Sapsiwai - Fotolia
MSP business expansion driven by cybersecurity, consulting
MSPs are under pressure to expand their businesses beyond their traditional offerings. Cybersecurity and consulting services are two directions they can take their businesses.
Looking down the road of managed services, traditional managed service providers have more to worry about than keeping customers' infrastructure up and running.
Many MSPs will attest that standard managed services offerings -- remote backup and support, antivirus, backup and so forth -- have undergone gradual commoditization. As a result, MSPs today are on a constant search for new ways to enhance their services.
One direction MSPs are headed is toward cybersecurity, which has emerged in recent years as an acute concern for small and large businesses alike. Meanwhile, MSPs are also branching out from purely technical support to take on increasingly consultative roles with customers.
Editor's note: This article is the second installment of a two-part series tracing the development of managed service providers. Part one covers the evolution of MSPs, while part two takes a look at the sector's future prospects. The coverage is part of a TechTarget IT retrospective that marks the company's 20th year in tech publishing.
According to Charles Weaver, CEO of MSPAlliance, a managed services industry association based in Chapel Hill, N.C., cybersecurity is the most critical next step for MSP businesses. However, as with the rise of cloud computing and other previous industry trends, many MSPs are hesitant to embrace the shift.
"I think there is a fair amount of evidence that there are a lot of MSPs on the fence [about cybersecurity], not about whether it is a good idea, but whether or not they want to get into the security game," he said.
However, MSPs that buck the cybersecurity trend may face diminishing prospects. Weaver believes MSPs without cybersecurity services will likely find themselves increasingly marginalized, hemorrhaging business as their customers "start to say, 'You do a good job of keeping our servers up, but you don't do anything for me on data protection.'"
But even MSPs that add cybersecurity services are currently seeing mixed results from customers. New England Services Inc. (NSI), an MSP based in Naugatuck, Conn., recently ramped up its cybersecurity offerings. The company has focused solely on providing managed services since about 2013, following an arduous transition away from nearly a decade-long legacy of reselling and project work, said Tom McDonald, president of NSI.
"Today, we realize [cybersecurity services are] not an optional thing anymore, so all of our customers are on the highest level of security that we can offer," McDonald said.
However, he said it remains difficult to convince customers to pay more for the advanced level of protection. "It is very hard for existing clients to wrap their head around the fact that you want to charge them for something they have perceived you have been doing for them for a long time," he said. "We are trying to leverage [cybersecurity services] as the entry point on the sales side, but it's not a simple thing."
MSPs ripe for security incidents
Another driver for the cybersecurity trend is MSPs getting targeted for attacks. A spate of security incidents has shown hackers attempting to exploit MSPs and MSP software vendors as gateways to their end customers' data.
In 2018, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued an alert describing advanced persistent threat actors attempting to break into MSPs. CERT stated the attackers were primarily motived by cyberespionage and IP theft.
The rise of MSP-targeted threats makes it critical for MSPs to assure their customers they adhere to internal security standards, Weaver said. "Because of … their proximity to all these different customers they manage, [MSPs] are a threat if they don't take the proper security measures."
Tom McDonald President, NSI
McDonald said NSI's ramped-up focus on cybersecurity involved numerous internal changes. Those included designating a staff member to be responsible for maintaining security standards. NSI also had to assess its legacy technology for security vulnerabilities. The company uses multifactor authentication "on everything," he noted.
Weaver said the fact that hackers are targeting MSPs is evidence the managed services industry has matured. In 2000, most MSPs had complained that nobody paid attention to them. "Now they have hackers trying to penetrate them globally," he said.
Growing focus on consulting
Apart from tapping into cybersecurity, MSPs are trying to remain competitive through consulting services.
McDonald said NSI continues to evolve as an IT consultant. "Things just don't break like they used to, so you have to provide other things to provide support. ... I feel we are much more consultative than we ever have been before," he said.
A growing piece of NSI's business, which targets SMBs, is showing customers how to make better use of business applications and Office 365, which McDonald said about 90% of NSI's customers are on. "They are probably using 5% to 10% of the functionality that they get out of [applications] like Teams, SharePoint and OneDrive ... that is there now," he said.
Craig Fulton, chief customer officer at ConnectWise LLC, an MSP software vendor based in Tampa, Fla., said the move toward consultative services is one of the most important MSP trends today. He said the trend is about customer success, which means "looking at the services that you are delivering and ensuring that the customer is getting value out of it."
Customers increasingly want proof from MSPs they are getting ROI on their services, Fulton said. "Customers don't care about features and functions. They don't even know what that is. What they want to know is, 'What is this doing for my business?' "
"Right now, the trend is that the big way to differentiate yourself from your competitor is the customer success component," he added.
Diane Krakora, CEO of consultancy PartnerPath, noted that the growing adoption of subscription-based services has made it easier for customers to switch products and providers, thereby putting more pressure on customer retention. Channel partners need to "move away from only caring about landing a customer to retaining and growing that customer. ... It is all about customer success and customer experience," she said.
In this vein, MSPs are rethinking aspects of their customer contracts. MSPs have traditionally used 3-year contracts, but 1-year contracts are more common today, Fulton said. He said some MSPs have decided to completely abandon the use of term contracts, instead going month to month with their customers, in an effort to prove the value of their services with each invoice.
MSP software vendors branch out
As the managed services market grows, MSP software providers are looking to expand into new areas as much as their users are.
Like Continuum and others, ConnectWise is investing heavily in cybersecurity technology as well as educational content and resources for building cybersecurity practices. ConnectWise in August introduced the Technology Solution Provider Information Sharing and Analysis Organization for MSPs, a forum for exchanging cybersecurity best practices and insight.
ConnectWise is also moving aggressively into MSP business consulting. In January 2018, the company acquired HTG Peer Groups, which, in addition to a peer group network, provides business consulting and coaching. "The knowledge and the talent that we got from that acquisition has brought some great skill sets to us," Fulton said.
Fulton noted that MSPs, as a whole, have reached a new phase of business maturity. "For the longest time, the companies were run by people [who were] very technically focused. ... The trend we are seeing is just this maturity in business," he said. The purpose of ConnectWise's growing consulting services arm is to show "entrepreneurs, business owners, how to mature their MSP," he said.
"We are changing the way we do consulting and implementation, because we want to differentiate ourselves, as well. And we really want to make sure that our partners are getting value out of what they are investing in," he added.