The MSP Zone

Weaver Outrage Meter: Low
 
What is continuous compliance? Sound like a headache? It isn’t. Continuous compliance is where the managed services profession is headed and MSPs had better start preparing now.
 
Continuous compliance defined
Why continuous compliance is the future
Guidance for transitioning from standard to continuous
 
Recent news stories would have you believe that the recent bank failures are really caused by underlying fractures within the tech sector. Let’s examine an alternative theory for what is really happening.
 
Big tech layoffs
Bank failure root causes
Health of MSP market
 
We are seeing more “providers” intentionally (or not) being vague about the types of services they are offering. Here’s why this is a bad idea.
 
Problems with mislabeling your services
MSPs who aren’t, and cyber providers who claim MSP status
You can’t run from what you do

Weaver Outrage Meter: Low
 
First, let's discuss Silicon Valley Bank (SVB). You may be wondering what does SVB have to do with managed services. Good question. Nothing directly ties SVB to managed services, other than there are a number of MSPAlliance members who bank there and may be impacted by recent events.
 
Will SVB have any long or short term effects on the managed services profession?
Is the SVB collapse an indicator of technology health?
 
Second, some advice for MSP startups. Much of the discussion around compliance and achieving certifications for MSP organizations has been focused on more mature MSPs. This needs to change.
 
Since the launch of Cyber Verify, we will be spending a lot more time dealing with the issue of MSP compliance, especially for MSP startups and less mature organizations.
 
Make compliance an "everyday" part of your business
Start with your policies and procedures documentation
Use platforms like Cyber Verify to begin mapping your control gap areas so you have a remediation plan
 
Third, let's talk about managed services pricing. We mostly discuss pricing when we talk about raising them. But, let's just examine why an MSP might want to consider lowering their pricing.
 
Price economics
Security standardization
Automation and other methods of lowering service delivery costs

Weaver Outrage Meter: Medium
 
MSP Zone examines the idea of a cyber tax, what that would look like, and whether a cyber tax would be a good thing for MSPs
Highlights:
Cyber tax credits
Codes of conduct
Government oversight?
 
Cyber Verify has been launched. What is Cyber Verify? How can it help MSPs at both ends of the MSP maturity spectrum?
 
The Art of Managed Services 2nd Edition is now available for purchase. What went into the 2nd edition? What has changed since the first edition was published in 2007?
 
Supplemental reading:
Cloud Computing Needs a Universal Standard - WSJ

Weaver Outrage Meter: Low)
 
In the US, we just had our national state of the union address, so we thought it would be fun (and interesting) to do our own state of the union address on how the managed services profession is doing in 2023.
 
Drawing from global IT spending data and MSPAlliance member input, we have put together some of the more noteworthy areas of interest to MSPs in 2023, both areas of opportunity and issues of concern.
 
Enjoy
 
Highlights:
IT Spending for 2023
Compliance challenges and opportunities
MSP market differentiation

Weaver Outrage Meter (Low)
 
There are many reasons why you would want to work with a provider of managed services. During a recession (or the threat of a recession), IT and business needs tend to become a bit more clear and in focus as you come to reality about what it is you really need versus what you don't.
The benefits of managed services really only apply to true MSP organizations. We are not talking about break/fix and reactive IT companies as they do not create the same types of economic and IT benefits as a managed services provider.
 
Highlights:
PredictabilityIT performance
IT spend
FlexibilityAdjust up
Adjust down
SecurityStabilization
Constant monitoring
Not reactive

Weaver Outrage Meter (Low)
Many MSPs think of compliance as a "once a year" activity. Much like doing your taxes, compliance is a doing it once and then forget it event that gets revisited next year. This is dangerous thinking and should be part of every MSP's new year's resolution for 2023.
Compliance doesn't have to be a dirty word. In fact, compliance should have nothing to do with tax preparation or any other dreaded activity you have to do on an ongoing basis. Instead, compliance ought to be like breathing; second nature to all MSPs.
Sound too easy? It isn't. There are a few simple tricks you can take to get your MSP practice headed down the path of continuous compliance.
Highlights:
Continuous vs cyclical compliance
Compliance is a team sport
Compliance documentation and evidence

Weaver Outrage Meter (Medium)
 
I recently read a blog written by a government about how to properly use MSPs in a cloud environment. Now. I am not sure what background this author has but I’m assuming a good number of people read and approved of the article since it was published (for the public to read) on a government website.
 
I do not like attacking people directly when they have no ability to respond to the allegation but in this case, I believe the idea raised is so contentious that it must be addressed. So, that is what I intend to do.
 
I won’t name the person or the organization, but I do intend to discuss the nature of the article and what it purports to encourage: namely, that MSPs ought to behave more like cloud providers.
 
Highlights:
What attributes of the cloud provider ought to be mimicked by the MSPs?
How do MSPs and cloud providers interact?
If MSPs did not exist, would the cloud provider be able to service the customer?
Do we really want MSPs to be more like cloud providers?

Weaver Outrage Meter (Medium)
 
I thought you'd never see the day when you hear me say the words, maybe roll ups work in the MSP profession. Before you get too excited, there are still some "right" ways and "wrong" ways to go about doing M&A and that is part of what we will discuss today. But, part of my analysis on MSP acquisitions over the last few years does involve what some of you out there would classify as roll up acquisition strategies.
 
Do they work? Are they really roll ups? Let's dig in further and find out.
 
Highlights:
Definition of roll ups
Historical roll up strategies examined
Modern "roll ups" defined
What this means for investors and MSPs in 2023

If cyber is uninsurable, then MSPs just got a lot more valuable. Here's the conundrum. If MSPs represent aggregate risk to insurers yet are invaluable in the fight against cyber threats, and if cyber is becoming more uninsurable, then MSPs become even more critical in the cyber risk equation. Sound complicated? I'll explain.
 
Most of the discussion around cyber risk insurance today can be boiled down to lack of visibility and understanding about the MSP market and IT threats in general. I don't want to make too large of a generalized statement but there is a lot of ignorance out there. Trust me.
 
MSPs do present a threat surface for cyber criminals, just like every other entity. I can make a convincing argument as to why MSPs have less of an attack surface but that's for another time. The point is, MSPs cannot be ignored when it comes to solving the cyber threat question. If the insurance industry is unable (at the moment) to answer this question, then maybe it's up to the MSPs to do so.
 
Highlights:
Cyber underwriting flaws
Lack of visibility into cyber and MSP markets
Alternative cyber risk mitigation models

Weaver Outrage Meter (Low)
 
2022 began very differently than it ended. The pandemic, global supply chain, cyber-attacks, cyber risk, the economy, MSP talent, and many other areas saw change (good and bad) during the year.
 
This summary of the year 2022 in managed services looks at a variety of areas all related to the global managed services profession and attempts to extract some lessons learned so we can apply them to 2023.
 
MSP Zone Guest: Rob Scott
 
Highlights:
Cyber Risk - legal, technical, business, and other
MSP business model changes in 2022
Legal updates