Ep 256 | Accounting Firms and MSPs, Master Cyber Providers, and MSP Pricing Reality Check
Are Accounting Firms Squeezing MSPs?
It’s no secret that accounting firms are entering the managed services profession. Some CPA firms are developing managed services practices, others are content to audit MSPs through programs such as MSP Verify and SOC 2. To ignore accounting firms and their role/impact on the managed services profession would be a mistake.
- Misunderstanding MSPs in the larger IT channel discussion
- Why are accounting firms getting into managed services?
- How does the CPA community impact MSPs moving forward?
Could the Master Cyber Provider Model Backfire?
Those who ignore history are doomed to repeat it. Truer words were never spoken, particularly in the IT channel. Way back when managed services was just getting started, the master MSP model emerged. There are important lessons to be learned from this era, particularly when we start to see history repeating itself today. It’s like déjà vu.
- Role of the “master MSP” then
- Today’s “Master MSSP”
- Resellers vs MSPs, it really does matter!
Manages Services Pricing Reality Check
There are a lot of methodologies for approaching managed services pricing. Regardless of what method you choose (and you should have a method), understanding the role of risk as a prime pricing determination factor is important. So, if you forget to include it you could be risking a lot more than just low margins.
- Risk based pricing revisited
- Understanding the role of margin in your pricing
- Avoiding commodity price traps
Full Transcript:
Are accounting firms putting the squeeze on MSPs? Could the ‘Master Cyber Provider’ model backfire? And a managed services pricing reality check? Coming up next.
Welcome to the MSP Zone! Welcome back! If you’re an existing listener, we hope you are – if you’re a new-time listener, a viewer of the MSP Zone, we hope you come back. Hit the subscribe button, and you will stay up-to-date and current on all the episodes and all the discussions all the time about managed services. That’s all we do here.
And I want to dive right in. This is a kind of a diverse episode because we’re talking about accounting firms, their movements into the MSP sector. We’re talking about kind of Master MSSP, Master Cyber Provider, MDR, channel plays. And then finally we’re going to look at not a new pricing model, but it’s another article that someone wrote about managed services pricing, and we’ll do a little critique on it, nothing sinister, friendly critique, and just give you what our thoughts are about that.
Let’s dive right into this first article. Again, something that just happened to come into my inbox, and I clicked on it and I thought, “Wow, this is an interesting article.” Kind of misses the boat, kind of misses some key things, but that’s fine. We’re not here to call out inaccuracies, but we are here to keep things kind of honest and on the level. And that’s all I’m trying to do with this first article.
But the article comes from a magazine I’m not familiar with, CIODive.com, not sure who publishes that, but they published an article not that long ago called ‘Big Four Accounting Firms Squeeze Traditional MSP Market.’
“The blurring lines between software and business processes is a boon for Big Four firms looking to manage service providers to expand client offerings.”
Now, this is the premise. Alright, I think you should read the article. I’ll post a link to it, read it for yourself, come to your own conclusions. Here are my quick takeaways.
The article is talking about why the Big Four – I’ll tell you, it’s not specific, and only to the Big Four. There’s a lot of movement in the accounting profession in managed services. I’ll get to that momentarily. But the article talks about why the Big Four are finding it really compelling to get into managed services. And the premise is, is this going to cause pressure or challenge the supremacy of other MSPs?
My takeaway is absolutely not, for a few reasons. Number one, the article does conflate, in my opinion, a little of the nature of – it makes it sound like the Big Four accounting firms are taking up like 90% of the MSP market share on planet Earth. That is nowhere close to being true. Nowhere close. In fact, the Big Four accounting firms probably make up in managed services market spend, probably, I don’t know, maybe a couple percentile at most. That’s being really generous. Like they, they probably make up a very, very small percentile of managed services spend on planet Earth. Just my take. I don’t have their P&L statements in front of me, so I can’t tell you. But it’s an educated guess. That’s number one.
Number two, the assumption in the article is that they’re going after other existing providers in the enterprise space and they list a few like Accenture, Cognizant, Infosys, and IBM. That may be accurate, meaning that would be the likely competition they’re running up against in the enterprise market.
Again, if you’re a regular listener of MSP Zone, you, you kind of understand where the different layers, the three layers of enterprise, mid-market and SMB, and particularly at the enterprise layer, you really don’t have enterprise providers dipping down below the enterprise market. It just doesn’t happen. For a variety of reasons I can’t get into just trust me, it doesn’t happen.
Mid-market services mid-market, SMB services SMB, enterprise services enterprise. For the most part, that’s generally how it happens. They stay in their kind of weight class, right, in their fighting weight zone MSP to customer. It does happen occasionally. Curiously, the majority of time that we see an MSP punching out of their weight class is you’ll see an SMB MSP punching up into mid-market and even enterprise, but you generally don’t see an enterprise MSP punching down into the mid-market or SMB sector. Curious, isn’t it? Wonder why that’s a topic for a future MSP Zone episode.
Back to the article. So a couple of questions you may be coming up with. Why are the Big Four accounting firms even interested in managed services? Well, number one, this is not new. The article actually acknowledges this is not a new trend. It’s been happening for a long time. I can point to at least 2009, 2010, MSP World. MSP World in Las Vegas. In fact, I’ll give you the actual city where I remember some of the big four firms coming to that conference, and I was a little bit like, “Why are you here? This is not an accounting, this is not an accounting event.” And they said, “No, we’re here because we’re starting up an MSP practice.” I said, “Oh, okay, great, come on in.” Over ten years ago. This has been happening for a long time. Why are they doing it? For many of the same reasons that a lot of other business models who are seeing their legacy model kind of change, evaporate, become less attractive – why they go into managed services. Case in point would be the office copier supply hardware business model, right?
Office copiers, office printers, office machines sold into businesses. Some of these providers are like 50, 60 years old, have done very well and even they realize the road’s coming to an end, we’ve got to find a different track to get on because this is not going to keep going the way it has been. And so what do they do? They look to managed services. They look to managed services to the point of actually buying an MSP practice just so they can have a lifeline into the future and into a new century. And there are countless examples of this all over the world of office copier supply companies buying MSPs precisely for that reason. And that is a similar reason why you see the Big Four wanting to develop their own MSP practices.
Now, so the rationale should hopefully be pretty clear to all of us. Is this going to hit the MSPs? Is it going to put the squeeze, as the article suggests, on the MSP market? No, I don’t think so. That does not mean, that does not mean that the Big Four are going to be ineffective. What it means is the Big Four are going to find a swim lane that is currently not being addressed, most likely comprised of existing Big Four customers who don’t have significant meaningful relationships with other MSPs. And that’s where the Big Four are saying there’s an opportunity. No one’s meeting that opportunity and we’re going to meet that.
Now of course they’re going to come up, it’s bound to happen. They’re going to come up against some competition and they’re going to start throwing elbows. But the reason why every major technology vendor out there has a managed services division is very similar to why the Big Four are wanting to get into managed services. But that being said, the similarity ends there. That does not mean that they’re all going to be selling to the same types of companies. It’s not going to happen.
I’ll give you a couple of examples. Dell, Cisco, HP, a few others. Well, let’s just stick with those. They all have managed services divisions, all of them. Why do they have them? Because at some point they had a large enterprise customer who said, “I’m going to buy from you, but I want you to manage it. Can you manage it?” Whatever it is that they’re buying? Oracle. Oracle is the other one that I was thinking of. They all have that capability. They all have that capability because they all have legacy large enterprise customers who at one point have said, our relationship with you is really going to depend on can we also have you offer managed services to us on the thing that we’re buying from you? And that is a really different relationship than the Big Four have with their customers.
I’m not saying that there won’t be some conflict that there might, but it’s not going to be the type of conflict where you’re going to see a Big Four accounting firm going up against a Dell, IBM, Microsoft, HPE, or Oracle – just going at it head to head on a similar type of deal. They probably would both be selling managed services into the same enterprise customer, but from different vantage points, offering different things. That’s very likely.
Are the Big Four going to pose a threat and put the squeeze on mid-market or SMB managed service providers? No, not remotely. “Charles, you seem so confident that this is not going to happen. Why are you so confident?” I’ll tell you. It’s a general rule, with some minor exceptions to the rule, but it’s a general rule that if you have an enterprise-class MSP, they’re going to service other enterprise customers. If you have a mid-market MSP, generally speaking, they’re going to service other mid-market customers. If you have an SMB managed service provider, they’re going to service, generally speaking, other SMB customers. Picking up the trend here folks. They stay in their weight class, they stay in their weight class.
Now there are some exceptions. You sometimes see providers fight outside, compete outside of their weight class, but it almost always is an SMB provider swinging up and competing up into the mid-market or enterprise. You rarely see an Enterprise MSP servicing a mid-market or SMB customer. It just doesn’t happen. For a lot of reasons I can’t get into, maybe we’ll post an episode in the future about why that happens, but it generally is a true thing. Just accept it.
So I wouldn’t put any stock at all that the Big Four are going to be a competitive threat to either mid-market, the SMB sector – Absolutely not. But even the Enterprise MSP sector, I don’t think that they’re going to be really challenging anyone. And it again, doesn’t mean they’re not going to be successful. I think they will be. But are they going to be putting the squeeze on anybody? I don’t know, not in the way that this article kind of suggests that they will be.
One thing you have to remember, there’s a lot of legacy experience in enterprise managed services. If the Big Four have all developed managed services expertise or capabilities over the last ten years, there are providers out there who have been doing managed services in the enterprise for 20 or 30 years. Remember, managed services originated in the enterprise sector in the mid-1990s. That long ago, some say even into early-1990s at a very rudimentary level. But mark my words folks, there wasn’t an accounting firm in sight throughout the entirety of the 90s through the early 2000s. The accounting profession was not really active at all in managed services until I would say probably the 2008 time frame and on, and later.
So I don’t want to challenge the article and say, well, it’s completely wrong because they’re making a lot of valid points. It’s probably worth a quick read. It’s not a very long article, but if any of you read this stuff, and I think half the time these articles are written to just get people to click on the article and get people to read it. I get it. But come on, be accurate. Be somewhat informed about what you’re talking about. And I don’t think that this is really in any way serious to a competitive threat for MSPs.
And so if you were reading this and saying, “Oh my god, what are we going to do? I got to sell everything, get out of managed services because the Big Four are coming after us, it’s not going to happen. It’s not going to happen. There could be other competitive pressures, but it’s not going to come from them. And again, the Big Four are going to do quite well for themselves. They’re going to go after their customers. They’re going to take care of those customers. That’s fine. And they’re not going to be challenged a lot by other MSPs, except for some of the boutique players. But putting the squeeze on the MSP market? I don’t think so.
Moving on, could the Master Cyber Provider model backfire? This I got to be careful about because I have a lot of friends who work in the MDR space, right? They work for companies who sell MDR, managed detection and response. And for the record, I’m very pro-MDR.
I bet some of you didn’t even know there was a Master Cyber Provider business model, did you? Well, there is. I don’t think they call themselves that. I think they probably likely call themselves Master MSSPs. And if you’re wondering what all this means, and if you’re wondering, well, is being a Master MSSP or a Master Cyber Provider, is it new? Has it been done before? Is it a good idea? Is it a bad idea? I’ll give you some perspective.
The Master MSP business model first originated, I would say in 2002, roughly around that time frame. And there was a company in San Diego, they’re not around anymore, but they were a pioneer in this space. And what they did was they went to market with a company called Silverback. Silverback doesn’t exist anymore. They were sold to Dell, what this company, their company was called Do IT Smarter.
Do IT Smarter went to market and said, we’ve got all these companies that – silverback at the time, they were an RMM company, and they were selling their technology to value-added resellers, trying to get them to become MSPs, a very lucrative business back then, even more so today. But the problem was that there was a lot of value-added resellers, VARs, who while they were quite willing to cut a check for an RMM license, they didn’t really understand how to do it. And once they had acquired the technology, it was sitting there and it would kind of be shelfware until they finally figured out, oh, we actually have to sell this. We have to sell something before we can actually manage it.
And that was like the first big light bulb that probably went off for a lot of VARs during that time period. And it really went off for the folks at Silverback because they said we need to do something because we could sell this all day long. If nobody buys this stuff and puts it to use, this is going to backfire really quickly. So enter, Do IT Smarter, who was an existing MSP at the time. And they said, look, we’ll help these VARs out. And what we’ll do is we’ll leverage our network operations center and our help desk and we’ll give that capability to these VARs. Innovative, very much needed. Helped non-MSPs become functional at a baseline level. Because again, the capability was coming from the Master MSP.
And the VAR is always the limiting factor, right? The VAR is always the lowest common denominator or it’s always the weakest link in the chain if you want to look at it that way. Because the help desk, the knock, will do its thing. But the VAR has to sell it. The VAR has to service it, the VAR has to communicate it. It’s the VAR’s contract that is being signed between the company, the VAR, and the customer. That stuff really matters. But that was the motive behind and the reason why the Master MSP model became so successful.
Now you may say, “Well, does that model still exist today?” It does. But it has changed. And it has changed for a few reasons. Number one, you have a mass proliferation in information, best practices, and just general knowledge. And the sharing of knowledge amongst MSPs to the point where it’s so easy. Easy is not the right word, but the information is readily available to anyone who cares to seek it and to obtain it to become a very good MSP. Like if I wanted to go out there and find out how to become an MSP, I can do it. And I can do it relatively cheaply, maybe not quickly, but I can get the information I can grab it. Very different in the early-2000s.
And so the Master MSP model was really critical because there wasn’t enough time for those VARs who were saying, “Look, we got to move fast. We don’t have the luxury of 5-10 years to build an MSP practice. We need capabilities now.” The Master MSP model was the only way to do it. You had an overall maturity increase in the MSP channel, which very quickly became the entire IT channel. That changed the role of the Master MSP to a certain extent, all throughout – from 2002 all the way to today, there are still master MSPs.
Now they’ve changed in one critical way. Number one, all the RMM MSP platforms have become pseudo-Master MSPs. They all offer a network operations center, they all offer an outsourced, help desk. I think that’s still accurate. They all offer that. So if I’m an MSP and I say, “I only have a limited headcount, I just bought the software. I have really good customer lists. I actually may have sold some managed services deals, but I don’t know how to – I don’t – I can’t deliver it. I don’t have – I can’t staff a 24-hour help desk or a knock. What do I do?” You go to a Master MSP, like an MSP platform company, and you say, “Look, can you help me out? And they’ll say, “Sure, what do you need? But the master cyber provider idea is different. It’s really, really different. And I’ll explain why.
I’ve just explained why the role of the Master MSP from 20+ years ago to today has changed. I’ve explained in past episodes why this whole MSP to MSSP evolution is largely a marketing construct, mostly a marketing change. It isn’t a fundamental shift of a business model like being a VAR and going to an MSP. That was a radical, ultra-radical business model shift, believe me. From sales, marketing, pricing, the margin, staffing, the tools necessary, the sales cycle, the revenue recognition, everything changed when a VAR moved to become an MSP.
There is no such radical business model change when going from MSP to MSSP. I would argue, and others have argued, and I largely agree with them, that the evolution of MSP to MSSP is simply an ongoing evolution that all MSPs go through, which is just the modernization of the services that the MSP offers, really, that’s it. Just like in the early-2000s, MSPs, a lot of them didn’t offer backup as a service because it just wasn’t an in-vogue service. By the time 2006-2007 came around, you couldn’t go to a conference, an MSP conference, and not hit a dozen or so backup vendors all selling to the MSPs. It was a natural evolutionary change in the way that MSPs sold and delivered services, but it wasn’t a business model change.
You get where I’m going with this, right? The difference between these – and this is my term, the Master Cyber Provider – they’re really the MDR vendors, and they’re not all of them. There’s just a few of them. And what they’re going out there and doing is really different than what happened 20 years ago with the Master MSP model kind of anointing these VARs and saying, all right, you’re no longer a VAR. You’re now an MSP, go out in the world and do no harm.
These MDR vendors are taking non-services companies, at best, they could be called consulting firms. Many of them are brand-new startups that have no legacy, experience, or track record whatsoever. A real big, real critical difference between the Master MSP model and today. Again, back then, at least you could point to, there were a lot of VARs who were becoming MSPs, had been VARs for like, decades. I literally remember this. I talked to probably in the first year that the MSP Alliance was started, I probably talked to 500 or so. It’s probably not an exaggeration, probably about 500 or so MSPs or VARs who had burgeoning MSP practices.
And one thing that I remember from that day is that they all said – I would start off the interview and start saying, well, “Tell me about your company. Are you new? Where did you come from?” They say, “Oh, we started in the 70s, we started in the mid-80s and we were a novelle shop” or “we did, you know, did this.” And then they came through the 90s they’re in the early-2000s and they’re wanting to become an MSP. These cyber companies don’t have that legacy experience. That’s number one. Number two, as we’ve talked about in previous episodes, a lot, not all, but a lot of these cyber companies, the only thing that you could really even call a managed service is their MDR offering. Like, that’s the only thing that stands out as a plausible managed services product. Everything else they do is like really bizarre, unrelated stuff like business registration services, graphic design, search engine optimization. Valuable stuff, don’t get me wrong, but just not the type of thing that you typically associate with an MSP.
So it makes you wonder, why are they just suddenly coming out with one thing that could be reasonably called a managed services offering this MDR, and they’re not doing anything else. They’re not doing backup, they’re not doing any other type of IT service, like managing users, managing infrastructure. It’s related, right? If you can manage an endpoint, why can’t you manage it from an OS standpoint, from an application standpoint, from a user management standpoint? The same tools are going to be relevant, right? It’s because they’re not delivering it at all. They’re following that Master MSP model concept. Except in this case, it’s not really an MSP that’s doing it. It’s an MDR vendor who is only delivering not help desk, not a network operation center, but a SOC, a security operation center. Maybe it’s just even technology with no real help desk element whatsoever.
But it makes me wonder, how are these consulting firms going to market to customers and saying, “Hey, would you like to buy some MDR from me today? Even if you get somebody who says, yeah, I actually happen to be in the market for MDR. If the customer in this scenario had an existing relationship with an MSP, chances are the MSP already has an MDR, so that’s already suspicious. And number two, if it’s a customer that doesn’t have MDR – or sorry – if it’s a customer that doesn’t have an existing managed services relationship, for them to go and bypass all the fundamentals of managing their IT infrastructure and all their IT assets and go right to the very peak of managed services dumb. I made that up. And start offering managed detection and response, and nothing else managed, just that, where do you go from there? Where does that provider, that consultant, go from there? Do you see what I’m saying? It doesn’t make sense. It’s not logical. Something’s missing.
And so my advice is, if you are an MDR vendor and this is your business model, I would implore you because you are very much needed. I would implore you to rethink your approach in going to market to these non-MSP types, because I think that there’s going to be a real big backlash very, very soon where we start to see some of these companies either misrepresent themselves as MSPs when they’re not or get involved in scenarios where they ought not be because a customer incorrectly assumed that they were dealing with an MSP. I know I’ve talked about this in the past, but I’m serious about this, folks. This is a major issue. We need to keep an eye on it, a very close eye on it.
And again, I’m kind of appealing and pivoting more towards the MDR community to say, go after the MSPs. Every MSP ought to be delivering MDR, or at least heavily considering it. It’s that important. I agree. Would I buy MDR services from a non-MSP, from just a cyber consultant who only did MDR? Absolutely not. Because if I am outsourcing that, I’m also outsourcing other features, and I want one shop to be able to handle everything. And I’m telling you, based on what we’re seeing, these cyber consulting firms are not even close to being able to deliver that type of comprehensive MSP style business model. Think about it. The runway for that channel play is coming to an end really, really fast. Mark my words.
And finally, managed services pricing reality check. This one again, was another article that I read, and the article isn’t wrong in what it says, but the article is perhaps misleading in what it doesn’t say. And it leaves out, in my opinion, one of the most critical elements when it comes to managed services pricing. And I’ll talk about that momentarily.
But first of all, it’s an article that just goes over the fundamentals. They call them the fundamentals or the seven common MSP pricing models, and I’ll talk about them here. Per device. Yeah, check. Per user, tiered, or a bundle. I don’t see that as a distinct – I mean, you could have tiered user and tiered device-based pricing models. So that’s more of a separate concept. But I get it. Value-based. I don’t exactly know what they mean by value-based. I would hope that all managed services pricing is based on value. Monitoring only. That’s more of a feature. Ala carte and all you can eat. All right, so that’s fine. They have their perspective. They’re entitled to it. Fine.
But when they’re talking about this article and they’re explaining what all those seven different pricing models mean, they never talk about risk. And I find that really interesting because one of the most common pricing models that we have seen, although it doesn’t really get articulated, I think it’s more of a MSPs just instinctively do that this way. They don’t necessarily know how to call it this, but it’s risk-based pricing, and it’s been around for a decade or longer. And it is the notion that you can and should and do charge your customers differently based off of the level of risk they present to your MSP practice, pure and simple. That’s what risk-based pricing is all about.
And you can have all seven of these pricing models be the core of how you go to market and how you price your managed services. And you could still have one more X variable, X factor, and that would be risk. I could have a per-user or per-device pricing model and still apply risk as a variable to accomplish what a lot of MSPs who I’ve talked to over the years have really been tormented with. I talk to a lot of MSPs, it doesn’t happen a lot anymore. Although, actually, it’s funny. I actually just heard from a large enterprise MSP who is having pricing problems fairly similar to what the SMB MSPs have been dealing with for 15 years or more. And that is they just don’t understand how to be competitive. They think that they have to be price matched to their competitors in order to be considered normal or acceptable. I think that’s horrible advice. And if anyone ever gave it to an MSP, I hope you would reject it because there is nothing in the rulebook that says that every MSP has to price their managed services similarly to how other MSPs do it. It’s horrible.
I’ve used this analogy before, and I still use it. There is no similarity in how lawyers price their services. You have lawyers that priced it at $150 an hour. You have lawyers that charge $1500 an hour for the same services. How can that be? It’s the same service. It should be priced the same, right? No risk, skill, experience, speed, capabilities, resources, just to name a few, are factors that may influence and modify a pricing approach within the legal services business. Same with accountants, same with engineers, same with doctors, same with MSPs.
And again, why am I saying this? Well, I’m saying it because if you’re an MSP and you’re reading this and you’re saying, “Oh, I have to use one of these approved seven pricing models or I’m not going to be viewed as normal.” Don’t. These are good models to be sure, but there is something missing.
And whatever you do as an MSP, however you arrive at your pricing, if you don’t factor risk, customer risk, risk of the service you’re offering, risk of maybe the geography, maybe it’s the regulatory risk, maybe it’s something else. The type of customers you have, the type of threats they have, all these things factor into your service. And another MSP offering the same service to a different set of customers in a different geographic area could have a very different pricing model.
But two MSPs show up at the same conference and the one MSP says, “Well, I price my service at this?” And the other MSP says, “Oh my gosh, we’re like double, we’re triple the cost of that other MSP. What are we doing wrong?” Then they call us and they say, “Charles, what’s going on? We think we’re seriously overpriced. Should we drop our rates? Or maybe it’s the other MSP and they’re saying, “I talked to another MSP from a conference last week and I think we are less than half of what that other MSP is priced at. We’re doing something wrong.” What is it?
It doesn’t mean you’re doing something wrong. It could. But just because you’re priced differently doesn’t mean that you’re wrong or you’re right. Your pricing model has to fit for you. For your margin, for your bottom line, for your cost structure, for the types of services you deliver, for the types of customers you service, and many other factors. Your pricing model is unique to you. It’s very unique to you. But if you don’t apply risk to that, the risk element, it’s a big thing that could really skew to your detriment your pricing and your MSP practice. And I just wanted to make that comment.
Lest you read this type of article and say, “Well, it’s as simple as just coming up with the number of users, the number of devices, multiplying it by this and that’s my price.” It’s probably not that simple. In fact, if that is the pricing model you’re using and that’s it, you’re probably missing something. You’re probably missing something that could add real value to your customers, yeah. To you. Absolutely. And yeah, you would otherwise miss it if you weren’t aware that there are some variables that just don’t fit neatly into a per-device, per-user, or all-you-can-eat model, food for thought. Just give it some consideration. Until next time.
