Today’s MSPs have shifted from tech support to true extensions of an organization’s IT and security functions. Despite this, many MSPs still struggle to influence their clients’ views on the importance of cybersecurity.
To shift this mindset, MSPs must fundamentally shift the way they position themselves. By embracing a prescriptive model, MSPs can prop themselves up as the experts they are, commanding more client respect and generating more business opportunities.
When you go to the doctor with an injury or ailment, they assess your condition, determine a diagnosis, and prescribe treatment. Their knowledge and expertise carry an implicit sense of trust and their recommendations and treatments lead to improvements in your health.
The same can and should be said of MSPs. Businesses come to MSPs to assess, diagnose, and treat problems with their IT and security “health.” They rely on the MSP’s knowledge and expertise to accurately address issues and improve their business’s health. So, under the same pretense, shouldn’t businesses trust the recommendations of their MSPs the same way they do doctors?
It boils down to competence and confidence. Although MSPs are competent in their field, some lack the confidence to express that competence with clients. In an industry where securing business can be difficult, appearing arrogant can seem like a turn-off to potential customers. But you wouldn’t tell a mechanic he’s using the wrong tool to fix your car. So, why would you tell your managed services provider they’re using the wrong tool to handle your IT and security?
Expanding on this, past focuses on break-fix led many MSPs to over-index on their tech stack rather than highlighting how they’re solving client problems. In a prescriptive model, the technology is just an underlying aspect of the true value: the solutions you provide. Whether it be enabling remote work, addressing compliance, preventing data breaches, etc., clients want to know their needs are being met, not what’s going on under the hood. A prescriptive approach focuses on the end goal, letting the other aspects be a means to an end rather than a selling point.
To shift to a prescriptive model, you must consider your risk appetite and the current condition of your offering. Then, you can build your model.
As an MSP, you always value your customers’ business. That doesn’t mean, however, that you need it and the risks that can come with it. You have a duty to provide solutions that help clients succeed, and they must realize that any changes outside your model are their responsibility.
As previously stated, new accounts lead to revenue and stability. But, if you are just selling tech rather than prescribing solutions, the outcome may not be as beneficial. More often than not, a client may tend to take the cheapest option. When this client gets attacked by cybercriminals, it’s more likely that they can fall victim to a breach. And, as their MSP, the fallout could be tremendous.
First, there is the damage directly associated with the breach. Depending on their cyber insurance coverage, you may be liable as their service provider. Then comes the fines associated with breaking compliance requirements, the potential supply chain effects on your business, and other headaches that arise during incident response. Added up, all this trouble may be more than the client’s business with you is worth.
Under a prescriptive model, you confidently tell your clients what they need to succeed. That way, instead of desperately trying to land a deal, you’re providing true value to their business, keeping them safe from threats. To further protect yourself, build safeguards into your contracts and onboarding processes to ensure that you’re not liable for decisions made outside of your prescription for their IT and security needs.
Confidently prescribing solutions to your clients requires that you can back it up. Evaluate your current operations. Is your team capable of meeting the expectations you’ve set for clients? Can you operate efficiently and effectively to the standards of your prescription? Does your tech stack have the capability to support it all?
If you answered no to any of these questions, you must seek out ways to optimize and improve. Hire talent to expand your team or seek out a way to outsource aspects of the team, such as your Security Operations Center (SOC) to bolster your security expertise. Find new methods to align your processes around excellence in service and security. Consolidate your solution set to achieve best-in-class results that support your prescriptions and exceed client needs.
With the other two in place, you can begin determining your model to bring prescriptive managed services to your clients. Start by creating your baseline offering. This is the standard that you will use across all clients to meet their basic needs. A consistent approach gives you both the confidence that you’re meeting client needs while ensuring security and the ability to roll it out at scale.
Then, spend time with each client, new and old, to identify their individual needs, whether it be unique systems, compliance regulations, or other specificities. Understanding each client allows you to, like a doctor, diagnose the best way to solve their problems and keep them secure and operational. Comparing these “diagnoses” to your tech stack, you can begin creating your prescription of how you will address them.
Like with all things in IT and security, your prescription will be an ongoing process, so be sure to collect plenty of data and client feedback so you can monitor progress, iterate, and improve continuously. This not only keeps your clients’ needs top of mind but helps you adapt to suit their evolving business and threat landscape.
Switching to a prescriptive model can seem like a hurdle but once in place, it will help you to provide better support to your clients without adopting any extra liability. As you evaluate your ability to switch to prescriptive managed services, consider how you can mature your overall approach along with it.
Read our eBook on maturing your security operations as an MSP. You can download it for free here.