Written by: Charles Weaver, CEO of MSPAlliance

Amidst all the discussion around MSP regulation today, an important question must be asked and addressed: are the threats to organizations really from MSPs or break/fix providers posing as MSPs. The answer to this question is critical for “MSP regulation” to proceed without unnecessary harm to real MSPs.

MSPs are not Break/fix Providers

It is no secret that government legislators and regulators are focusing their attention on MSPs to respond to the increasing cyber-attacks on organizations, including state agencies and governments. MSPAlliance acknowledges these efforts to gain better MSP transparency as legitimate public policy oversight functions.

However, it is essential to educate these same regulators and legislators about the distinctions between break/fix providers and proactive managed service providers. These two types of companies are not the same and have many differing characteristics.

While we have written extensively on reactive vs. proactive IT companies, these discussions have occurred mainly within the IT channel and not in the public forum. The general public is not aware of managed service providers’ operational details, other than what they read in the media today. Government officials are generally not aware of the legacy of work performed by thousands of MSPs worldwide throughout the last 25 years.

The running of a managed services business must be practiced consistently to achieve even average results. As the last 20 years have taught us, tens of thousands of break/fix companies have begun to transition their business models to offer proactive managed services. As this transition continues to occur, it is essential to differentiate those MSPs who have achieved a level of professional competency from those companies still learning the trade. These early transitioning companies are mainly providing reactive or break/fix services and are most vulnerable to cyberattacks.

The distinction between break/fix companies and MSPs is important to understand if government regulators hope to achieve meaningful results from their regulatory efforts. More important is that MSP standards and certification frameworks already exist to aid government regulators in categorizing and assessing MSPs and non-MSP organizations.

Recent Cyber Attacks Have Exploited Break/Fix Companies, Not Just MSPs

Several of the more recent cyberattacks impacting end-user organizations have incorrectly attributed fault to the provider, explicitly calling them out as MSPs. At least a few of these ransomware attacks did not involve MSPs; the providers were reactive and break/fix companies based on initial reviews of their websites. Despite how these providers market themselves, the fact that anybody can claim to be an MSP is an issue that must be acknowledged by our profession and any government regulator or legislator.

Summary

For governments and regulators to create effective MSP regulation and oversight, it is crucial to understand and define the MSPs to remove non-MSP organizations from the rest of the professional MSP community. Until this happens, any MSP regulation could unnecessarily impact professional MSPs and miss regulation of non-MSP entities.

Tags : break-fix,MSP regulation,proactive IT management,reactive IT
  • Jim
    Posted at 13:39h, 15 July Reply

    Charles: we were discussing this very issue in Atlanta in 2006. Amazing how you could see it coming even then!

    • Charles Weaver
      Posted at 13:44h, 15 July Reply

      Jim – yes we were. I’m not sure how many people were listening but obviously you were!

Post A Comment

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

Contact us

Address:

100 Europa Drive, Suite 569 | Chapel Hill, NC 27517

Phone:

1-800-672-9205

Email:

info@MSPAlliance.com

Sign Up For Our Newsletter


By submitting this form, you are consenting to receive marketing emails from: MSPAlliance, 100 Europa Drive, Chapel Hill, NC, 27517, https://www.mspalliance.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact