MSP

AppRiver Nautical PlatformAppRiver’s Nautical platform makes all aspects of security service provision manageable from a “single pane of glass”. We look at the benefits.

For security service providers, or resellers wanting to break into the MSP space, there is a double challenge at hand: selecting solutions whose performance will delight their customers, yet that are easy enough to “drive” on a day-to-day basis to prevent margins being eaten away by costly management overheads.

This is why the appearance of AppRiver’s Nautical platform has set our antennae a-twitching. It promises a unified management console that enables service providers to deliver and manage a raft of cloud-based security solutions from one place, without the profit-sapping expense.

Here are just a few ways in which that could benefit service providers and their business.

The business benefits of Nautical, (1): Devolved management

Managing everything from under a “single pane of glass” is a seductive sell, but (I hear you say) doesn’t that just make for a crammed and complex window onto your world, which in turn drives management and admin costs up?

But Nautical turns this on its head, by enabling role-based interaction, so that different users each have different views of what is under the pane and can exercise different levels of control over it – and this includes the end-users themselves.

In this way, management workflows are made more targeted and efficient, but also flexibly devolved to customers where possible - taking even more of the admin burden off the service provider’s desk.

AppRiver Nautical Management
A single pane of glass, multiple kinds of access and interaction - cost reduction through targeted workflows and customer self-service (Click to enlarge)

The business benefits of Nautical, (2): Easy upscaling

Theoretically, cloud-delivered services can easily scale up to meet the needs of increasing numbers of end-users, thus supporting service providers’ revenue growth.

But critical to this process is the ease with which those new users can actually be brought on board. All the cloud service capacity in the world is no money-spinner if it is difficult, time-consuming and costly to connect users to it.

One of the killer new features in Nautical is a configurable user account management function that enables new users to be brought on board, and the overall user count to be increased, very easily.

Previously, this would have entailed multiple workflows in multiple environments; using Nautical, however, it is now a far simpler (and therefore cheaper) process.

AppRiver easy upscaling
More users, more usage, more revenue – and bringing them on board’s a cinch (Click to enlarge)

The business benefits of Nautical, (3): App-style agility and healthchecks

To go back to a previous point, bringing on additional users also inevitably drives demand for more products and services. Any service provider that delivers on the first point but not the second is painting themselves into a corner.

Nautical, however, makes it possible for both service providers and their customers to add and integrate new products and services with the kind of pick-and-mix agility you’d expect from something like an app store.

But (I again hear you ask) doesn’t that, in itself, create another management challenge – namely, monitoring all those disparate products and services without excessive (and expensive) manual intervention?

Here, too, Nautical comes up with the goods, thanks to its cross-product diagnostics that deliver a single, regular, unified application healthcheck to service providers’ customers and all the solutions they’re using.

Apps on demand
Apps on demand – and a unified monitoring and management system to keep them profitable (Click to enlarge)

What else should you know about Nautical?

Nautical has been described as “an entire channel programme in one portal”, but what’s really striking is that this deep integration across all aspects of security service provision comes at no charge.

Nautical simply becomes automatically available when a service provider chooses to deliver AppRiver’s security solutions – including anti-spam / anti-virus, web protection, email encryption, Exchange and mailbox protection – and this of course covers existing AppRiver service providers, too.

All in all, Nautical takes the hard work out of delivering MSP services that can really boost service providers’ bottom line, by making all business activities manageable from one place.

Now that really is something you should know.

cloud-application-controlWhat customers' employees do within web, cloud and social apps can be a significant threat to their business. We look at how they can limit the risks.

We recently took a look at vendors’ web security offerings, and came to the conclusion, in this post, that much of this risk landscape is being driven by employees and their ceaseless interactions with the raft of web, cloud and social media applications on which so many agile business processes now depend.

As this excellent piece in ITPro explains, it is now imperative for businesses to “understand exactly how data is moving in, around and out of your organisation”, and to provide the “visibility and the ability to discover, analyse and control the information staff are accessing or sharing.”

Whether businesses are updating marketing posts on Facebook, drilling down into Salesforce, uploading price lists to Dropbox, liking comments on Twitter, or using cloud data storage applications (as some 52% of small and medium-sized businesses in the US alone seem now to be doing, according to this Cloudwards article), the potential for both intentional and unintentional data compromise or reputational damage is high.

So how do security vendors tackle this end-user challenge, and create cloud application control solutions that MSPs and other partners can sell and provision to customers profitably?

 Cloud application control: the all-seeing-eye?

The first thing to say here is that cloud application security is not simply about automatically blocking malware, or filtering out clicks on risky URLs, or scanning for abusive language.

Rather, it is about being able to visualise and analyse all users’ application activity simultaneously and in one place, make informed human business risk decisions on it, and, where necessary, change parameters and automated settings to suit.

So, for example, why is a user uploading or deleting a profile image? Are they trying to hide their identity?

Why is someone removing a public link – was something there that should not have been exposed to public view in the first place? If so, how do you address the process failure that allowed such a link to then be posted?

Why is someone permanently deleting files from a recycle bin – are they trying to cover their tracks? For what reason?

With or without malicious intent, these are potentially damaging behaviours – but it takes a human eye to assess them, and that can only happen if all relevant information and alerts are assembled in one dashboard, where they are easy to interpret, at minimum management overhead.

Cloud application control consoles are therefore critical, enabling end-user and MSP alike to monitor and manage both users’ behaviours and the service that is being delivered.

Cloud app control – it’s not everywhere

Yet take a look at the “Treacherous 12” top cloud computing threats recently listed by the Cloud Security Alliance at the recent RSA Cybersecurity Conference, as reported in this Infoworld article, and it hardly paints a picture of a cloud application risk landscape that has been comprehensively tamed.

On the one hand, this presents a healthy sales opportunity for MSPs, who can deliver cloud application control solutions as an inroad into new clients.

But it also provides MSPs with a means of protecting themselves against the ever more litigious risks associated with other cloud applications that they already deliver to their customers.

To give just one rather urgent example, according to this TechTarget article some 75% of all cloud apps used in European enterprises are out of compliance with the new EU data protection regulations that are set to take effect in less than two years – and any MSP providing or provisioning them will be liable, as the incumbent “data processor”, for any security breaches sustained.

Overlaying cloud application control on these existing apps could help to significantly reduce many MSPs’ exposure to this kind of risk, or at least expel any ambiguity as to what is a breach occasioned by vulnerabilities in the application itself, and what is a breach caused by risky operator interaction with the cloud application environment.

Who sells cloud application control solutions?

Unsurprisingly, these factors (and others) have encouraged industry analysts to comment enthusiastically on the projected rise of cloud application-specific security solutions. Channel Pro, for example, has cited Gartner’s statement that, in 2016, 25% of enterprises will use a cloud access security broker.

But this presents something of a difficulty, given that there are actually so few vendors producing solutions in this space.

One player that has broken the mould, however, is CensorNet, and for good reason. It has developed a cloud app control solution that hits on all the critical MSP hot buttons at once – it is white-labelled to boost the MSP’s brand profile, can be up and running without infrastructure costs, is deployable in minutes, and offers stellar system performance and scalability thanks to its proxy-less architecture.

Yet one swallow does not a summer make. Can MSPs take cloud application control mainstream with so few vendors in the frame?

Put it this way, they’re going to let down a lot of customers if they don’t. Consider this: the average employee already accesses seven different web applications at work, but according to one recent article, 58% of respondents had no training in how to use those apps safely, 39% were unaware of the risks associated with them, and 44% hadn’t been trained in how to transfer and store corporate data securely.

Add to that the revelation, in the same article, that 23% of respondents have already experienced cloud data losses or breaches, and 20% have reported unauthorised access to their data or services, and the need for organisations to understand who is doing what in the cloud, to what, and why, is no longer a nice-to-have – it’s a critical imperative.

Over to you, MSPs...

Cloud App SecurityOffice 365, Google Drive, Sharepoint: businesses love them, but we ask if security vendors do enough to help partners address their known vulnerabilities – profitably!

In a recent post, we looked at the known security limitations of cloud-delivered applications like Office 365, Google Drive, Sharepoint, and others.

As we pointed out, identifying security weaknesses in these platforms and providing cloud app customers with solutions to them can prove profitable, according to industry commentators – but are security vendors even addressing this space in the first place, let alone in a way that enables vendors to make viable margins out of it?

Cloud application security: how big is the pie?

The first point we need to make here is that the potential market for these kind of security solutions is big and growing. Since 2011, as this Worldwide Cloud Applications Market Forecast 2015 – 2019 shows, the Cloud applications market has more than doubled, and now accounts for 20% of the overall enterprise applications space.

By 2019, Cloud applications subscription revenues could make up 35% of the total addressable market opportunity.

Captured amongst all that, of course, are the very applications businesses most want MSPs and other partners to provide – hosted email, file sharing, collaboration, and so on.

And these are the very applications that, whilst delivered in a secure manner, are not fully able to secure the content that passes through them, making them vulnerable to risks like advanced and hidden malware, ransomware, phishing attacks, leaking of sensitive data, file sharing on unauthorised devices, and remote user network breaches.

In short, there’s plenty of pie available – and cloud application security is potentially the utensil that enables MSPs and other partners to carve themselves a sizeable slice of it!

Delivering security for cloud apps: how hard can it be?

But the second point we have to consider is that cloud applications need security that is built expressly for cloud computing conditions – and existing security techniques fall down badly in this respect, resulting in few solutions that are fit for purpose.

Just take a look at traditional web monitoring, for example – it funnels traffic out of the cloud and into a separate service, adding significant latency that negatively impacts both performance and capacity.

Only if pre-cloud approaches are consigned to the dustbin, and direct cloud-to-cloud API integration is offered in its stead, can vendors play strongly in this space, and partners reap the benefits.

In this scenario, a literally instant cloud app security deployment is possible, requiring nothing more than the submission of administrator credentials for the apps in question.

Bundling, licensing, pricing – can partners make money out of cloud app security?

Quite apart from the fact that very few vendors are actually active in the cloud app security space in any serious way, my third point is as much to do with the partner model as it is with the scarcity of those offerings.

Even if solutions were plentiful, reselling them in a subscription or perpetual licensing model produces the same challenges that any other reseller in any other IT market encounters – high upfront subscription costs, unpredictable income, lack of flexibility to scale services up and down (and missing out on the additional revenue that such upscaling generates).

The risks of this approach are well documented - but then if so few vendors are in this space in the first place, how many of them do we think are in a position to offer the potentially more profitable MSP alternative?

Then there’s the question of how vendors actually incorporate cloud app security offerings into their overall security portfolio – or don’t! Currently, the view from the bridge here is that one prominent vendor is now bundling cloud app security within its existing security services, in a cloud-based MSP model, at no extra licensing charge – but other vendors haven’t even started to play catch-up on this.

In conclusion: cloud app security vendors could do better

There it is, then: cloud app security solutions are rarer than hen’s teeth!

They demand an instantly deployable, cloud-centric architecture that most security vendors simply haven’t applied to this space, a margin-rich partner model that the vast majority of vendors seem unready to offer, and a “business as usual” attitude to bundling that, for many vendors, seems too radical a string to add to their bow.

That massive cloud app pie is there for the securing – but, as it stands, most vendors aren’t even making a dent in the crust, still less serving up anything that profit-hungry partners would find a tasty proposition.

Businessman pushing virtual security button on digital background

The Web opens a window between networks and the world, creating risks businesses can’t manage. We look at 3 killer web security features that put MSPs in this space.

According to the Threat Landscape 2015 report published by the European Union Agency for Network and Information Security (ENISA), the “observed current trend” for web attacks is described, simply and rather ominously, as “increasing”.

Of course, what this also means is that the opportunity for MSPs to play into this space, by managing organisations’ web security headaches for them, is potentially huge.

But the market is crowded - so what are the killer web security innovations MSPs need to offer to really differentiate themselves from competitors?

Innovation 1: defeating outbound threats in a pure service model

Web attacks aren’t just inbound – in fact, the most devastating consequences can occur as a result of outbound traffic, for example if a Botnet, Key Logger, or other malicious program sends out information from within the customer’s network.

The innovation here is happening on multiple levels.

MSP solutions are now taking over the role of constant outbound web security monitoring that customers’ teams often simply do not have the capacity to provide.

Immediate alerts, by email or SMS, when a threat is detected, plus automatic blocking of malicious requests, protect the business from haemorrhaging its own IP and sensitive data, and safeguard teams’ core productivity.

Network usage and threat analysis reports, delivered to inboxes, then enable stakeholders to understand top threats, overall network traffic, and trends, enabling them to adjust security policies and manage future risk.

Ease of deployment: we are now looking at MSP solutions that require no on-site hardware or software, and can protect the entire customer network instantaneously simply by being “pointed” at the security vendor’s DNS structure.

Lastly, protection is no longer a trade-off against performance. An MSP delivering a web security service like this one benefits from over 2,500 auto-updates to its threat definitions daily, but doesn’t have to funnel checks and traffic through the bottleneck of a proxy server - thus maintaining optimum surfing performance.

Innovation 2: visibility into cloud apps and social media

As one vendor has explained, “Ten years ago, web security meant stopping people going to the wrong website. Today…it has become increasingly about visibility and analysis of activity within cloud applications that employees are accessing,..”

Across services like Facebook, Dropbox, Twitter, and even enterprise applications like Salesforce, what are customers’ employees posting or uploading? Is it appropriate to the audience it reaches? What are they clicking on? How are they storing sensitive data, where are they sending it, and why? Are they using language that could hint at malicious or criminal intent?

Any one of these concerns is a potential reputational and compliance timebomb – but MSP solutions are now available that take the heat out of HTTPS in three ways.

Firstly, it is now possible for MSPs to deliver visibility into cloud application usage, enabling customers to see actions like file uploads, message posts, data storage, and look inside the content of risky or suspicious activity.

Secondly, MSPs can now control access (or enable customers to control access) not only to cloud applications, but to specific features within them – by individual, role, device and location.

These can include, for example, functions that enable users to upload or delete profile images, remove a public link, permanently delete files from a recycle bin, disable a security group, and many other types of actions that can be high-risk in certain contexts, both with and without malicious intent.

The massive productivity gains that cloud apps can deliver are thus largely retained, but at a far lower level of accompanying risk.

Thirdly, this “cloud application control”, to be viable across multiple applications, and, potentially, hundreds or thousands of users, has now evolved into a centralised service that can be controlled from a single dashboard, reducing admin and management overheads, and enabling MSPs to keep their margins keen.

Innovation 3: holistic threat view

Analysis of web attacks in isolation does not always deliver the full web threat picture. Web users are invariably email and collaboration software users too, for example, so web threats often propagate through these channels, via vulnerable endpoints.

The danger for the MSP providing a web security service is that if they don’t have a truly holistic view of each user and the threats that have been ranged against them in the recent past, the true threat pattern – and so the true extent of users’ vulnerability – will not be fully understood. Service fail!

But MSPs are already over this hurdle, for two reasons.

They can now access a centralised management console that makes all the relevant threat data visible in one synopsis, (an example of which is shown in this video).

And the web security application itself can be connected to other security applications (email, collaboration, endpoint) in one integrated service.

The benefits of this approach are immediate, in the sense that the customer is less likely to get caught out by a threat pattern that the MSP’s service hasn’t picked up on!

But they’re also forward-looking, as threat intelligence is actively shared between applications, making detection of multi-channel threats easier in the future.

MSPs and web security – the future

But let’s play devil’s advocate here for a moment. MSPs can deliver services around everything from email provision, to backup and business recovery, to accounting and finance, to business analytics, and more besides. There is no shortage of growth markets for MSPs – so why choose web security?

None of us have a crystal ball, but the view from the bridge at analysts The Radicati Group looks pretty decisive in this summary of their 2015 to 2019 predictions.

“The Corporate Web Security market”, they say, “continues to grow at a fast pace, fueled [sic] by on-going concerns about corporate security… The market is expected to grow from over $2.1 billion revenues in 2015, to over $3.9 billion in 2019.”

The Group also tells us that “Cloud based Web Security solutions are seeing increasingly strong demand”, bolstered by the need for “powerful Web Security protection on the go, without the complexity of connecting back to the corporate network.”

The web security market is on the up. MSPs just need to make sure they’re delivering the right features to get a profitable slice of it.

Benefits of managed IT servicesTwo thirds of companies now use managed service providers (CompTIA survey). But how should MSPs educate customers about the services they provide? See these tips.

In my last post, I wrote about the benefits of selling services through the MSP model, rather than relying on old-fashioned, unpredictable break-fix.

All well and good, but that’s often also about selling your customers on something new and different, when they’re used to something established and familiar – and we all know how difficult that can be!

So I spoke to some customers and some colleagues, and cast around on the internet, and came up with these useful tips to help you convince your customers that MSP is the way forward!

1. Don’t major on the technology. As this article in CRN eloquently argues, the mechanics of features and functions are absolutely not what will prompt your customer to make a decision in favour of MSP.

What your customers are really interested in is how MSP solutions can help them decrease risk, reduce costs, and – perhaps most critically of all – increase productivity.

Industry reports and analysis can strongly support your pitch in this respect. Comptia’s annual Trends In Managed Services research, for example, (you can see a non-gated slideshow summary here), contains some excellent references to productivity gains, savings, and ROI, all of which will be useful to you in a sales situation.


2. Ditch the “jargon monoxide”.
Do you have any idea how downright poisonous some of the language accepted in IT circles can be to someone seeking to make a purchasing decision?

Simplicity and clarity are watchwords in any sales situation, but when you’re trying to persuade a customer to abandon the break-fix model that they may have trusted for many years, they become critical. Test your pitch on friends, family members, and deeply non-technical colleagues – and if they don’t instantly “get it”, rethink it.

The psychological impact of obscure language is immensely damaging to MSP sales relationships – as this piece in MSPblog explains. Want to make your customer feel stupid? Make them feel like they’re excluded from your clique? Want to make it sound like you’re lying through your teeth? Then carry on using the jargon.

Change is already disruptive and painful for customers – don’t make it unfathomable and repellent too.


3. Get over the monthly rate objection.
From your point of view, the fixed monthly payment for your MSP services makes perfect sense – regular, predictable income in return for always-on monitoring and service.

Only, many customers won’t necessarily get that last part. In their mind, the choice you are giving them is between a monthly outflow of cash to protect them against something that “might never happen”, and an hourly rate that they only have to pay if something goes wrong.

The way to convince them is to highlight just how bad things could get if that something does go wrong. Would they get hit by financial loss if they were to experience more than, say, an hour’s downtime, for example?

How much have they invested in their IT infrastructure and how much more would they have to add to that to cover hourly-rate remediation in the event of something like major data loss or theft?

You won’t have to search very far to find some seriously compelling statistics on this subject. I wrote in another post recently that 58% of SMBs could not withstand any data loss whatsoever.

Consider, in addition, that data loss and downtime cost the UK £10.5 billion per year, according to this piece in TechWeek Europe, and one Gartner analyst has cited an hourly downtime cost, based on company size and type, of between $140,000 and $540,000 per hour!


4. Listen to pain points and tailor solutions.
The MSP model has brought a flexibility to the sales process that previously didn’t exist – particularly when it is teamed with solutions delivered through the cloud that can be switched on and off and scaled up and down on demand.

In fact, the reality is that there are very few solutions you couldn’t offer in an MSP version to meet your customers’ varied needs. From endpoint security, to data backup and recovery, and of course much more, it’s all up for grabs – but you need to understand your customers’ pain points first!

As MSPAlliance recently put it, (my italics), "MSPs must become supremely comfortable interacting with customers on a business level. This means knowing the business of your customers and being able to ask questions and listen to what causes them pain. Once the pain point has been identified, a technical solution to it can be created."


5. Master the proposal process.
It’s not only complex language that turns your MSP prospects off, it’s a sales proposal process that feels like it’s trying to funnel them into a one-size-fits-all solution, exacerbating their fear of the new and unknown.

The MSP model makes possible multiple alternative solutions in multiple combinations, so use them to give your customers a sense of choice and control. This isn’t break-fix-land, where every additional solution ratchets up the risk of an hourly-rate repair job, so don’t pitch it like it is!

For a superb, methodical sales proposal process that will help you to convincingly align solutions options with your MSP customers’ needs, check out this MSP blog post.


Get selling to your MSP customers!

I’ve said enough now – it’s your turn to evangelise! But remember, if you’re asking your customers to turn their back on the devil they know, they might need a little help understanding that MSP solutions could be their guardian angel…

break-fixThe break-fix model is out of date; staying with it means falling behind the competition. So we look at the benefits of moving your business to an MSP model instead.

The IT business is famous for its convoluted language and ever-changing buzzwords, but the essence of the break-fix model adopted by so many IT channel partners is as simple as it ever was – wait for something to break, then get called in to fix it.

Is this really the way forward? The problem, fundamentally, is that no matter how diligently a break-fix company delivers its reactive-only services, the fact that they are reactive-only immediately puts them in the lower branches of the service quality tree.

In short, to move their services up the customer value chain and make them more profitable, break-fix companies have to go proactive instead, preventing the breaks before the fix is even needed! And that means changing to the MSP model.

Here are a just a few core MSP benefits that decisively trump the old-world break-fix approach to doing IT business.

Predictable, recurring revenues

Think billing customers hefty amounts for break-fix intervention is profitable?

Think again. Break-fix is an expensive service to deliver because you can’t predict when something will go wrong. This means multiple ad hoc scrambles to deliver services for which the associated labour and time costs are notoriously hard to estimate and control.

Make no mistake, break-fix renders cost and budget planning almost impossible, and so can quickly turn out to be a drain on the business.

(In fact, for an entertaining tour through no fewer than seventeen separate reasons why break-fix is a bad idea, read this piece from MSPAnswers.com.)

The MSP model, on the other hand, generates a reliable, recurring monthly fee, enabling predictable cash flow month in, month out, and with no requirement for customers’ systems to break!

Ultimately, this supports the planning process that underpins business growth – if you know how much your costs are each month, you know how many contracts you need to bring in to turn a profit.

It’s a far cry from waiting for something to go bang and then frantically working out how much you need to charge the customer for it to cover the lean weeks of recent times and those yet to come!

Higher-value customer relationships

Your core differentiator, as an MSP, is that you are not paid to fix the customers’ systems, you are paid to monitor them and prevent issues from taking hold in the first place, using, for example, RMM (Remote Monitoring and Management) tools, like this one. and PSA (Professional Services Automation) tools, an example of which is shown here.

What this in turn means is that you are no longer relying on your customers to fail in order for you to succeed; this positions you as a “trusted adviser” and enables you to forge stronger business relationships with them.

These stronger relationshjps pave the way for you to expand your service offering, grow those all-important monthly revenues (and the margin you’re making on them), and they also make your customers more likely to recommend you to other prospects!

Lower staff costs, higher productivity

The much-vaunted “single pane of glass” – a portal or console that enables you to easily onboard and manage devices, customers and users, no matter how many of them there are – is now a firm reality in the MSP universe.

Consequently, it takes far fewer staff to manage customers’ systems, which in turn delivers higher productivity at much lower cost. Needless to say, the same console can typically be used to deliver additional services to existing clients, on demand, instantly swelling your revenues and binding your customers closer to you.

Stops you cutting your own business’s throat…

With traditional break-fix services, the only way to make money is if something goes wrong. This is a double-edged sword; the danger is that if you do your job too well, you’re out of business (as if to reaffirm this, insolvencies amongst IT and communications companies rose by 22% at the end of 2014, compared to the previous year, according to research from Exaro).

Don’t do the job well, however, and the customer will soon see through it and be off consulting another provider.

With the MSP model, of course, all of this ceases to be an issue, because you are measured on your ability to monitor and to prevent disruption, not on your ability to clean up a mess once it’s already happened. You’re delivering a service that is always on and always revenue-generative, not sporadic correctives that temporarily plug urgent holes in your cash flow!

In conclusion: tips for moving from break-fix to MSP

Nobody’s suggesting moving from the break-fix model to the MSP model is painless – it isn’t (not least because you’re actually moving from one mentality to a fundamentally very different one).

But the Web is well stocked with helpful articles (like this one) calling out the essentials, others (like this one) giving more detailed advice on how you should actually price your MSP services, and discussion forums (like this one) that share the experiences of companies that have already made the transition.

Break-fix is broken. Talk to an MSP vendor about it, talk to an MSP distributor about it, talk to an MSP customer about it, but talk to someone, and soon.

Otherwise the next thing that breaks could be your bottom line.

What You Need To Tell & Sell To Office 365 CustomersIt seems that industry commentators everywhere have come out in support of Office365, for MSPs, resellers, and end-users alike. In a recent TechTarget Search Cloud Provider piece, for example, one interviewee called it “the single greatest opportunity for MSPs and VARs to enter into the cloud” and “a no-brainer for 99% of customers”.

He goes on: "There are two different categories of MSP and VAR when it comes to Office 365: one that embraces it and one that fights it. Within the fighting group, it's a losing battle … Their customers are getting picked off one at a time."

Sobering stuff. But selling Office 365 is not just about pushing the benefits - there’s money to be made out of its weaknesses, too.

 

Office 365: strengths, benefits, and scary weaknesses

From the end-user perspective, the benefits of Office 365 are legion. Amongst others, it eliminates the need for internal email management, and ensures one consistent environment, no matter how widely distributed the IT infrastructure. Updates happen automatically – so there’s no need for costly, time-consuming manual management of upgrades or patches.

This blog quotes a number of smaller businesses enthusing about the cost benefits of the solution, with one manager saying it costs him “just a few dollars a month per user”, and another projecting “25 to 30 percent cost savings” after transitioning to Office 365.

Seen from the MSP point of view, the benefits are equally persuasive. This piece in Insight.com talks of the budgetary advantages to be had by moving from owning licences (capital expenditure) to subscribing to a service (operational expenditure).

It also emphasises Office 365’s scalability. You pay only for what you use, but what you use can scale up or down based on user count. And then there’s the drastic reduction of hardware and facilities costs, of course...

All good, then. But actually, not. Because Office 365 suffers from some significant weaknesses that put your customers at risk and threaten their reputation.


From weakness to wealth: how partners can monetise Office 365

But the happy news is that, as technology writer Crystal Bedell nails it, partners can “Identify a weakness in the platform and provide customers with a solution” – an approach that she pronounces “profitable” (the partners’ magic word!)

The weaknesses in question relate to known security limitations within the Office 365 solution set. Type “Office 365 vulnerabilities” into Google and you will find no shortage of past security gaps. And although Office365 supposedly boasts integral security, what Microsoft calls “Advanced security for your data” is actually only available in its premium-level E5 plan, as this page shows.

Hardly surprising, then, that many vendors have realised there is demand from partners and end-users alike to extend Office 365’s standard security features.

Spam and virus filtering appears to be an area of concern, with vendors offering “Plus”-type solutions (like the one in this video), rather than trusting to Office 365’s inbuilt defences.

Perhaps most excitingly of all, “sandbox” malware detection developed for Office 365, like this solution, can now monitor the actual behaviour of suspect files in multiple virtual sandbox environments using multiple operating systems.

This effectively turns the tables on the malware, uncovering how it targets different kinds of Office 365 users, before it can actually do so.

 

Tell your customers, sell the solutions

All in all, then, it seems that Office 365 isn’t lacking in security issues – but then it isn’t exactly lacking in solutions that partners can sell to fix them, either!

All you have to do is make sure your customers know about them. So what say you share this blog with them?

buy-rentAs far back as 2009, industry media (in articles like this one) were announcing the factors that were already triggering a critical move from the reseller model to the MSP model.

Customers’ reduction in staff and IT budget, hardware end of life, and the rise in remote and virtual working were foremost amongst them.

None of these things have gone away. So if you’re still a traditional reseller, how do you break out of break-fix and into this thriving MSP market? What are the benefits? And is your business really suited to doing it anyway?
 

From reseller to MSP: the benefits

Let’s start with the upside, distilled from these points, previously identified by IT channel analyst Paul Myerson (with some caveats!):

  • Recurring revenue – The MSP model is based around an established monthly income that can increase as more users are brought on board, whilst keeping the costs of that onboarding extremely low. Result: more predictable budgetary planning, but also keener margins!
  • Add-on sales – The delivery of MSP solutions, particularly in a cloud context, is much easier to “build out” than in a traditional reseller scenario. The MSP can bundle additional products and services during the term, which enables them to extend the contract.
  • Brand trust or marketing muscle? – Many major vendors now sell solutions that were designed from the ground up for the MSP and cloud market, so there is a strong baseline of credibility in these offerings.

But if you choose to white-label your service (and many MSPs now do) you lose much of this brand association, so you need to hook up with a vendor that helps you to plug the credibility gap by giving you ready-made end-user marketing campaigns and content.

These help position you as a knowledgeable, trusted advisor. And, as Myerson notes, “The trusted advisor can charge more…”

  • Customer penetration – The MSP model is often seen as a “hands-off” approach, but the fact that an MSP can quickly spin up and remotely support new services is a catalyst to further customer demand. The MSP model doesn’t eliminate customer touch-point - it gives the ones that remain the potential to be much more lucrative!

In addition, as we’ve noted in a previous post, as the MSP model essentially allows you to move from owning reseller licences (capital expenditure) to subscribing to a service (operational expenditure), it avoids those big upfront licensing hits to your bottom line.


But is the MSP model right for my business?

All that said, the MSP model is not a panacea for all resellers’ ills. As this excellent piece in SearchITChannel explains, you might struggle if you have issues with:

  • Technical and support expertise – You can buy this expertise in from the vendor if you can’t front it yourself, but if you’re sourcing the solutions from a distributor then relying on the vendor adds an extra dependency into your service capability. Look for a distributor with their own in-house technical and support expertise.
  • Complexity of service delivery – Acccording to research from Markets and Markets2, the annual growth of the SMB managed services market will exceed 20% by 2020. So even if you don’t focus on enterprise clients, as an MSP you would likely be delivering more services and managing more customers and users than you ever were in the reseller regime.

If your reseller business can’t shift, technically and culturally, to using more automated methods to accommodate this, such as the RMM (Remote Monitoring and Management) tools that we explored in an earlier post, it’s heading for meltdown.

As one RMM vendor opined in this piece, “…a new MSP must be careful not to over-commit themselves; doing so may put them at risk of losing money very quickly”.

But if they can avoid this by being “proactive” and automating “some of the routine IT support responses”, they can “offer far more value to their customers.”

  • Change and evolution – Lack of MSP market knowledge and skills can be a serious hindrance, but many partners have been reluctant to embrace MSP and cloud learnings, even though they are capable of boosting their business.

 Market researcher ESG, for example, cited in this piece in MSPMentor, found that “most partners remain dependent on traditional product resale and express discomfort when it comes to the financial risk of change.”

Again, this is a strong argument for working with distributors who have extensive MSP market knowledge and can help influence internal stakeholders by “hand-holding” them - from validating prospects to providing support when the service is up and running

But it’s also a strong argument for going for the low-hanging fruit first. According to this piece in MSP Alliance, for example, “Even the least skilled MSPs can deploy an effective cloud backup solution… Backup can be a very lucrative business line for MSPs… it does have the potential to be a big part of any MSP's service catalog.”

And that data backup is just one part of a much wider cloud security opportunity; one that, according to the same publication, is “set to experience double-digit growth” from 2014 to 2017, with “everything from email security to identity and access management heading to the cloud.”

Focus here first, then, perhaps?

Conclusion: MSP is not without its challenges

But the MSP market’s not all fat margins and cake for everybody. In fact, as this recent article argues, it’s becoming something of a bear pit.

Companies that previously had no MSP aspirations or skills at all – office equipment dealers, print companies, and so on – have all “thrown their hats into the ring as managed service companies.”

On the one hand, perhaps if they’ve made the leap to MSP, you can. But unless you can differentiate yourself in a crowded market – through vendors, solutions and distributors that give your services some kind of distinctive edge – you could find the going rough.

manage-backup-banner

Here’s the terrifying truth: according to industry analysts Gartner Group, in this recent article, only 35% of small and medium businesses have data backup in place for disaster recovery (DR) - and 70% of them do not believe that their backup and DR operations are well planned!

So that’s 65% of SMBs just waiting, apparently, for IT channel partners to sweep in with a convincing new backup or DR solution, and swathes more of them looking to the channel to help them either replace or improve the solutions they are already using.

Only it’s not quite that simple. Firstly, there is a fast-changing regulatory environment, which is outpacing many of the DR and backup solutions available.

Secondly, end-users are clamouring for unprecedented ease of use. Forget complex on-premise applications that suck up admin resource; in Gartner’s words, today’s business users want one simple data backup solution that meets all their RPO (Recovery Point Objective) and RTO (Recovery Time Objective) requirements.

A big ask?

Backup and recovery challenges: is MSP the panacea?

On the face of it, backup and DR services delivered in an MSP model would seem to be a great fit for these eager but choosy end-users.

Rapid to set up (often within an hour or two), easily scalable (so the service builds margin and profitability for the channel partner as it grows), the MSP approach also removes complexity from the mix, smoothly delivering viable alternatives to partners whose long-standing offerings have too limited a scope for their business today.

And as the MSP model is naturally compatible with the cloud, it helps get the thorny mechanics of backup and recovery off hard-pressed IT managers’ desks, slashing on-premise risk and admin overheads.

But beware - there are dizzyingly stringent forces at work in the background, potentially challenging many MSP backup and DR solutions’ licence to operate. EU data protection directives are now being reworked and will become regulations – that is, they will assume uniform force of law across the 28 signatory countries – by 2017.

Make no mistake, for MSPs and other service providers, these changes are a big deal. They make MSPs, as data processors, explicitly responsible for breaches in any data they have “touched.”.

Fines may be as high as €100m or 5% of global revenue (whichever is higher), in stark contrast to the current UK limit of £500,000!

 

Backup & DR: the MSP proof points

Clearly, the data regulators are upping the ante, so here’s how to ask questions that will help to identify the MSP backup and DR solutions that can be profitably delivered in this newly draconian environment - without engendering insane levels of legal and reputational risk!

1) Data centre - citadel or sitting duck? Firstly, Is the data all in one centre, or is it mirrored between different sites so that data can instantly fail over to another centre in the case of an outage? Is the data centre elsewhere in the EU, or in the UK, where it’s ultimately more manageable?

At the very least, the data centre should be ISO 27001-certified. But additionally, consider what physical security there is on site, and how long the generator fuel will keep the centre online in the event of a power failure.

(If all this seems like nitpicking, remember that €100 million fine for the consequences of getting it wrong…)

2) Speed, frequency, and data volume – Some 80% of businesses experience a shutdown if they can’t get to their data.

 Yet the fact is that, often, when backup software is tested against large, complex data sets that emulate those of a real-world production system, the time it takes for the backup to complete  - despite even the most ample computing, I/O and bandwidth resources – does not fit within the required backup window.

And that window is shrinking. Indeed, as Information Age recently put it, “with today’s expectation that services will be available around the clock, every day of the week and with an increasing data volume, the back-up window is constantly being squeezed… more than ever before.”

This raises another pertinent point. When uploading of data is not an option, due to bandwidth constraints, can large data sets be “seeded” to the solution provider instead? And will this attract extra fees that will eat into partners’ margins?

Likewise, does the solution make it possible for the partner or end-user to instantly access large amounts of data without the prior need to download it in its entirety? The most powerful MSP backup solutions use clever technology to eliminate this latter bottleneck.

3) Security – In a multi-tenant cloud MSP environment, global encryption keys and space-saving deduplication (each of which can be used to unlock customer-confidential data) should frighten partners and their end-users alike!

 Partners need to be sure that their solution providers’ offerings use both source-side and global deduplication. This makes the data tamper-proof by ensuring that each customer’s unique encryption key remains valid only for their own data set, whilst intelligently managing the shared data pool as it changes.

Finally, solution providers should use the latest, government-standard 256-bit AES GCM encryption technology, both for data in transit and at rest.

Settle for nothing less!

4) Cost, effort, and complexity – Managing hundreds of DR and backup end-users manually does not scale, invites security errors and, ultimately destroys margins. Partners need to quiz solution providers about whether they offer integrations that simplify customer and technical management, including remote monitoring (RMM) and “single pane of glass” operating consoles.

Likewise, when things do go wrong, where is the support coming from? Chasing it down across continents and timezones is stressful, time-consuming, and, therefore, expensive. Prefer a service provider that offers UK-based support, 24/7.

 

The size of the MSP backup/DR opportunity

So with regulations stricter, but end-user expectations higher, than ever before, is there still money to be made from managing the provision of a MSP backup and DR service?

The answer seems to be a resounding “Yes”! Analyst MarketsandMarkets, for example, predicts global growth in the DR service market from $1.42 billion last year to $11.92 billion by 2020, a compound annual growth rate of 52.9%.

But, like everything else in business, it’s about backing the right horse - so choose your tipster wisely.

Blue Solutions GoTo logo

 

We are pleased to announce that we’ve expanded our team and have recently welcomed the following people to Blue Solutions:

  • Lee Walker has joined us as our LabTech Software Specialist. He is responsible for recruiting new LabTech Channel partners and managing the existing partners using the Remote Monitoring and Management solution.
  • Danni Sparkes has joined our team as a new Internal Sales Co-ordinator.  Her role will involve producing quotes for customers and responding to sales queries in a timely and effective manner.
  • Michael Smith and Zoe Hepper have both joined us as Business Development Executives, supporting new business revenue growth by recruiting new channel partners.

A big welcome to our new team members.