we can present a very real economic motive for getting rid of your break/fix and reactive customers.

Remember, no matter how much your client's try and make you think that reactive IT services are the best for them, they are wrong!

Being innovative does mean customers need to come along for the ride. What if some customers don't want what you are creating? Getting rid of problem clients, particularly those clients who do not embrace managed services, is not always easy. 

Jimmy and I spoke about why MSPs may want to fire their clients, particularly if they do not want to evolve as technology evolves. We talked about innovation in the managed services profession. We also discussed how MSPs rely on their vendor partners to continuously evolve and develop new technologies to help MSPs maintain success.

Who is SPINEN?

Why they fired 70% of their clients

Vendor relationships and how to keep them productive

Innovation involving artificial intelligence

The MSP Generation Divide

Time changes everything. That certainly seems like an appropriate saying when examining the managed services profession. MSPs seem to be getting younger and younger every year. Or maybe we are just getting older.

The point is, the generational divide amongst MSP professionals is increasing. We have older and younger members of our profession, and a lot of knowledge must be transferred between these generations.

 New MSP generation doesn't have preconceived notions of managed services

Younger MSP generations have a lot to learn

Younger MSP generations need access to the veteran MSPs

Vulnerability Scans Don't Do This

Many people believe vulnerability scans are a magic bullet, capable of solving lots of different problems. While vulnerability scanning technology is a necessary tool in the MSP tool belt, it is not a cure-all and should be utilized cautiously and appropriately.

Vulnerability scan use cases

Vulnerability scans: what they don't do

Vulnerability scanning isn't a business model

Why the MSP Name is Valuable

We have two examples of the "MSP" word being misused or misapplied. One example involves an end-user, the other example involves MSPAlliance.

End-user organization fooled by cyber consultant claiming to be MSP

MSPAlliance mistakenly believes organization is MSP despite clear language on their website

What do PE Firms Want from MSPs?

For the last several years MSPs have been courted by private equity firms desperate to enter the managed services space. At the risk of being obvious, what do private equity (PE) firms want from their MSP investments?

It's an important question and knowing the answer can help you successfully navigate the process of working with a PE.

PE vs other MSP buyers

Types of investment

Hold times

 

Managed Service Sales is Easier Than you Think

Stop overthinking sales. After reading a sales book (non-MSP) I'm convinced that the majority of MSPs have over complicated their approach to sales. Instead of focusing on native skills which all MSPs should have, they believe that it is necessary to acquire sales capabilities which are not native to most sales organizations and may be harmful to selling managed services.

Are closing and handling objections the real barriers to successful MSP sales?

The MSP sales magic bullet?

Lead generation and account handling

 

Help me fix my MSP pricing

MSPs struggle with pricing. Pricing questions come up many different sizes of MSP organizations (so it's not just an SMB issue). There are many reasons why MSPs might believe their pricing is either too high or too low. Following these simple methods should help you get a lot more comfort around how and where you price your managed services.

Pricing methods revisited

Prices are too high

Prices are too low

Pricing KPIs

Are Accounting Firms Squeezing MSPs?

Misunderstanding MSPs in the larger IT channel discussion

Why are accounting firms getting into managed services?

How does the CPA community impact MSPs moving forward?

 

Could the Master Cyber Provider Model Backfire?

Those who ignore history are doomed to repeat it. Truer words were never spoken, particularly in the IT channel. Way back when managed services was just getting started, the master MSP model emerged. There are important lessons to be learned from this era, particularly when we start to see history repeating itself today. It's like déjà vu.

Role of the "master MSP" then

Today's "Master MSSP"

Resellers vs MSPs, it really does matter!

 

Manages Services Pricing Reality Check

There are a lot of methodologies for approaching managed services pricing. Regardless of what method you choose (and you should have a method), understanding the role of risk as a prime pricing determination factor is important. So, important, if you forget to include it you could be risking a lot more than just low margins.

Risk based pricing revisited

Understanding the role of margin in your pricing

Avoiding commodity price traps

Internal IT vs MSP

Can an MSP do everything an internal IT department can? That is the quintessential question the world has been asking for 30 years. Just because an organization has an internal IT department does not guarantee that it will be efficient. In fact, all IT departments face the same choices as IT service providers: you can be proactive or reactive.

Struggles of internal IT

Natural barriers of scalability with internal IT

Reactive vs proactive internal IT

 

MSP Market Still Growing

According to Allied Market Research , the MSP market is growing at a solid rate and will reach growth of more than 11%, with an estimated revenue of $594 billion globally by 2031. Now, this study focused entirely on enterprise class MSPs, but it still has some value for the rest of the MSP community.

If managed services is growing at the enterprise level, there is no reason to believe it is doing anything different at the mid-market and SMB levels

The drivers behind the growth are also applicable to all levels of the MSP market; factors such as adoption of cloud computing, keeping IT management costs in line, and increasing data security threats.

At these levels, managed services will represent half of all IT services spending around the world.

 

Does Size Matter in Managed Services?

I hear a lot of MSPs talk about what they would do if they only had more resources. While more resources can make a difference, it isn't the only thing that indicates success in managed services. In fact, there are many examples of large organizations who have very poorly run managed services operations.

Efficiency, not size is what matters

Resources only gets you as far as your process

It's all about execution

N-able CEO Advises MSPs on Upcoming Challenges

N-able held its partner conference in Prague recently and their CEO had some very interesting comments regarding the economy, compliance, security, and other "challenges" facing MSPs.

Headwinds for the rest of the economy are tailwinds for MSPs, if they position themselves correctly 

Major "business" shift for MSPs

This is a very simple adjustment for MSPs, if you don't look at it as a technical change

MDR vs MSP

Do you think managed detection and response is the same as managed services? Think again. Many people conflate these two practices but they are not necessarily the same; although they can be. Confused? Don't be.

Definition MDR

Defining MSP

Venn Diagram solution

Tightening Credit Markets Present Interesting Choice for MSP channel

As the US (and others) government attempts a soft landing from a red hot economy full of inflation and cheap currency, there are two solid choices for the IT/MSP channel. The choice your company takes will greatly depend on whether you are closer to an MSP or closer to a break/fix company.

IT lending

Product (project) refreshes

Using managed services to push through difficult economic periods

Can MSPs "Guarantee" Compliance?

It's no secret that many MSPs are helping clients deal with compliance issues. Whether this is gathering evidence for a client audit, or simply offering traditional managed services to demonstrate compliance for a given framework.

 

However, when it comes to guarantees, compliance may not be the area where you make any guarantees. Here's why.

Compliance within the MSPs' control

Customer interference

Making guarantees in the first place

 

Benefits of Managed IT Services for Proactive Monitoring, Maintenance, and Support - Tech Guide

 

Converting Reactive Clients to Proactive

As some economists are predicting a 2023 Q4 recession, making sure your MSP ship is in excellent condition for potentially rough seas is a good thing. What could you be doing to better prepare your MSP practice for difficult times? Converting as many reactive customers to managed services would likely be a great starting point. Here's some advice on how to do just that!

First, why conversion to proactive is necessary

Migration strategiesCompliance

Security/privacy

It's the only choice!

Get creativeOffer incentives

Sunset your reactive practice

 

Should MSPs get Involved with Customer Policies

This topic was discussed at the last MSPAlliance Inspire meeting and the debate was interesting. What was unanimously agreed upon was there is a role for the MSP to play in compliance with their customers. What was in dispute was whether working on client policies was something an MSP ought to do.

MSP influence customer compliance all the time

MSPs compliance roles

Compliance can involve controls and policies, or both

Weaver Outrage Meter: Low

Don't Rely (too much) on Cyber Insurance

Barracuda surveyed 400 enterprise IT and security professionals globally, ranging from IT managers to CISOs, to discover the biggest cybersecurity challenges businesses face in 2023.

• Are organizations placing too much emphasis on cyber insurance?

• What should MSPs do about this?

• Are cyber insurance policies being used to target ransomware victims?

MSP Economics Update for Q2

We just had the latest MSPAlliance Inspire meeting last week in Boston and it was a blast. A little chilly but the group went to a Red Sox game, had a great time, and also got a lot accomplished. One of the outcomes was an update of unanimous agreement regarding the economy and its impact on managed services operations.

• Is the Q1 slow down still in effect?

• What does Q2 have in store for MSPs?

• What are MSPs doing to plan for the future?

Should MSPs Represent Themselves During M&A Deals?

We are in the middle of a curious period of MSP M&A. M&A deals seem to have slowed, and yet MSPs still report pestering from brokers and buyers trying to sign them up as clients. What can we make of this?

• M&A demand is still strong amongst the MSP profession

• Every MSP (buyer or seller) should have representation

Don't fall for traps that entice you to represent yourself

Weaver Outrage Meter: Low

 

AI Ethics in Managed Services

You heard correctly. Ethics in artificial intelligence. This is going to be a big issue moving forward and MSPs had better familiarize themselves with what is happening because before too long, MSPs will be dealing directly with AI devices and scenarios.

 

Compliance reporting

All the discussion around compliance lately is missing one crucial element: reporting. Without reporting, no compliance exercise you undertake will be of use to anyone outside your organization.

Compliance reporting

Balancing transparency with security

Lessons learned from FFIEC

 

Making Peace with Cyber Consultants

The old adage is "if you can't beat 'em, join 'em." Well, that's not exactly the issue here but it's close. Maybe a better way to put it is "if they can't beat you, they should join you." Cyber consultants are likely here to stay, which is not to say that we can't (or shouldn't) attempt to forge a pathway that is, if not together, at least on parallel tracks.

Cyber workers are like anyone else…they all start from the beginning

Cyber workers need to understand their own career path

Cyber workers need to understand MSPs and be respectful of the role they have