The MSP Zone

Michael George, a seasoned leader with a track record of steering companies through transformative growth, has been appointed as the new CEO of Syncro. His expertise in the MSP sector is well-established, having previously orchestrated the turnaround of an RMM company and its subsequent sale to ConnectWise in 2019. George's appointment comes at a time when Syncro is poised for innovation and expansion. His strategic vision for Syncro is expected to harness the potential of MSP platforms to deliver enhanced value and efficiency. George's insights into the managed services profession underscore his commitment to fostering an environment where innovation thrives, positioning Syncro to capitalize on the evolving needs of MSPs and their customers. With a focus on empowering MSPs, George's leadership is set to steer Syncro towards a future marked by innovation and success in the MSP landscape. Highlights -What has changed in the MSP profession since your time at Continuum to today? -What is your view of Syncro and its role in this modern RMM/MSP platform market? -Will Syncro leverage M&A like other MSP platform companies have? -Security incidents have become commonplace. How would Michael George, the new CEO of Syncro handle such a situation? -Where is Syncro now, and where do you want to take it?

I commonly get questions related to MSP documentation. When is a good time to start? I only need documentation for when I get certified, right? I'm going to get to that, only later on when I'm established. The truth is, MSP documentation should start early in your practice; ideally, during the planning stages before you've started to deliver services. Here are some helpful tips so you can better understand why MSP documentation is so important, what is involved, and when you should start. Why is MSP documentation so important? MSP Documentation When should you start documenting?

FUD: what does it mean? Should you use it in your MSP practice? And, is there a risk to using FUD style tactics? Fear uncertainty and doubt, otherwise known as FUD, may have been created by IBM sales professionals in the 1970s, but it certainly is still being used today by many sales and marketing professionals beyond IBM.

Niraj Tolia, CEO of Alcion, enters the MSP Zone. The deployment of AI in MSP backup tools addresses several critical challenges in the managed services industry. By integrating AI, MSPs can automate routine and repetitive tasks, such as system monitoring, patch management, and backups, which significantly reduces human error, enhances efficiency, and optimizes resource allocation. This automation leads to cost savings and improved service delivery, which is essential in a competitive market where talent is scarce and operational efficiency is paramount. The adoption of AI was driven both by MSPs' desire to stay ahead of technological advancements and by internal motivations to improve service quality and reliability. AI has made a substantial positive impact on MSPs and their service delivery by enabling proactive issue resolution. Niraj discusses his thoughts around AI in data backup, what MSPs need in a modern-day backup solution, why he decided to enter the legacy MSP backup marketplace, and how AI will empower MSPs to succeed.

In the evolving landscape of IT services, the distinction between Managed Service Providers (MSPs) and other IT service models, like break/fix or security consultancy, has become increasingly important. MSPs offer a comprehensive suite of services that manage and assume the responsibility of a defined set of day-to-day management services for their clients, proactively and under a subscription model. This is in contrast to break/fix services that operate reactively, or security consultants who may focus solely on specific aspects like penetration testing. The confusion arises when companies misrepresent their services as managed services, which can lead to a misunderstanding of the value and scope of what an MSP truly offers. It's crucial for businesses to recognize the signs of a genuine MSP, such as a proactive approach to IT management, a broad range of services beyond just security, and a partnership mentality rather than an adversarial one. Understanding these differences can help businesses make informed decisions when choosing an IT service provider that aligns with their needs.

I had the opportunity to play golf with an executive who shared some very insightful perspectives about risk, cyber insurance, and MSPs. The interaction was completely by accident but the information I got was invaluable.

There is a lot of wiggle room when it comes to knowledge and implementation of compliance in a managed services environment. More precisely, MSPs must understand and operate with accurate knowledge of the difference between preparing for an audit or certification and the testing or auditing of an environment. Both components are important, but the MSP is more suited to one and not the other. Here's what MSPs need to know.

For a lot of MSPs, trying to convert reactive (i.e., break/fix) clients into proactive (managed services) clients can be a struggle. No matter how hard you try, those reactive clients just won't budge. Fortunately, there is a pretty effective technique you can use to begin to impress upon your reactive clientele all the benefits and reasons they would be better off as a managed services client. Step 1: Communication. You have to have a conversation with your reactive clients about everything. Times are changing. Everyone is taking cybersecurity more seriously these days. Explain how reactive IT management isn't IT management at all; it's IT disaster cleanup. And, it can get pretty ugly. The point is, talk to your clients and let them know what's about to happen. Step 2: Put your reactive clientele through some sort of security baseline. Don't get fancy. You can use something like the CIS framework. CIS does not have a certification so you just will be assessing the client's existing controls, policies, and procedures against the CIS controls. By the way, this technique can also be used quite effectively for all new managed services prospects. Step 3: Deliver the results of the assessment and make your adjustments. What does this mean? If the client is doing everything they should be, there is no reason for them not to become a managed services client. Their billings should stabilize, their level of trust in their IT investments should be solid, and both client and MSP can sleep better at night. For clients below the CIS level, you can let them know where the gaps are, that you can fix those gaps, but that a managed services relationship is what is needed. Finally, if the reactive client still won't budge, you can raise your rates due to the provable increase in risk they represent to your MSP practice. This technique is a combination of compliance baseline plus risk-based pricing, and it can be a very powerful and persuasive tool in getting reactive clients to understand the modern cyber world in which we live.

Ep 276 - The term EBITDA is not something a lot of MSPs fullly understand or use regularly. As a financial tool, it is worth knowing how it is used and why. But, should you use EBITDA as a metric for managing your MSP practice? Maybe, maybe not. To answer this question, we must define EBITDA, look at how it is used within general accounting, and more specifically how it is used within MSP M&A and investing. Only then can you know whether EBITDA is something you should use regularly as a guidepost for running your MSP practice.

Recently, at the MSPAlliance Inspire meeting, I witnessed something I've never seen before, something I'm now calling the "great MSP reset." This reset is an accumulation of several different things happening at roughly the same time and I think it bodes well for the future of the managed services profession. Here's what I witnessed. These activities, taken in their totality, represent a very clear sign that there is a lot of positive change taking place in the managed services profession.

Ep 277 The Great MSP Reset Recently, at the MSPAlliance Inspire meeting, I witnessed something I've never seen before, something I'm now calling the "great MSP reset." This reset is an accumulation of several different things happening at roughly the same time and I think it bodes well for the future of the managed services profession. Here's what I witnessed. These activities, taken in their totality, represent a very clear sign that there is a lot of positive change taking place in the managed services profession.

Does EBITDA Matter for MSPs? The term EBITDA is not something a lot of MSPs fullly understand or use regularly. As a financial tool, it is worth knowing how it is used and why. But, should you use EBITDA as a metric for managing your MSP practice? Maybe, maybe not. To answer this question, we must define EBITDA, look at how it is used within general accounting, and more specifically how it is used within MSP M&A and investing. Only then can you know whether EBITDA is something you should use regularly as a guidepost for running your MSP practice.

A lot of MSPs spend the majority of their time focused on revenue growth, and for good reason. If you're not growing, you're shrinking. But, not all revenue is the same. In fact, some revenue types may actually be harming your managed services growth. Confused? Don't be. There are some really simple metrics you can use to begin aligning your MSP practice towards a pro-growth future. Revenue Mixture: What is it? Revenue Mixture and Why It's Important

Recently, one of our members reached out with some questions about how to achieve growth while simultaneously addressing a sizeable break/fix client base. It's a really good question and one that I know a lot of MSPs face. First, acknowledge that break/fix customers inhibit managed services growth Second, have a plan to migrate those break/fix customers to managed services plans Third, execute your plan and have a timeline. Don't make it an "open-ended" strategy.

It's that time of year again. Time to review the past year and look to the future and predict what is likely to happen. The MSP world is changing more rapidly than ever before. Let's take a look at what 2024 has in store for the MSP profession. Ransomware Responses Changing: MSPs (and customers) have to look at ransomware in a very different way in 2024. As numerous governments worldwide continue to march towards inevitable prohibition of ransomware payments, MSPs need to adapt to this evolving threat response and develop new service delivery models to help their clients prepare for breaches and attacks. Break/Fix is still dead. If you are clinging to reactive IT service delivery models, be aware that the break/fix business model is still dead. If you have reactive clients, either a) convert them to managed services, or b) terminate your relationship with them. It may sound harsh, but times change and we all have to keep up with change! AI or no AI, that is the question: No matter what your opinion of AI happens to be, you have to have one (an opinion, that is). Some MSPs are pursuing AI technology to be a force multiplier of their existing team, while other MSPs are having to confirm to customers that AI will not be part of their managed services experience. Create your MSP Baseline: All MSPs should be entering 2024 with the objective of creating an MSP baseline. What is an MSP baseline? The minimum requirements you have for any managed services customer. This baseline will be different for each MSP. But you should have one because we are now at a point in our profession where all organizations ought to be practicing some minimal level of security standards. Review/Adjust MSP Pricing: Once you have created your MSP baseline, then the fun begins. It's now time to establish or adjust your risk based pricing models. It does not matter what type of pricing model you use, you can always apply a risk based pricing element to that model. Implementing a risk based pricing model with the aid of managed services baseline becomes incredibly easy; or at least much easier than trying to apply some regional minimum wage labor rate model. What's your compliance situation? Compliance is one of those topics (like AI) where you have to have a position. As so many customers are turning to their MSPs for help with compliance related matters, MSPs cannot claim ignorance on the subject of compliance. Whether you have a formally developed CaaS/vCISO/vCIO program, or you are just casually helping clients fill out cyber insurance forms, MSPs have an undeniable role to play in modern compliance and should act as such. XDR Upgrade: For those of you still using (or selling) legacy anti-virus and firewall technologies, it's time to upgrade your tool belt. For MSPs, it is considered a current best practice to have some form of XDR technology deployed internally in your MSP practice. For customers, XDR would also be considered a modern day best practice for any sized organization. If your NOC/helpdesk team is stretched thin, consider a managed XDR/EDR solution (they'll thank you for it). Get Cyber Verified: It's 2024. If you haven't started the process of getting your Cyber Verify certification, you should start your planning. Not only will it open up new opportunities for your MSP practice, it's also a great way to simultaneously achieve compliance with many globally recognized certifications and audits!

MSPs vs Vendor Controlled Remote Access The FBI advisory to private sector industries was released and raises some interesting questions regarding MSPs. While not specifically mentioning MSPs by name, the advisory covers general threats from ransomware and how they are being executed. Doesn't mention MSPs, but they are clearly being addressed in this notice 3rd parties and legitimate system tools All the guidance the FBI provides is already well established in the MSP Verify program Unmanaged vs Managed IT Unmanaged Devices - still think break/fix is an effective IT management model? “80 to 90 % of all compromises originate from unmanaged devices...Most human-operated ransomware attacks attempt to compromise or gain access to unmanaged or bring-your own devices (personal devices used to access work-related systems and information). These typically have fewer security controls and defenses" - Microsoft If you read this Microsoft quote and still think reactive IT is a viable business model or IT management model, think again. My M&A Challenge to MSPs in 2024

The end of Ransomware? You may have seen some news lately about the US government working with other governments to ban ransomware payments. Well, I'm not so sure it will stop ransomware but it is an interesting topic and something we should discuss. Banning ransomware; what impact would it have? Government bans on ransomware payments will change how MSPs "manage" those clients Private sector should pay attention Can MSPs be more proactive? I read an article who's headline talked about MSPs being more "proactive" with their customers. It occurred to me that this type of guidance is not aimed at MSPs, but instead at break/fix companies. Which begs the question, why include MSP in the title at all? And there lies the problem. These articles cannot distinguish between MSP and non-MSP. Reactive IT providers…there are expectations you must meet when joining the ranks of the professional MSP Being more proactive means being an MSP; that's the point! You can't be a little proactive; it's either all in or nothing at all You can't "resell" compliance vCIO or CaaS offerings depend on your familiarity in speaking the MSP compliance language. We are talking to a lot of MSPs today who look at compliance in a way that is very short sighted and not what will make a competitive difference in the MSP organization over the long run. What does it mean to "speak MSP compliance?" Understand compliance frameworks which matter to your customers Understand the role your MSP organization plays in customer compliance Reselling a GRC tool does not make you a compliance expert

There is no recession in managed services You may be watching the economic news out there and thinking to yourself, how will this impact my managed services business. It’s a good question to ask. Economic indicators seem to be pointing to some form of recession or slowdown (some call it a soft landing) in the near future. For all we know we might already be in a recession. But, does a recession mean MSPs are going to be hit as well? Not if the past is any indicator. Historical recessions impact on MSPs Gartner IT spending projections looking really good How to prepare for economic downturns Managed services (including security) should be a significant shelter from any storm vCISO, vCIO, CaaS offerings will strengthen any managed services practice Should MSPs be concerned about job loss to AI? Ever since ChatGPT launched many articles have been written about AI causing massive job loss in the future. While I would agree there are industries in dire need of innovation which typically cause large scale job shifts, managed services is not one of them. Job openings in managed services profession still unfilled AI is not going to solve anything close to all the labor shortages facing MSPs AI still needs to be managed (managed AI?) AI should be evaluated as an extension of your MSP workforce, not a replacement of it Advice for 1 person MSPs There is nothing more exciting (or scary) than being a one person business owner. Managed services, like many other professions, has its share of one person MSP shops. I recently talked to one such MSP who wanted advice on how to grow beyond just himself. Partners Employees Capital Organic (can be tough and take a while to see results)

In this riveting podcast episode, join us as we delve deep into the intricate landscape of recent high-profile cyber-attacks that have sent shockwaves through the digital realm. Our seasoned guests, Shannon Wilkinson, the CEO of Tego Cyber, and Brent Watkins, the Director of Business Development at Tego Cyber, step into the MSP Zone to unravel the layers of these incidents, providing invaluable analysis and guidance that every Managed Service Provider (MSP) should heed. Our exploration begins with a meticulous examination of three notable targets—MGM, Caesars, and Okta—each falling victim to distinct cyber onslaughts. We not only examine the sophisticated methods employed by the attackers but also dissect the responses undertaken by the affected organizations. As organizations increasingly rely on dynamic and interconnected systems, change management processes become a potential vulnerability ripe for exploitation. Our guests shed light on how attackers leverage change management loopholes, emphasizing the critical need for MSPs to redefine their strategies and bolster defenses in this evolving threat landscape. Tune in for a captivating journey through the intricacies of cyber warfare. Whether you are an MSP looking to sharpen your defense strategies or a cybersecurity enthusiast keen on staying ahead of the curve, this episode promises to be a compelling source of insights and actionable takeaways.

How are MSPs dealing with CMMC? John Burgess, from Mainstream Technologies drops into the MSP Zone to discuss how MSPs should deal with the changes coming from CMMC, but how they can stay ahead of them as well. Regardless of where you stand on the issue, having something to say about compliance is a wise thing these days. MSPs with exposure to CMMC have a lot of revenue and trust potential, if they act. If MSPs stay silent on the issue when asked, that could lead to an erosion of trust and lost opportunities. MSP Zone Highlights: