More Partner Pain Points: MSPs On Lack of End-to-End Security, 'New Normal'
Part two in this series touches on usual suspects like security and the talent shortage, but digs up some new ones.
June 9, 2021
![Stressed young people Stressed young people](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt59a517531dd55c6f/65244f313ce4422fdaff7165/9-Stressed-Young-People.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
“My head hits the pillow, ready for a peaceful night; however, I lie there concerned about the small business owners who refuse to believe their business is at risk.
“Too many times do I have to have hard conversations with potential clients and try to explain just how ill-prepared they are for a cyber event, and too many times do they tell me that it’s not something they need to worry about. ‘We are small’ or “We are not a Fortune 500 company so we do not have a budget for security.’ Those comments are all too common, and it’s disheartening, as we have a full security stack to help minimize their risk, but they don’t realize the need until it’s too late. That keeps me up at night, knowing that one day I will hear from them in a panic, and it will be too late for us to help them.”
“We have recently returned to the office, and we are working through this adjustment. After having several of our employees get COVID-19 in December, some of which were our skeleton crew in the office and some that were working at home, we experienced challenges with satisfying client service needs while our staff recovered. And thankfully everyone is healthy today.
“Today it is a happy feeling to see staff having one-on-one meetings in person in their offices and doing group lunch orders. Alongside that, we have added stress with figuring out our workflows again and meeting rhythms. There have been great advantages to online video meetings, and with some of our staff still remote, we are pivoting to hybrid meetings in our conference room.
“Some issues we are resolving:
We found it efficient to do remote work for clients. Our clients want us to return to more onsite visits. We are balancing the need versus old habit so we can do the most efficient work while maintaining relationships with our clients.
Not all of our employees have been open about their vaccination status. We have encouraged the vaccine, but not enforced it.
We had a higher-than-normal employee turnover during the pandemic. It has resulted in our best employees ever and we are reminded to build relationships with the newer employees who are not familiar with how things were before the pandemic.”
“First, clients are on edge, which inherently puts their providers on edge. The pandemic has put many companies in a place where they are looking to reduce costs. Much like marketing, IT support is always looked at as expendable. We know that those thought processes don’t quite add up when you look at how crucial technology is for operating a business, but nonetheless, it is the perception of the majority in the SMB space.
“Second, smaller companies are starting to take cybersecurity more seriously. Many have or know another company that has been attacked at this point. When things hit too close to home, people start making moves. This puts a stress on IT companies to really define and explain to their clients what they are currently getting with regard to cybersecurity. Since clients have no concept of how deep the ocean is when it comes to security. This can be a difficult conversation to have before, or certainly after, an attack has taken place. Finding the balance of keeping clients safe and being conscious of the dollars that it takes to get them secure is an internal battle that people who handle strategy functions for clients have to dwell on.”
“I would say the No. 1 pain point right now is a talent shortage to go along with the increased workload. As MSPs increasingly look to hire staff based on their values, they become harder to find, especially when larger companies outside the MSP space are snatching up talent with little to no skills assessment. As a result, we’re having to work with recruiters and spend big money to find talent for roles we previously didn’t need to use recruiters for.
“Security is of course another pain point, but that will always be there. We are in a constant state of playing defense, and educating clients to this fact and that threats are becoming a daily occurrence and are getting more sophisticated. The good news is that small businesses are finally listening, and understanding the implications to their business operations.
“We are experiencing increased workload in the project area, which is very good for both client and MSP, as it’s an indication that small businesses value technology, its evolving nature, and the impact it has on their business. With the pandemic showing clients how they can operate remotely in a pinch, we’re finally seeing more mass adoption of cloud infrastructure solutions. The increased workload by itself isn’t causing more stress, but couple that with resource shortages and it does increase the pressure on us!”
“All the worries a normal business has have been intensified by the pandemic, and though tech is soaring, MSPs (or tech in general) are not immune to the stress. There’s been rapid movement in technical trends and unpredictability between industries. Clients who had refused to even consider the cloud were all of a sudden on it, or out of business. The move to work-from-home further strained resources, adding workload, making security and compliance harder, and making talent more mobile.
“This brings on an entourage effect where one is impacted, thereby feeding into and affecting the others. People work from home, which means they have more security concerns (from the environment to communications), more technical concerns (using the cloud or not, VPNs, etc.), all of which impacts the workload and is impacted by vendor shifts and growth. Hiring is more complicated by more people applying to more jobs than existed in past years, and businesses are more volatile.
“This is where you can focus on making your process more scalable to adapt to the conditions, or else just try to coast on subsistence. You can’t fix the whole economy around your business, but you can fix how you handle the problems you encounter. You can worry about the sky falling, or just about what you can control. If it’s a gamble either way and the odds are the same, I’d rather bet on the one with better rewards.”
“We support a number of MSPs and are seeing many with the same thing keeping them up at night. Not shockingly, it’s definitely IT security. IT service providers have always been judged by everything working.
“Unfortunately, security often requires “breaking” a few things while securing them, and that’s stressful. Now with about 500,000 unfilled cybersecurity jobs, we’re seeing more and more MSPs who are choosing to focus on their core competencies and partner with those of us who have a deep security bench. This is meant to keep both themselves and their clients secure and productive, instead of going at it alone.”
“This is a great topic. I think there are several things that keep me up along with many others in the industry. One of those major causes that comes right to mind is ensuring we are doing all that we can with our clients in terms of security.
“There are so many new vectors the bad actors are taking advantage of; MSPs are being blindsided. The best of our (MSP’s) intentions and approaches (i.e., SolarWinds’s exploit) in securing not only our clients, but ourselves, are being challenged. If we were to break that down further, there are MSPs who unfortunately don’t know what they don’t know, which tends to really be an issue when battling a threat, especially those they are not even aware of. These gaps include proper best practices, following a security baseline, implementing standardization, etc. We also have other MSPs who are implementing the above, but the workload is either keeping them from getting to all of the necessary things they need to implement (for example, in a security baseline such as NIST’s cybersecurity framework). Folks need to realize that they have to take things one chunk at a time.
“One thing that will go a long way is focusing on documentation and creating a disaster recovery and incident plan in writing. Those are lifelines to an MSP should a client ever be breached, let alone the MSP themselves. Stress is definitely at an all-time high but, as the saying goes, “a rising tide raises all ships.” As we engage with one another and in our communities, it is comforting to know that help is available to get us to the other side, together.”
“With a remote workforce, workload for support/helpdesk is higher with decreased spend from clients. Security risk has also increased and we are offering additional tools to shore it up. Talent shortage is the biggest issue for us right now.”
“There is a lot of competition among all the MSPs, as most of us not only share the same pain points but also similar approaches and solutions to the industry problems, no matter what vertical a client might be in or how big or small they are. It’s funny how MSPs know that security is important and C-levels also know it is critical, but there is a true gap on what solutions and services are really needed from both the MSP and client side. I do believe as an MSP we have suppliers and vendors refining their tool set and pushing us to upsell, while on the client side they are trying to find ways to lower their IT cost. This puts MSPs in a stressful situation because they have to really know if new tools and services like SIEMSOC, dark web and SaaS monitoring are something that all clients need.
“I recently had a conversation with a prospect who was declining the email backup solution that we like to put all our clients on. His justification was that his practice was disciplined enough, and that their process is to take important emails and copy them into their practice management solution. This creates a duplicate of these important emails and reduces the risk of losing that email from a hack to one of those systems. On the spot, I had to agree with him; I saw his justification and how he saw it as a savings because they are basically doing a poor man’s backup of critical emails.
“This makes me realize that we always have to be flexible, and what we the MSPs have to be besides the other roles that we play, is to be the trusted advisers who educate. As we educate our clients about the different attack surfaces and risks, we help their business make the proper decisions. They may not always be the cookie-cutter solution that we want to sell, but what matters is that you get some peace of mind on one thing, then move on to the next risk and continue to educate and make it so that you are not just trying to upsell. These are scary times in our digital world, and we really need to lock things down and make sure there is someone on staff or outsource that is handling the monitoring of systems, data, users, etc., 24×7 from a cybersecurity standpoint. While the monitoring is in place and you go on educating clients, you will make a difference that will result in building resilience, more business and less stress.”
“As an MSP, we at Approyo are always watching what and how it is happening in our data centers/cloud for our clients. We are always monitoring security activities around the globe; we know at any moment if we blink an attack could hit. Our highest priority is the safety and security of our clients and their data.”
“As an MSP, we at Approyo are always watching what and how it is happening in our data centers/cloud for our clients. We are always monitoring security activities around the globe; we know at any moment if we blink an attack could hit. Our highest priority is the safety and security of our clients and their data.”
We had so many partners reach out with their pain points for our last piece on the subject, we decided to do a part two. It is almost comical at this point that one of the primary sticking points keeping partners up at night is lack of proper end-to-end security. This remains at the tip top in terms of stressors for providers, and for good reason.
As Mike Bloomfield, president at Tekie Geek puts it, “Too many times do I have to have hard conversations with potential clients and try to explain just how ill-prepared they are for a cyber event, and too many times do they tell me that it’s not something they need to worry about.”
Yikes.
While some say this lack of awareness and implementation of end-to-end security is improving, others say it has remained about the same — even with the pandemic.
Other pain points include the talent shortage, balancing work life and customer interfacing in this “new normal.” There are also vendor shifts and growth. Dive into our slideshow above for part two of what’s keeping your partner peers up at night. Then be sure to register for our upcoming webinar where we break down the full MSP 501 list for 2021.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Allison Francis or connect with her on LinkedIn. |
About the Author(s)
You May Also Like