MSP Community Blog

The ASCII Blog highlights articles featuring MSP members from our community as well as ASCII staff

ASCII Insight: Members Share Their Thoughts On The Year That Was And What To Expect In 2021
ASCII Community   February 1, 2021

ASCII Insight: Members Share Their Thoughts On The Year That Was And What To Expect In 2021

In our ongoing quest to provide you with the best business advice possible, we’ve partnered with The ASCII Group and their members who are going to share their thoughts on timely topics or best business practices. In this article, the following ASCII member answered our questions about the craziness that was 2020, as well as what 2021 is going to look like:

Q: COVID aside, what was the most important event, development, or new technology related to managed services in 2020?

Stinner: Getting our clients to finally understand that Cybersecurity services and Security Awareness Training are needed, and they cost additional on top of Managed Services. While this brings in a little more profit, it greatly reduces our customer’s risk and that is a win-win.

Sizer: Business Continuity Planning, hands down. Most businesses did not have a plan for what happens when we cannot work at the office, or together in some way. Having the ability to help them create and test a plan in the middle of a pandemic lead to new technology initiatives in all our clients.

Bloomfield: In 2020, we saw a huge increase in phishing attempts, SaaS impersonations, and various other email threats become the leading cause of data breaches. I have found BitDam to be an amazing solution to help combat just that. With their FavIcon Impersonation detection, file sandboxing, and more, they have become another necessity in any Managed Services Security Stack.

Sheldon: The push to more MDM solutions for companies who are now allowing users to work remotely.

Liberman: Getting your clients to suddenly pay attention to what we’ve been telling them about working from anywhere.

Rojas: I think a bright light was shed on the importance of having reputable vendors, and a heightened awareness of security came out of it. We also had some serious events towards the end of the year, affecting some of the industry’s major players. The most significant takeaway— these incidents forced our vendors to up the ante on Best Practices when it came to security.  As to the biggest development in the Managed Services Industry of 2020— I think realizing that MSPs, too, are breachable; and that we could be the cause of a breach for our clients led us to demand more accountability from our Vendors. I think if you walked away with that nugget from 2020, then you walked away, ahead of the pack, as a managed services provider.

Adkins: The acceleration of cloud this year means the demise of many MSPs. Many MSP clients had to make some quick and tough decisions about their business or risk going under. This meant that many MSPs who liked the status quo lost out to those who were willing to think forward and earn new skills and technologies.

Q: While the industry was no doubt hurt by COVID, did anything good happen to managed services because of it?

Stinner: The acceleration of Remote Work and Cloud adoption, as well as the adoption of Microsoft Teams for people to effectively collaborate when they are not all in the same place has been a much faster adoption than we expected. This has helped us get rid of some of the last Exchange Servers we were managing.

Sizer: We were set to help our clients manage the pandemic. We doubled in revenue and size over the course of the year due to the increase in clients, and initiatives brought on by needs we had been telling clients they had for years. It spurred many businesses into finally getting serious about some tech initiatives like increased cybersecurity, phishing training, Teams & 365, and laptops so employees are more mobile, etc.

Bloomfield: In every disaster, there will always be something good that comes out of it and COVID was no different. The COVID lockdowns have helped to push those business owners who were resistant to change and a remote workforce. They were now thrown into the fire and many see the benefit and will never going back, further cementing the necessity for MSPs.

Justice: While COVID hurt us and our collective customers, the rapid shift of a distributed workforce opened holes in the traditional approach to customers’ IT infrastructure and cybersecurity strategy. We as an industry have been trusted with securing this workforce and delivering remote work solutions so companies can retain their revenue. Thus, tying us as MSPs closer to a revenue protecting expense rather than a cost center.

Sheldon: I feel for those of us that thrived, it was because we were mostly set up in the cloud, and more and more clients utilized cloud services and needed our guidance to run their businesses effectively with the new tools at their disposal.

Liberman: We got to eat our own dog food; that is, fully test our work from home capabilities.

Rojas: I think 2020 allowed Managed Services Providers the ability to fail when everybody else was failing, so there was a level of grace. Any organization that walked away with takeaways on how to work well together, or how to not work well together and or found themselves lifted to a better understanding of how their organization functions or does not function, walked away with something good from 2020.  The pandemic forced us to navigate a steep learning curve on how to manage our business in some extremely trying circumstances. Fortunately, the environment was extremely forgiving of mistakes.

Adkins: 2020 was financially great for forward-thinking MSPs with great client relationships. The difficulties our clients experienced facilitated deeper conversations on technologies they had been putting off. Clients. Those conversations not only brought in revenue from cloud migrations but increased trust in the MSP once those promised efficiencies were realized. I think we’ve advanced as many as 9 years from where we were in 2019.

Q: Remote workforces have become the new normal. What can MSPs do to help companies that are struggling with this transition, as well as monetize the opportunity to the fullest?

Sizer: Building a plan to transition the company from internal operations to mobile operations. That plan would show you what needs to be done as well as any gaps you have in technology to do it, cybersecurity to do it safely and training the workers to embrace the changes. Those gaps are where you monetize and create revenue that can recur monthly.

Bloomfield: Educate, educate, and continue to educate. They must understand implementing a remote workforce must be done properly to not put the business at risk. That is where we come in, hold webinars, meet with clients, and make sure they understand your value and how you can safely and efficiently move them into a remote workforce all while maintaining security.

Justice: Sitting down with the customer to define their objectives and identify their concerns is the best thing an MSP can do. This is where we need to shine in our consulting and problem-solving role, rather than first throwing technology at their problem. Simple, cost-effective solutions can often solve this complex problem without having to design a full cloud infrastructure. This will make it easier to solve their problem and get buy-in for your proposal.

Sheldon: Invest and specialize in an MDM and show the benefits and ability to lock down company data and keeping their business and data safe with the newly expanded security concerns.

Liberman: Big question. SDWAN, extensible security, VDI, developing performance metrics, and more.

Rojas: I have somewhat of a unique perspective because the remote Workforce, for us, I don’t believe, has worked as well as having an in-person presence. It’s worked in the sense that we got the job done but we’ve lost a lot of synergy in the process. Having a zoom open is nowhere near the same level of interaction as just being able to walk over to somebody’s office or desk and get something done.

If remote Workforce is the new norm from now on, then MSPs can help businesses make the informed decisions on the right tools for remote Workforce, guiding them on proper implementation.

Adkins: I think at this point an MSP that hasn’t put together a remote workforce package is way behind the curve and shedding clients. Your clients are struggling because you aren’t leading. Your only chance is to take a lesson from DevOps and Interview your clients, put together a solution stack to address those needs, and deploy it as fast as you can.

Q: Our clients are also using the cloud more. What can MSPs do to help them secure the cloud and stay safe?

Sizer: Multifactor authentication and password management for the users. Neither of which can be an option or have workarounds. Be sure you have adequate backups of the data that they are keeping in the cloud.

If you are the responsible party for the cloud server(s), be sure you know exactly what you are responsible for, control the access to it properly, encrypt the data, secure all credentials with MFA, have backups, and audit and check the logs religiously.

Bloomfield: I’ll continue to say it, educate. Many owners believe because they are in the cloud, they are protected from data loss. Well, it’s our job to educate them again and make sure they implement solutions such as Backupify to protect SaaS environments.

Justice: It does not take long after reading an End User License Agreement (EULA) to realize that most cloud solutions shirk the responsibility of backup and security to the end user. Things like turning on Multi-Factor Authentication (MFA) or backing up Office 365 is no longer a nice-to-have, it is a requirement. Simply backing up the data and restricting access can go a long way.

Sheldon: Add email/spam/phishing security if not already there, an NG AV product/threathunter, DNS filtering, MDM on ALL devices that can access their company data, implement DLP strategies and add a SOC service offering if they don’t already have one.

Liberman: Develop cloud security practices (log monitoring, anomaly detection, etc.); start with O365.

Rojas: I think, as always, my message has been education. I would argue that there is a false sense of security in the cloud, making it more dangerous because people are more complacent. MSP’s can help educate, but we’ve got to remember that we’re not authorities. Try to help clients set the buying criteria and demand some of the technologies you can implement to help them—for example, training. Training is critical; if you educate your clients to understand why they should apply certain technologies, they will demand them. Then you’re not selling, it becomes their idea, and they’re the ones demanding it.

Adkins: LEAD. You need to get up to speed on properly using cloud apps as soon as possible and communicate your new expertise to your clients. Why should an SMB pay an MSP if they can’t provide technological expertise on the new normal?

Q: Cybersecurity will become an increasingly lucrative opportunity in 2021. What steps should an MSP take now and, in the future, to make sure they are prepared to manage their client’s cybersecurity issues? What technologies should MSPs be investing in to keep up with market changes?

Stinner: Protect your MSP first and invest in all the tools you want your customers to have in your own house first. Lower your surface area of risk as an MSP.

Sizer: Implement a cybersecurity program/product(s) in your MSP first. Run scenarios with continuity planning that show you and your staff what to expect and how to respond. Then do it again and again until the reaction to an incident becomes as natural as changing a user’s password.

Bloomfield: Solidify your policies and business first and foremost. It is of the utmost importance to yourself and your peers that all MSPs are protecting themselves so that MSPs do not continue to fall target to hackers, ultimately putting a bad name for the whole industry.

Justice: 90 percent of the security headway can be made in the configuration of customer’s systems. Identify the required projects like locking down an Office 365 tenant and do them internally first. Then do this for managed customers. After notifying customers of how you have taken it upon yourself to improve both your and their security as a means of doing business, pitch them all the new and improved cybersecurity solutions they’ll need to pay for.

Sheldon: Find a partner to help guide them in their process, and maybe even find a partner to do the SOC support for you, allowing you to add the service and protection 24/7/365, but not have to handle the actual backend security piece yourself.

Liberman: Become more fully engaged in their processes and lead with security first; don’t count on layering it on later.

Rojas: I will give you one piece of advice, if you have not performed a Risk Assessment on yourself, you are well behind the 8-ball, and you are well behind the curve, and you may even be incompetent.

Adkins: I think MSPs should play the long game and bake cybersecurity into their standard operations. Security training for all staff should be comprehensive and never ending. Multiple layers of protection at all levels should be standard with on-staff Security engineers or outsourced MSSP engaged to manage and react to all potential threats. Those who don’t – die.

Reprinted with permission, courtesy MSP Insights