As more and more of our daily lives shifts to online work the need for cyber security is becoming more and more critical for the success and stability of many companies. Although attacks on large organizations and government entities are typically the ones in the news small businesses are usually more vulnerable to attacks. With the cost of these attacks costing small businesses hundreds of thousands of dollars, many small businesses can’t weather an attack. With so many businesses seeking out security solutions many MSPs (Managed Service Provider) are turning to or becoming MSSP (Managed Security Service Provider) and offering true security as a service. Watch as Harry and Josh discuss MSPs and MSSPs in today’s landscape.
Video Transcription
Harry Brelsford 0:02
Hey nation nation, we’re back with Dan. No, that’s the wrong name on the screen. I couldn’t resist. Yeah, that is funny. Oh, we’re back with that Joshua Liberman. But you know, it’s a, it’s it’s a crazy zoom world these things happen. So today, we’re gonna call you Dan. But no, seriously, you just dropped a piece, and I’m looking off screen over the site, Super Ops, really interesting article I want you to walk us through To be or not to be an MSSP in 2021. To be or not to be
0:36
go, what’s going on?
Josh Liberman 0:38
Well, to do them, do them, they’re there do I’m going to let you know that super ops is your organization that’s in the process of building a combination, PSA slash RMM tool. It doesn’t have a go to market date yet, but it’s an up and coming tool. And a few months back, they engaged with me to provide them some content. So that’s pitch there. When I know more, at some point, I can say more. So the article, they came and asked me each month, they present you with two or three potential topics. I generally massage or twist one of them towards exactly what I want to cover, which is how this came. Everybody who grows an MSP goes through a series of inflection points in their career arc as an MSP. Some of them it’s as simple as you know, hiring their first second third employees starting to outsource admin tasks, or reaching out for a professional employment organization or others. But some go to the point where they have to really make them buy versus build decision when it comes to providing their own security services slash sock, or Sims curiosity, or Sim. So the way I look at things is you can be an mssp, that doesn’t mean that you have a sock. And you can have a sock, but that doesn’t mean that you’re an mssp. Although it’s closer to concurrence, this article is about how do you make that decision? Where do you go? Do you become an mssp? And what does it mean? So first of all, quickly, we’ll just define what an MSP is. But basically, an MSP is someone who provides a broad range of services in a proactive manner generally delivered remotely on generally two entirely fixed rates. The services are anything from help desk to virtual CIO, to purchasing an integration of equipment. We all probably know that on this call. But what differentiates that is that we generally work with the end clients. We have clients who own businesses, and we work with them direct. We do occasionally interline or work for other MSPSs. But for most MSPs, their business model is not MSP to MSP, MSP to end customer. The other thing as an MSP is most of the time we try to, we start out with a default setting of Yes. When your your help desk, hat or help desk suit, you’re trying to fix problems and get people to Yes, you know, trying to when they say I need to you don’t say No, you can’t. But to move to what an MSSP does. I’m going to start with the fact that first of all, MSSP often have a default setting of No, the reality is that a lot of what you have to do as an MSSP is instruct people on what they can’t do, or in manner, manners in which they can’t behave, because they’re inherently insecure. So there’s a lot more Dr. no than Mr. Yes. In the world of MSSP. Yes, if I can say that. I knew I can work that in. So the The other thing about what’s so different is that MSSPs frequently do work for other MSPs. Now, of course, plenty of them take on end clients, especially as those end clients get larger, or in more regulated or secure industries. But a lot of MSPPS do work for MSPs. So that’s another differentiator right there. And it also we talked with a moment ago about a sock Sim. There are very few msps in the United States that have built their own sock and sim services there are sure some
silence. sorry about that guys. Now gets silenced. So the bottom line though, is that as an SSP, you’re frequently working directly with Irma’s piece or you’re working with larger clients. And a lot of ways that’s wonderful. I mean, how many msps don’t want to have to do another password reset or explain what right click means, again, or how to apply. I mean, there’s a lot of drudgery msps typically don’t do that we’re not working with an clients, even if we’re working with a company, and their CTO, cio, CFO, whatever it is, we’re not working with their end users, and we’re not doing helpdesk ticketing and closing silly. I’m sorry, there are no silly questions. But you’re not dealing with that stuff. What we’re doing is higher level more interesting and more challenging, but also higher risk. So what tends to happen as an mssp, and I’m not one. So I don’t want to make that claim. We haven’t made that transition, at least not yet. But you are taking on riskier concerns, and you’re working for larger companies. And these larger companies not only know, and accept the responsibilities of it, and IT security and its exposures, they expect you to behave the same way. If you mess up, there’s going to be a cost. So that’s another thing about being in innocence. p. Finally, I think that at least two thirds of the msps. I know. And I literally know hundreds I think I might know 1000 by now. Yeah, yeah, it’s a it’s a two thirds of those guys that a guess me kind of a Kentucky windage kind of guess two thirds of them don’t, or they’re not really 24 by seven operations. Yeah, especially 510 seats or less employees or less in MSP. They’re not really 24 seven, they have somebody who picks up a phone call, on demand occasionally, then. And so whenever my read my own business, we had one out of ours call last year, we had four, and our biggest year, we’ve had one already, unfortunately this year, but we’re not truly a 24 by seven operation. Most things can wait for tomorrow. That statement does not apply to mssp. practices, those guys are truly 24. Seven, whether you run your own sock or even engaged with other socks, you do have to be available for alerts and response. And that means that you have to have not only a sufficient staff level, but a sufficient staff count. So you have to have people that can actually respond effectively. And they have to be paid to be awake overnight to be simple about it. Yeah, on weekends. So that’s another big step. You can’t step lightly into it. So for that reason, a lot of folks that that dabble in mssp operations will step back, though, they’ll get to that break. They’ll look at what the commitments are in terms of time, money, expertise, staffing, maybe even a soccer Sim. And they’ll step back and they’ll remain in MSP. Some of them are more like me, I hope, I think that they just enjoy a broad range of, of tasks and have interactions with different clients. Yeah, I like the fact that I actually have a two user client, I’m amazed that they want to engage us, but $1,000 a month in 916 months, actually, they get everything they can possibly want. They’re incredibly happy. They’ve been around for almost 10 years. Without social thing. The those things don’t happen with mssp relationships. And I like the broader relationship rather than the deeper, more focused relationship.
Harry Brelsford 8:25
Yeah, listen on this at the bottom of your article going over it super Ops, you have maybe just partner it’s so this is very interesting. I have gotten more active in the I am CP the Microsoft partner trade group, an amount of committee where we’re developing some partner to partner facilitation and standing up a site. So partners can help partners, right, p2p probably be up about mid year, I’m the weekly meeting on that. So that’s a big deal partner to partner and I’d like about maybe just partner because just a real discrete example. Many years ago, and I think you’ll recall, we had a wonderful gentleman, about 10 years ago who worked for us, Jeremiah, you may recall because he was really into photography. And he had built a data center, and it didn’t go to his liking. It’s a huge investment. There’s the changes in technology, there’s little things like weather and staying up, and he…..
Josh Liberman 10:47
Well, it looks like Harry got called away by technology challenges. And that’s just life in the Zoom Zoom lane. We all know it. He was talking about maybe just partner. And I can say that, in my own case, and the case of most of the small to midsize MSPs, I know that it makes more sense to partner with various different MSSP or sock organizations, we don’t have to take on a major risk, we don’t have to take on the expense, we don’t have to make the commitment that otherwise we would have to if we decided to dive in on our own. But it also gives you the opportunity to work with best of breed options. So we actually have different socks behind endpoints, firewalls and other log reading. And we work with a sock facility that’s more broad and general. And we provide that at one level to their smallest clients. And we provide higher end services the other way. I think that many people will finish their career as MSPs without specializing into being an MSSP. And I think that partnering is a really valid option. I think it makes more sense for outsource sock sim and MSSP services and just about anything else we do. I see your back, Harry, what do you think?
Harry Brelsford 12:11
Yeah,
Harry Brelsford 12:11
well, I think I should pay my internet bill. Maybe I better be a better partner with Comcast. But I did drop. I don’t know what’s going on. But suffice it to say thank you for your contribution this month. We’ll see you next month. Keep it safe, man.
Josh Liberman 12:28
All right. Thanks a lot, Harry. Bye bye. See? All right.
