Managed IT Service

mcafee-end-of-life-3Who can security partners and end-users turn to once McAfee products are end-of-lifed? We look at some compelling options.

In one of our recent posts, we highlighted some of the likely disruption caused by Intel’s ongoing end-of-life (EOL) programme for many of its McAfee-branded products.

But EOL must not spell end-of-business, and although we certainly haven’t discovered the secret of eternal life, our research found there are more than enough security vendors and solutions “out there” to fill McAfee’s shoes!

Here’s our shortlist.

Goodbye (and hello) Endpoint Encryption

“People are still the biggest security risks”, proclaims this article in CIO.com.

Yet in June 2017, McAfee is EOL-ing its Endpoint Encryption solution - arguably one of the most effective methods of ensuring that endpoints lost by employees, or stolen from them, cannot surrender their valuable data..

(And its migration path seems murky, involving a product name change and an upgrade.)

Enter its Trend Micro namesake, which enables security partners and end-users to remotely encrypt, lock and wipe any endpoint – including desktop, laptop, mobile, and removable media – so that businesses can still enjoy productivity-boosting mobility, without the associated data breach risk.

Trend Micro Endpoint Encryption also features automated methods of deploying and policing encryption and security policies, plus comprehensive audit and compliance records to satisfy the regulators (a big deal in the light of the approaching GDPR law!)

Fighting evil in the email

The demise of McAfee’s Email Gateway is not due to happen until 2021 – but, at the same time, the evolution of email-borne threats is likely to hasten the search for a replacement, rather than give it breathing space.

Indeed, with the Verizon Data Breach Report recently stating that 77% of malware infections are now due to users receiving a malicious email with a web link or attachment, according to this white paper, security partners and end-users alike need to move fast to secure alternatives.

Vendors’ offerings in this area are diverse, but compelling. Malwarebytes, for example, rolls email protection into an overall layered security approach that does not displace or conflict with existing security solutions – a boon for partners (it offers them an easy additional revenue stream) and end-users (it doesn’t disturb their current security arrangements) alike.

Trend Micro, for its part, offers multiple email security solutions for both SMB and Enterprise clients. Hosted Email Security solution has achieved 99% blocking effectiveness in independent tests, and takes the security maintenance headache off customers’ desks, as updates, patches and hot fixes are delivered 24x 7 by Trend’s own teams.

Smart Protection Complete, for its part, protects not only mail servers and gateways but also the cloud-based collaboration applications like Office 365 on which end-user businesses are increasingly reliant.

Finally, another convincing contender is Bitdefender, whose products have been rated the best tested for corporate security and performance by independent test lab AV-TEST. Its email security solutions within the GravityZone product set also boast the top antispam detection rates and can be installed in minutes!

Mobile security: a moving target

Keeping mobile devices  - official or otherwise - secure in populous, often geographically diverse enterprise environments is always a challenge, but when your chosen security solution ups sticks and disappears into the sunset (as McAfee’s Enterprise Mobility Management will do in January 2017) it’s time to seriously start nailing down alternative options.

Again, Trend Micro plays pretty strongly in this space, with a comprehensive mobile security and management offering (within Smart Protection Complete) that combines protection (DLP, VPN, app control, web filtering, gateway anti-virus etc.) with centralised visibility and control.

The latter means that the entire enterprise’s mobility is easily secured and managed from a single “pane of glass”, taking the pressure off partners and end-user security admins at the same time (a feature also be found, in similar form, in Bitdefender’s GravityZone Security for Mobile Devices).

EOL for McAfee? New beginnings for your security.

This is just a snapshot of the many new opportunities that McAfee’s EOL programme unearths for the security partners who resell solutions or deliver them as MSPs, and the end-users whose business integrity depends on them.

It may be EOL for many McAfee solutions, but that’s AOK when you’ve got a plan to move to something better.

(Psssst! Have you got a plan to move to something better?)

Padlocks SecurityMultiple combined security solutions can be expensive for partners and customers alike, and can cause security gaps. So do integrated suites make more sense?

Calling all security partners - here's a scenario you might recognise: you sell the customer an individual “point” solution to address a specific security need, then you widen the customer’s understanding of their needs and gradually sell them a range of other point solutions to suit. Right?

But is this really the most profitable sell? And isn’t its viability called into question by the fact that the point solutions are only as robust as the glue that’s holding them together?

Here’s what some of the security partners who are our customers told us.

"Individual security solutions inflate costs."

As the quote above suggests, partners must balance the relative ease of progressively selling point solutions with the upward price spiral (and competitive impact) that this process tends to introduce.

Integrated suites of solutions, however, typically tend to be priced much more favourably; entire suites of security products can often be bought by the partner for a fraction of the price of combining point solutions!

But it’s not just about licensing costs. As you’ll read below, industry analysts support the idea that an ecosystem of integrated solutions will be more resource-efficient, enabling repositories to be shared effortlessly between the component solutions within it, and minimising operational costs too.

“Managing complexity is an expensive problem with point solutions.”

Essentially, this boils down to two issues.

Firstly, effective security has to work seamlessly across multiple layers (endpoint, application, network) but it has to do so in a user-centric way.

But if you stitch myriad point solutions together there is typically no centralised console for easily managing security across all these layers. Solutions for every layer then have to be managed in isolation, seamlessness evaporates, and admin and management overheads are multiplied, biting deeply into operating margins.

Secondly, point solutions, by their nature, are not greatly flexible, so they put partners into a complex and therefore potentially costly technical position when it comes to scaling to meet growing user demand, or deploying across mixed on-premise, cloud and hybrid environments.

In short, layered security suites are essential to enable partners to protect their customers comprehensively – but if those layers can’t be controlled from a “single pane of glass” then those partners are heading for a huge profitability drain.

“Combining point solutions doesn’t work 100% - it leaves security gaps.”

This is perhaps the most fundamental observation of all, explained best by industry analyst firm Forrester in this paper.

They say that in systems “protected by separate point products with isolated intelligence analysis/policy engines and management consoles, complexity increases and gaps in security coverage are more likely to present opportunities for exploit by malicious parties.”

They also confirm that integrated suites incorporating layered security offer partners (and customers) significant reductions in “operational friction” and cost, as we have already mentioned above.

“Point solutions have limited threat coverage.”

Related to what we’ve said above, if point solutions struggle inherently to work together, it’s logical to assume that, as attack surfaces and threat vectors proliferate, this shortcoming degrades even further - and there comes a juncture when point solutions effectively become functionally unable to cover off the full spectrum of threat sources.

A cursory glance at the kind of threats that integrated security solutions must now protect against reinforces this view.

Endpoints, smartphones and tablets no longer cut the mustard. Instead, protection must extend to USB, removable drives, mail and file servers, messaging and web gateways, collaboration portals, instant messaging (IM) servers – and, as we noted in a previous post, cloud applications (like Office 365) whose use within businesses is skyrocketing.

Clearly, however, not all point solutions are created equal. A carefully assembled, multi-vendor solution, using only established best-of-breed components, might arguably be up to the tasks demanded of it -  but at what cost?

Disparate licensing agreements. Disparate billing arrangements. The need for a separately purchased and configured remote monitoring and management (RMM) console...

These obstacles are a world away, in cost and complexity terms, from a one-vendor solution with specialist components that target specific security layers, and with its own in-built "single pane of glass", delivering unified management, from very first use, across the customer's entire security estate.

Buyer beware!

Conclusion: integrated suites make security (and business) sense

According to experts quoted in security publication CSO Online, 2016 is the year of advanced cyber attacks, insider threats, ransomware, “cloud wars” - and a huge shortage of in-house cyber talent that security partners will have to help their customers to fill!

Against the backdrop of this surging demand, the notion that partners can profitably supply and effectively manage individual point solutions to simultaneously address such a vast (and growing!) expanse of ever more sophisticated threat sources doesn’t stand up to reasoned analysis.

There seems to be only one sensible way forward for partners in the security channel, and Forrester once again nails it when it writes: “Integrating the security management and analysis within each layer is crucial when protecting against advanced or targeted attacks.”

The day is surely coming when there simply won’t be much point in point solutions.

Cloud App SecurityOffice 365, Google Drive, Sharepoint: businesses love them, but we ask if security vendors do enough to help partners address their known vulnerabilities – profitably!

In a recent post, we looked at the known security limitations of cloud-delivered applications like Office 365, Google Drive, Sharepoint, and others.

As we pointed out, identifying security weaknesses in these platforms and providing cloud app customers with solutions to them can prove profitable, according to industry commentators – but are security vendors even addressing this space in the first place, let alone in a way that enables vendors to make viable margins out of it?

Cloud application security: how big is the pie?

The first point we need to make here is that the potential market for these kind of security solutions is big and growing. Since 2011, as this Worldwide Cloud Applications Market Forecast 2015 – 2019 shows, the Cloud applications market has more than doubled, and now accounts for 20% of the overall enterprise applications space.

By 2019, Cloud applications subscription revenues could make up 35% of the total addressable market opportunity.

Captured amongst all that, of course, are the very applications businesses most want MSPs and other partners to provide – hosted email, file sharing, collaboration, and so on.

And these are the very applications that, whilst delivered in a secure manner, are not fully able to secure the content that passes through them, making them vulnerable to risks like advanced and hidden malware, ransomware, phishing attacks, leaking of sensitive data, file sharing on unauthorised devices, and remote user network breaches.

In short, there’s plenty of pie available – and cloud application security is potentially the utensil that enables MSPs and other partners to carve themselves a sizeable slice of it!

Delivering security for cloud apps: how hard can it be?

But the second point we have to consider is that cloud applications need security that is built expressly for cloud computing conditions – and existing security techniques fall down badly in this respect, resulting in few solutions that are fit for purpose.

Just take a look at traditional web monitoring, for example – it funnels traffic out of the cloud and into a separate service, adding significant latency that negatively impacts both performance and capacity.

Only if pre-cloud approaches are consigned to the dustbin, and direct cloud-to-cloud API integration is offered in its stead, can vendors play strongly in this space, and partners reap the benefits.

In this scenario, a literally instant cloud app security deployment is possible, requiring nothing more than the submission of administrator credentials for the apps in question.

Bundling, licensing, pricing – can partners make money out of cloud app security?

Quite apart from the fact that very few vendors are actually active in the cloud app security space in any serious way, my third point is as much to do with the partner model as it is with the scarcity of those offerings.

Even if solutions were plentiful, reselling them in a subscription or perpetual licensing model produces the same challenges that any other reseller in any other IT market encounters – high upfront subscription costs, unpredictable income, lack of flexibility to scale services up and down (and missing out on the additional revenue that such upscaling generates).

The risks of this approach are well documented - but then if so few vendors are in this space in the first place, how many of them do we think are in a position to offer the potentially more profitable MSP alternative?

Then there’s the question of how vendors actually incorporate cloud app security offerings into their overall security portfolio – or don’t! Currently, the view from the bridge here is that one prominent vendor is now bundling cloud app security within its existing security services, in a cloud-based MSP model, at no extra licensing charge – but other vendors haven’t even started to play catch-up on this.

In conclusion: cloud app security vendors could do better

There it is, then: cloud app security solutions are rarer than hen’s teeth!

They demand an instantly deployable, cloud-centric architecture that most security vendors simply haven’t applied to this space, a margin-rich partner model that the vast majority of vendors seem unready to offer, and a “business as usual” attitude to bundling that, for many vendors, seems too radical a string to add to their bow.

That massive cloud app pie is there for the securing – but, as it stands, most vendors aren’t even making a dent in the crust, still less serving up anything that profit-hungry partners would find a tasty proposition.

Businessman pushing virtual security button on digital background

The Web opens a window between networks and the world, creating risks businesses can’t manage. We look at 3 killer web security features that put MSPs in this space.

According to the Threat Landscape 2015 report published by the European Union Agency for Network and Information Security (ENISA), the “observed current trend” for web attacks is described, simply and rather ominously, as “increasing”.

Of course, what this also means is that the opportunity for MSPs to play into this space, by managing organisations’ web security headaches for them, is potentially huge.

But the market is crowded - so what are the killer web security innovations MSPs need to offer to really differentiate themselves from competitors?

Innovation 1: defeating outbound threats in a pure service model

Web attacks aren’t just inbound – in fact, the most devastating consequences can occur as a result of outbound traffic, for example if a Botnet, Key Logger, or other malicious program sends out information from within the customer’s network.

The innovation here is happening on multiple levels.

MSP solutions are now taking over the role of constant outbound web security monitoring that customers’ teams often simply do not have the capacity to provide.

Immediate alerts, by email or SMS, when a threat is detected, plus automatic blocking of malicious requests, protect the business from haemorrhaging its own IP and sensitive data, and safeguard teams’ core productivity.

Network usage and threat analysis reports, delivered to inboxes, then enable stakeholders to understand top threats, overall network traffic, and trends, enabling them to adjust security policies and manage future risk.

Ease of deployment: we are now looking at MSP solutions that require no on-site hardware or software, and can protect the entire customer network instantaneously simply by being “pointed” at the security vendor’s DNS structure.

Lastly, protection is no longer a trade-off against performance. An MSP delivering a web security service like this one benefits from over 2,500 auto-updates to its threat definitions daily, but doesn’t have to funnel checks and traffic through the bottleneck of a proxy server - thus maintaining optimum surfing performance.

Innovation 2: visibility into cloud apps and social media

As one vendor has explained, “Ten years ago, web security meant stopping people going to the wrong website. Today…it has become increasingly about visibility and analysis of activity within cloud applications that employees are accessing,..”

Across services like Facebook, Dropbox, Twitter, and even enterprise applications like Salesforce, what are customers’ employees posting or uploading? Is it appropriate to the audience it reaches? What are they clicking on? How are they storing sensitive data, where are they sending it, and why? Are they using language that could hint at malicious or criminal intent?

Any one of these concerns is a potential reputational and compliance timebomb – but MSP solutions are now available that take the heat out of HTTPS in three ways.

Firstly, it is now possible for MSPs to deliver visibility into cloud application usage, enabling customers to see actions like file uploads, message posts, data storage, and look inside the content of risky or suspicious activity.

Secondly, MSPs can now control access (or enable customers to control access) not only to cloud applications, but to specific features within them – by individual, role, device and location.

These can include, for example, functions that enable users to upload or delete profile images, remove a public link, permanently delete files from a recycle bin, disable a security group, and many other types of actions that can be high-risk in certain contexts, both with and without malicious intent.

The massive productivity gains that cloud apps can deliver are thus largely retained, but at a far lower level of accompanying risk.

Thirdly, this “cloud application control”, to be viable across multiple applications, and, potentially, hundreds or thousands of users, has now evolved into a centralised service that can be controlled from a single dashboard, reducing admin and management overheads, and enabling MSPs to keep their margins keen.

Innovation 3: holistic threat view

Analysis of web attacks in isolation does not always deliver the full web threat picture. Web users are invariably email and collaboration software users too, for example, so web threats often propagate through these channels, via vulnerable endpoints.

The danger for the MSP providing a web security service is that if they don’t have a truly holistic view of each user and the threats that have been ranged against them in the recent past, the true threat pattern – and so the true extent of users’ vulnerability – will not be fully understood. Service fail!

But MSPs are already over this hurdle, for two reasons.

They can now access a centralised management console that makes all the relevant threat data visible in one synopsis, (an example of which is shown in this video).

And the web security application itself can be connected to other security applications (email, collaboration, endpoint) in one integrated service.

The benefits of this approach are immediate, in the sense that the customer is less likely to get caught out by a threat pattern that the MSP’s service hasn’t picked up on!

But they’re also forward-looking, as threat intelligence is actively shared between applications, making detection of multi-channel threats easier in the future.

MSPs and web security – the future

But let’s play devil’s advocate here for a moment. MSPs can deliver services around everything from email provision, to backup and business recovery, to accounting and finance, to business analytics, and more besides. There is no shortage of growth markets for MSPs – so why choose web security?

None of us have a crystal ball, but the view from the bridge at analysts The Radicati Group looks pretty decisive in this summary of their 2015 to 2019 predictions.

“The Corporate Web Security market”, they say, “continues to grow at a fast pace, fueled [sic] by on-going concerns about corporate security… The market is expected to grow from over $2.1 billion revenues in 2015, to over $3.9 billion in 2019.”

The Group also tells us that “Cloud based Web Security solutions are seeing increasingly strong demand”, bolstered by the need for “powerful Web Security protection on the go, without the complexity of connecting back to the corporate network.”

The web security market is on the up. MSPs just need to make sure they’re delivering the right features to get a profitable slice of it.

Benefits of managed IT servicesTwo thirds of companies now use managed service providers (CompTIA survey). But how should MSPs educate customers about the services they provide? See these tips.

In my last post, I wrote about the benefits of selling services through the MSP model, rather than relying on old-fashioned, unpredictable break-fix.

All well and good, but that’s often also about selling your customers on something new and different, when they’re used to something established and familiar – and we all know how difficult that can be!

So I spoke to some customers and some colleagues, and cast around on the internet, and came up with these useful tips to help you convince your customers that MSP is the way forward!

1. Don’t major on the technology. As this article in CRN eloquently argues, the mechanics of features and functions are absolutely not what will prompt your customer to make a decision in favour of MSP.

What your customers are really interested in is how MSP solutions can help them decrease risk, reduce costs, and – perhaps most critically of all – increase productivity.

Industry reports and analysis can strongly support your pitch in this respect. Comptia’s annual Trends In Managed Services research, for example, (you can see a non-gated slideshow summary here), contains some excellent references to productivity gains, savings, and ROI, all of which will be useful to you in a sales situation.


2. Ditch the “jargon monoxide”.
Do you have any idea how downright poisonous some of the language accepted in IT circles can be to someone seeking to make a purchasing decision?

Simplicity and clarity are watchwords in any sales situation, but when you’re trying to persuade a customer to abandon the break-fix model that they may have trusted for many years, they become critical. Test your pitch on friends, family members, and deeply non-technical colleagues – and if they don’t instantly “get it”, rethink it.

The psychological impact of obscure language is immensely damaging to MSP sales relationships – as this piece in MSPblog explains. Want to make your customer feel stupid? Make them feel like they’re excluded from your clique? Want to make it sound like you’re lying through your teeth? Then carry on using the jargon.

Change is already disruptive and painful for customers – don’t make it unfathomable and repellent too.


3. Get over the monthly rate objection.
From your point of view, the fixed monthly payment for your MSP services makes perfect sense – regular, predictable income in return for always-on monitoring and service.

Only, many customers won’t necessarily get that last part. In their mind, the choice you are giving them is between a monthly outflow of cash to protect them against something that “might never happen”, and an hourly rate that they only have to pay if something goes wrong.

The way to convince them is to highlight just how bad things could get if that something does go wrong. Would they get hit by financial loss if they were to experience more than, say, an hour’s downtime, for example?

How much have they invested in their IT infrastructure and how much more would they have to add to that to cover hourly-rate remediation in the event of something like major data loss or theft?

You won’t have to search very far to find some seriously compelling statistics on this subject. I wrote in another post recently that 58% of SMBs could not withstand any data loss whatsoever.

Consider, in addition, that data loss and downtime cost the UK £10.5 billion per year, according to this piece in TechWeek Europe, and one Gartner analyst has cited an hourly downtime cost, based on company size and type, of between $140,000 and $540,000 per hour!


4. Listen to pain points and tailor solutions.
The MSP model has brought a flexibility to the sales process that previously didn’t exist – particularly when it is teamed with solutions delivered through the cloud that can be switched on and off and scaled up and down on demand.

In fact, the reality is that there are very few solutions you couldn’t offer in an MSP version to meet your customers’ varied needs. From endpoint security, to data backup and recovery, and of course much more, it’s all up for grabs – but you need to understand your customers’ pain points first!

As MSPAlliance recently put it, (my italics), "MSPs must become supremely comfortable interacting with customers on a business level. This means knowing the business of your customers and being able to ask questions and listen to what causes them pain. Once the pain point has been identified, a technical solution to it can be created."


5. Master the proposal process.
It’s not only complex language that turns your MSP prospects off, it’s a sales proposal process that feels like it’s trying to funnel them into a one-size-fits-all solution, exacerbating their fear of the new and unknown.

The MSP model makes possible multiple alternative solutions in multiple combinations, so use them to give your customers a sense of choice and control. This isn’t break-fix-land, where every additional solution ratchets up the risk of an hourly-rate repair job, so don’t pitch it like it is!

For a superb, methodical sales proposal process that will help you to convincingly align solutions options with your MSP customers’ needs, check out this MSP blog post.


Get selling to your MSP customers!

I’ve said enough now – it’s your turn to evangelise! But remember, if you’re asking your customers to turn their back on the devil they know, they might need a little help understanding that MSP solutions could be their guardian angel…

break-fixThe break-fix model is out of date; staying with it means falling behind the competition. So we look at the benefits of moving your business to an MSP model instead.

The IT business is famous for its convoluted language and ever-changing buzzwords, but the essence of the break-fix model adopted by so many IT channel partners is as simple as it ever was – wait for something to break, then get called in to fix it.

Is this really the way forward? The problem, fundamentally, is that no matter how diligently a break-fix company delivers its reactive-only services, the fact that they are reactive-only immediately puts them in the lower branches of the service quality tree.

In short, to move their services up the customer value chain and make them more profitable, break-fix companies have to go proactive instead, preventing the breaks before the fix is even needed! And that means changing to the MSP model.

Here are a just a few core MSP benefits that decisively trump the old-world break-fix approach to doing IT business.

Predictable, recurring revenues

Think billing customers hefty amounts for break-fix intervention is profitable?

Think again. Break-fix is an expensive service to deliver because you can’t predict when something will go wrong. This means multiple ad hoc scrambles to deliver services for which the associated labour and time costs are notoriously hard to estimate and control.

Make no mistake, break-fix renders cost and budget planning almost impossible, and so can quickly turn out to be a drain on the business.

(In fact, for an entertaining tour through no fewer than seventeen separate reasons why break-fix is a bad idea, read this piece from MSPAnswers.com.)

The MSP model, on the other hand, generates a reliable, recurring monthly fee, enabling predictable cash flow month in, month out, and with no requirement for customers’ systems to break!

Ultimately, this supports the planning process that underpins business growth – if you know how much your costs are each month, you know how many contracts you need to bring in to turn a profit.

It’s a far cry from waiting for something to go bang and then frantically working out how much you need to charge the customer for it to cover the lean weeks of recent times and those yet to come!

Higher-value customer relationships

Your core differentiator, as an MSP, is that you are not paid to fix the customers’ systems, you are paid to monitor them and prevent issues from taking hold in the first place, using, for example, RMM (Remote Monitoring and Management) tools, like this one. and PSA (Professional Services Automation) tools, an example of which is shown here.

What this in turn means is that you are no longer relying on your customers to fail in order for you to succeed; this positions you as a “trusted adviser” and enables you to forge stronger business relationships with them.

These stronger relationshjps pave the way for you to expand your service offering, grow those all-important monthly revenues (and the margin you’re making on them), and they also make your customers more likely to recommend you to other prospects!

Lower staff costs, higher productivity

The much-vaunted “single pane of glass” – a portal or console that enables you to easily onboard and manage devices, customers and users, no matter how many of them there are – is now a firm reality in the MSP universe.

Consequently, it takes far fewer staff to manage customers’ systems, which in turn delivers higher productivity at much lower cost. Needless to say, the same console can typically be used to deliver additional services to existing clients, on demand, instantly swelling your revenues and binding your customers closer to you.

Stops you cutting your own business’s throat…

With traditional break-fix services, the only way to make money is if something goes wrong. This is a double-edged sword; the danger is that if you do your job too well, you’re out of business (as if to reaffirm this, insolvencies amongst IT and communications companies rose by 22% at the end of 2014, compared to the previous year, according to research from Exaro).

Don’t do the job well, however, and the customer will soon see through it and be off consulting another provider.

With the MSP model, of course, all of this ceases to be an issue, because you are measured on your ability to monitor and to prevent disruption, not on your ability to clean up a mess once it’s already happened. You’re delivering a service that is always on and always revenue-generative, not sporadic correctives that temporarily plug urgent holes in your cash flow!

In conclusion: tips for moving from break-fix to MSP

Nobody’s suggesting moving from the break-fix model to the MSP model is painless – it isn’t (not least because you’re actually moving from one mentality to a fundamentally very different one).

But the Web is well stocked with helpful articles (like this one) calling out the essentials, others (like this one) giving more detailed advice on how you should actually price your MSP services, and discussion forums (like this one) that share the experiences of companies that have already made the transition.

Break-fix is broken. Talk to an MSP vendor about it, talk to an MSP distributor about it, talk to an MSP customer about it, but talk to someone, and soon.

Otherwise the next thing that breaks could be your bottom line.

buy-rentAs far back as 2009, industry media (in articles like this one) were announcing the factors that were already triggering a critical move from the reseller model to the MSP model.

Customers’ reduction in staff and IT budget, hardware end of life, and the rise in remote and virtual working were foremost amongst them.

None of these things have gone away. So if you’re still a traditional reseller, how do you break out of break-fix and into this thriving MSP market? What are the benefits? And is your business really suited to doing it anyway?
 

From reseller to MSP: the benefits

Let’s start with the upside, distilled from these points, previously identified by IT channel analyst Paul Myerson (with some caveats!):

  • Recurring revenue – The MSP model is based around an established monthly income that can increase as more users are brought on board, whilst keeping the costs of that onboarding extremely low. Result: more predictable budgetary planning, but also keener margins!
  • Add-on sales – The delivery of MSP solutions, particularly in a cloud context, is much easier to “build out” than in a traditional reseller scenario. The MSP can bundle additional products and services during the term, which enables them to extend the contract.
  • Brand trust or marketing muscle? – Many major vendors now sell solutions that were designed from the ground up for the MSP and cloud market, so there is a strong baseline of credibility in these offerings.

But if you choose to white-label your service (and many MSPs now do) you lose much of this brand association, so you need to hook up with a vendor that helps you to plug the credibility gap by giving you ready-made end-user marketing campaigns and content.

These help position you as a knowledgeable, trusted advisor. And, as Myerson notes, “The trusted advisor can charge more…”

  • Customer penetration – The MSP model is often seen as a “hands-off” approach, but the fact that an MSP can quickly spin up and remotely support new services is a catalyst to further customer demand. The MSP model doesn’t eliminate customer touch-point - it gives the ones that remain the potential to be much more lucrative!

In addition, as we’ve noted in a previous post, as the MSP model essentially allows you to move from owning reseller licences (capital expenditure) to subscribing to a service (operational expenditure), it avoids those big upfront licensing hits to your bottom line.


But is the MSP model right for my business?

All that said, the MSP model is not a panacea for all resellers’ ills. As this excellent piece in SearchITChannel explains, you might struggle if you have issues with:

  • Technical and support expertise – You can buy this expertise in from the vendor if you can’t front it yourself, but if you’re sourcing the solutions from a distributor then relying on the vendor adds an extra dependency into your service capability. Look for a distributor with their own in-house technical and support expertise.
  • Complexity of service delivery – Acccording to research from Markets and Markets2, the annual growth of the SMB managed services market will exceed 20% by 2020. So even if you don’t focus on enterprise clients, as an MSP you would likely be delivering more services and managing more customers and users than you ever were in the reseller regime.

If your reseller business can’t shift, technically and culturally, to using more automated methods to accommodate this, such as the RMM (Remote Monitoring and Management) tools that we explored in an earlier post, it’s heading for meltdown.

As one RMM vendor opined in this piece, “…a new MSP must be careful not to over-commit themselves; doing so may put them at risk of losing money very quickly”.

But if they can avoid this by being “proactive” and automating “some of the routine IT support responses”, they can “offer far more value to their customers.”

  • Change and evolution – Lack of MSP market knowledge and skills can be a serious hindrance, but many partners have been reluctant to embrace MSP and cloud learnings, even though they are capable of boosting their business.

 Market researcher ESG, for example, cited in this piece in MSPMentor, found that “most partners remain dependent on traditional product resale and express discomfort when it comes to the financial risk of change.”

Again, this is a strong argument for working with distributors who have extensive MSP market knowledge and can help influence internal stakeholders by “hand-holding” them - from validating prospects to providing support when the service is up and running

But it’s also a strong argument for going for the low-hanging fruit first. According to this piece in MSP Alliance, for example, “Even the least skilled MSPs can deploy an effective cloud backup solution… Backup can be a very lucrative business line for MSPs… it does have the potential to be a big part of any MSP's service catalog.”

And that data backup is just one part of a much wider cloud security opportunity; one that, according to the same publication, is “set to experience double-digit growth” from 2014 to 2017, with “everything from email security to identity and access management heading to the cloud.”

Focus here first, then, perhaps?

Conclusion: MSP is not without its challenges

But the MSP market’s not all fat margins and cake for everybody. In fact, as this recent article argues, it’s becoming something of a bear pit.

Companies that previously had no MSP aspirations or skills at all – office equipment dealers, print companies, and so on – have all “thrown their hats into the ring as managed service companies.”

On the one hand, perhaps if they’ve made the leap to MSP, you can. But unless you can differentiate yourself in a crowded market – through vendors, solutions and distributors that give your services some kind of distinctive edge – you could find the going rough.

BS-RMM

What’s behind the importance of Remote Monitoring and Management (RMM) tools in the partner universe?

As Techopedia helpfully explains, RMM is the “proactive, remote tracking of network and computer health”, and typically delivers a set of IT management tools that enable technical staff to maintain service delivery more efficiently and productively - like trouble ticket tracking, and remote desktop monitoring and support.

But, inevitably, not all RMM solutions are created equal. So what is it that makes for a RMM tool that keeps your customers happy and your support teams’ productivity keen?

We looked into a number of recent comparative articles and reviews (like this one in Business Solutions and this one in TechTarget’s SearchIT Channel, amongst others) and came up with this (hopefully!) helpful wish-list:

1. Ease of deployment

“The choice you make when selecting RMM software often boils down to the best combination of integration, deployment and automation characteristics”, writes SearchIT Channel’s John Moore, and to my mind, deployment ranks right at the top of this hierarchy.

Why? Because the less you can disrupt your (and, by potential extension, your customers’) business with your RMM deployment, the better.

So look for solutions that can deploy selectively to one device or a group of devices, and to one location or multiple locations, in one smooth movement.

Consider the hardware onboarding, too; automatic provisioning is far less disruptive than manual, but Mobile Device Management (MDM), for example, will need to be cross-platform (iOS and Android) and offer easy enrolment and configuration functions.

Ultimately, you need to be comfortable with the vendor’s and solution provider’s role in all this, too. What sort of hand-holding or on-boarding will you receive during those crucial first few weeks? Is it restricted to self-help online tutorials, or will it follow a structured statement of work delivered by an engineer on a 1-to-1 basis?

And will they offer you any kind of satisfaction guarantee to protect you against the potential infelicities that shifting a hefty slice of your business productivity to a single platform could occasion?

Much of this is driven, in reality, by whether you choose a cloud-based RMM platform or an on-premise one – so shop around for solutions providers who offer options, to enable you to properly balance risk and return.

 2. Asset coverage and management

RMM can’t effectively monitor or manage anything unless it’s pointing to the right sources of information, and has within it the appropriate management tools.

Your RMM solution needs to work tightly with customers’ workstations, servers, printers, routers and mobile devices, but you also need to be able to slice and dice the monitoring and management by whatever criteria suit you best in any particular situation – by OS, by application, by location, and so forth.

The more geographically, technically, and logistically complex your and your customers’ operations, the more beef you need under your RMM bonnet!


3. Usability and minimal training requirements

Whichever kind of RMM you deploy, users have to be able to use it! For partners and MSPs, that’s principally operators in their own organisation (technical support staff, or perhaps, on occasion, account managers) but customers might need access to the solution, too (in a corporate enterprise deployment scenario, for example)          .

Either way, complexity can spell disaster. The Standish Group, a research outfit that tracks corporate IT purchases, has found that complexity is at the root of some 66% of all IT project failures or late deliveries.

Consequently, your RMM solution has to be built on intuitive features that are easy to master, should be able to orchestrate workflows to prevent human error, and must generally reduce the learning curve for the operators.

Look in particular for features like pre-configured groups, searches, templates and schedules, so that your teams don’t have to hand-craft monitoring and corrective routines on a day-to-day basis.

4. Automation

Related to what I said above about training, automation is the secret ingredient in making an RMM solution function effectively out of the box, and therefore enhancing the productivity and customer satisfaction it can deliver.

In any event, insist on pre-loaded monitors and alerts (so that you can go from both proactive and reactive investigation.)

But be wary: you need to get to the bottom of how quickly and precisely you can choose which of the hundreds of automated elements should be ‘on’ and which should be ‘off’. Does it involve cumbersome, costly trawling through countless groups, and individually cherry-picking the elements?

Or is there a more business-driven approach (such as allowing you to selectively turn off, say, all the Exchange or SQL server performance monitors at once, as opposed to their individual constituents?)

In the search for RMM zen, not all automation is nirvana!

5. Remote capability

Of course, none of this really works for your customers at all if your RMM solution’s remote support capability is lacking. If you can’t easily deliver support straight to a user’s screen, you’re not providing much of a service.

In an ideal world, the “stealth” functions of the RMM platform – the ones that enable you to support customers by making helpful changes and adjustments to their machines without them even knowing, and without interrupting their work – rule.

But sometimes, interrupting the user is unavoidable. Whichever situation you find yourself in, prefer a RMM solution with a native remote support capability, rather than a connection to a third-party one.

The former is controllable from within the solution itself, with one click, alongside all the solution’s other functions (the oft-cited “single pane of glass” approach) and will deliver a more seamless support experience to the end-user.

6. Integration capability

Finally, integration looms large on many MSPs’ and resellers’ RMM agendas. The ability to work with a “supporting cast” of existing applications (including security) not only diminishes customers’ operational headaches, it also creates a three-stage virtuous commercial circle.

The RMM solution becomes saleable because it works securely with existing applications sold by the partner, enabling it to potentially add an extra revenue stream to each customer.

New applications become saleable because they can be easily controlled thanks to the RMM solution, enabling the partner to into existing customers.

And for new customers? Rinse and repeat on both counts!

RMM: which solution to choose?

Essentially, it boils down to this: MSPs and resellers don’t know how their markets are going to diversify in the future. They may be selling one kind of service today, tomorrow it could be another, depending on where there’s profit to be made.

But they’ll all be online, they’ll all be remote, and they’ll all bankrupt the partner if they don’t integrate with a RMM solution that helps to transform the burden of keeping the service running into a highly automated – rather than costly manual – process.

One RMM solution to serve them all? Now that would be a great thing to sell.

manage-backup-banner

Here’s the terrifying truth: according to industry analysts Gartner Group, in this recent article, only 35% of small and medium businesses have data backup in place for disaster recovery (DR) - and 70% of them do not believe that their backup and DR operations are well planned!

So that’s 65% of SMBs just waiting, apparently, for IT channel partners to sweep in with a convincing new backup or DR solution, and swathes more of them looking to the channel to help them either replace or improve the solutions they are already using.

Only it’s not quite that simple. Firstly, there is a fast-changing regulatory environment, which is outpacing many of the DR and backup solutions available.

Secondly, end-users are clamouring for unprecedented ease of use. Forget complex on-premise applications that suck up admin resource; in Gartner’s words, today’s business users want one simple data backup solution that meets all their RPO (Recovery Point Objective) and RTO (Recovery Time Objective) requirements.

A big ask?

Backup and recovery challenges: is MSP the panacea?

On the face of it, backup and DR services delivered in an MSP model would seem to be a great fit for these eager but choosy end-users.

Rapid to set up (often within an hour or two), easily scalable (so the service builds margin and profitability for the channel partner as it grows), the MSP approach also removes complexity from the mix, smoothly delivering viable alternatives to partners whose long-standing offerings have too limited a scope for their business today.

And as the MSP model is naturally compatible with the cloud, it helps get the thorny mechanics of backup and recovery off hard-pressed IT managers’ desks, slashing on-premise risk and admin overheads.

But beware - there are dizzyingly stringent forces at work in the background, potentially challenging many MSP backup and DR solutions’ licence to operate. EU data protection directives are now being reworked and will become regulations – that is, they will assume uniform force of law across the 28 signatory countries – by 2017.

Make no mistake, for MSPs and other service providers, these changes are a big deal. They make MSPs, as data processors, explicitly responsible for breaches in any data they have “touched.”.

Fines may be as high as €100m or 5% of global revenue (whichever is higher), in stark contrast to the current UK limit of £500,000!

 

Backup & DR: the MSP proof points

Clearly, the data regulators are upping the ante, so here’s how to ask questions that will help to identify the MSP backup and DR solutions that can be profitably delivered in this newly draconian environment - without engendering insane levels of legal and reputational risk!

1) Data centre - citadel or sitting duck? Firstly, Is the data all in one centre, or is it mirrored between different sites so that data can instantly fail over to another centre in the case of an outage? Is the data centre elsewhere in the EU, or in the UK, where it’s ultimately more manageable?

At the very least, the data centre should be ISO 27001-certified. But additionally, consider what physical security there is on site, and how long the generator fuel will keep the centre online in the event of a power failure.

(If all this seems like nitpicking, remember that €100 million fine for the consequences of getting it wrong…)

2) Speed, frequency, and data volume – Some 80% of businesses experience a shutdown if they can’t get to their data.

 Yet the fact is that, often, when backup software is tested against large, complex data sets that emulate those of a real-world production system, the time it takes for the backup to complete  - despite even the most ample computing, I/O and bandwidth resources – does not fit within the required backup window.

And that window is shrinking. Indeed, as Information Age recently put it, “with today’s expectation that services will be available around the clock, every day of the week and with an increasing data volume, the back-up window is constantly being squeezed… more than ever before.”

This raises another pertinent point. When uploading of data is not an option, due to bandwidth constraints, can large data sets be “seeded” to the solution provider instead? And will this attract extra fees that will eat into partners’ margins?

Likewise, does the solution make it possible for the partner or end-user to instantly access large amounts of data without the prior need to download it in its entirety? The most powerful MSP backup solutions use clever technology to eliminate this latter bottleneck.

3) Security – In a multi-tenant cloud MSP environment, global encryption keys and space-saving deduplication (each of which can be used to unlock customer-confidential data) should frighten partners and their end-users alike!

 Partners need to be sure that their solution providers’ offerings use both source-side and global deduplication. This makes the data tamper-proof by ensuring that each customer’s unique encryption key remains valid only for their own data set, whilst intelligently managing the shared data pool as it changes.

Finally, solution providers should use the latest, government-standard 256-bit AES GCM encryption technology, both for data in transit and at rest.

Settle for nothing less!

4) Cost, effort, and complexity – Managing hundreds of DR and backup end-users manually does not scale, invites security errors and, ultimately destroys margins. Partners need to quiz solution providers about whether they offer integrations that simplify customer and technical management, including remote monitoring (RMM) and “single pane of glass” operating consoles.

Likewise, when things do go wrong, where is the support coming from? Chasing it down across continents and timezones is stressful, time-consuming, and, therefore, expensive. Prefer a service provider that offers UK-based support, 24/7.

 

The size of the MSP backup/DR opportunity

So with regulations stricter, but end-user expectations higher, than ever before, is there still money to be made from managing the provision of a MSP backup and DR service?

The answer seems to be a resounding “Yes”! Analyst MarketsandMarkets, for example, predicts global growth in the DR service market from $1.42 billion last year to $11.92 billion by 2020, a compound annual growth rate of 52.9%.

But, like everything else in business, it’s about backing the right horse - so choose your tipster wisely.