Written by: Charles Weaver, CEO of MSPAlliance
Before you ask, I am not talking about MSPs hiring consultants. Instead, MSPs should be in a position, during the next 3-5 years, where they can offer a lot more consultative value to customers. More specifically, if MSPs do not provide consultative guidance to their customers, there could be a risk of losing clients to other “available” MSPs. I’ll explain more.
It’s All About Data
As previously mentioned on this site, the entire world is consumed with data, either stealing or protecting it. For MSPs, this presents both an opportunity and a challenge. The risk to MSPs exists whether the MSP acknowledges it or not. In years past, MSPs could get away with saying, I’m not responsible for that, so it’s not my problem. When it comes to data management, it’s not as black and white an issue.
MSPs need to do the following to take advantage of the data management and protection opportunities in front of them. a) Know the data their customer has, b) Communicate whether this data will be managed by the MSP and c) document what steps are performed (or not) for that customer.
What kind of data are you managing? This is a simple question to ask, but the answers are not always easy to obtain. If you are a practitioner of risk-based pricing, you already know that different data will cause your managed services offerings to have different prices. This phenomenon comes from the idea that “not all data is the same.” Some customers consider certain data as more valuable than others, which in turn should cause them to protect and manage the data differently.
MSPs used to perform network scans to determine what types of devices were on the customer network. Today, MSPs should be performing similar customer scans to determine what kind of data the customer has and wants the MSP to manage.
Once you know the type of data you’re working with, it’s time to communicate your opinions to the customer. Wouldn’t the customer always know the kind of data they have? Not necessarily.
Customers frequently do not know or understand the data they have. For example, customers may know what data they have but not appreciate who would find that data valuable, such as cybercriminals.
Last, MSPs should be documenting these steps to protect themselves against customer decisions which could have adverse consequences. MSPs have heard many stories about customers expecting their MSP to resolve a problem that the customer expressly declined as a service. For example, customers who refused backup as a service may ask the MSP to fix their ransomware attack, which has crippled their organization.
The risks of customers not taking their IT assets serious must not negatively impact MSPs. Customers need to be responsible for their decisions (or lack thereof) when it comes to guiding their IT, even if that means outsourcing to an MSP. As every MSP knows, outsourcing IT does not mean outsourcing risk.