Partner Pain Points: MSPs on Cybersecurity 'Nightmares', War for Talent
Providers have had a lot thrust upon them in the last year. While there are positives, there are issues they still face.
May 28, 2021
![Depressed frustrated trader tired of overwork or stressed by bankruptcy, sad shocked investor desperate about financial Depressed frustrated trader tired of overwork or stressed by bankruptcy, sad shocked investor desperate about financial](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltfa6f77b98ff0d592/65242d052247047a63db8b26/Employee-burnout.jpg?width=700&auto=webp&quality=80&disable=upscale)
Getty Images
“The thought of our systems being hacked and through them, all our clients and their users’ systems being attacked. That is my nightmare. In one instant, our company and it’s value could go from hero to zero. That’s why we invest so much in our security, but as we all know you can’t provide a 100% guarantee of success.”
“I disagree somewhat with the Pulseway personal business findings because I think it’s very subjective and it shouldn’t be as bleak as those statistics make it seem.
“For example, our company MSP culture has always been more relaxed than some others, and generally I’m not a micromanager, so nothing about this pandemic has altered my management style. In fact, in spite of the pandemic, I no longer require my techs to travel if they do not feel comfortable doing so. Even days off are now unlimited because everyone is work-from-home, which might have felt like a “staycation” at the onset of the pandemic and techs almost felt like they needed to work because there was nowhere else to go. But now there is a feeling of claustrophobia for some and encouraging days off is one way to shrug off the cabin fever and get out of the house, or maybe out of an unhealthy slump. (I have noticed that some techs got a little too comfortable working from bed, eating excessively, or other unhealthy habits.) I think now is the time to encourage ‘time outside,’ which can be beneficial to a tech’s physical and mental health, and ultimately a mutual benefit for the MSP.”
“We are definitely seeing a need for our clients to meet additional security requirements. For years we’ve been encouraging our clients to implement more advanced security tools like Advanced AV/EDR, 2FA, firewall hardening, windows hardening (Defender ATP, LAPS, etc.), and implementing NIST 800-171r2 or similar best practices. We’ve seen a lot of our clients that aren’t directly regulated (granted, some are) start to get compliance pushed on them by their customers’ third- or fourth-party risk management and vendor management practices. It’s been great that there’ve been some outside forces driving security services beyond our nagging, or worse, an attack being successfully deployed against a client before they pull the trigger on additional security services.
“One other thing we’ve seen a lot through the whole pandemic is the shift to work-from-home, then changes in workspaces (people eliminating their workspaces or downsizing), and now people are already adding office space, opening up offices, and expanding. It’s interesting to see how quickly things are coming back to that extent, and that’s creating a lot of infrastructure project work for us. Cabling, internet, firewalls, switches and Wi-Fi, in a lot of suites all at once. It has been somewhat challenging to get contractors to do all the work right now, though.
“On a final note, we’ve grown a lot during the pandemic. So growth hasn’t been an issue for us. I’m optimistic about the recovery, even if the workload is pretty high right now.”
“The past year has proven that security is perishable and humans remain the weakest link in the cybersecurity ecosystem. This, along with an overreliance on tools to be what keeps the adversary out of the enterprise, and a year of COVID-19 that almost completely removed the perimeter from the enterprise, there are a lot of things to keep us up at night. There isn’t a silver bullet for the problems we have seen over the past 12 months.
“That said, we see more engagement with our customers to take a more pragmatic approach to security. Adopting a proven security framework, ensuring that there is clear visibility and coverage to the infrastructure and data, and the right process, policies, people (and training for them), along with the right tools and automation, is an effective approach to their security posture that allows them to remain agile in an ever-changing landscape of threats and threat actors. Again, there isn’t a silver bullet, but there’s an approach that can reduce risk and put [some] zzzz’s back into our nights.”
“Today’s managed service provider is expected to know an immense amount of in-depth knowledge about so many different technologies that it can be overwhelming at times. From Office 365 to cloud computing to security, compliance, disaster recovery, cyber insurance and so much more, just when you have learned a new technology or product, everything changes. These dramatic and constant changes in technology stacks can make it hard for smaller providers to compete without creating strategic partnerships in areas that they don’t have in-house expertise. Their customers have needs and expectations and need to be able to rely on their MSP to be able to advise them on how to deliver the right technology at the right price to ensure that they remain competitive in their own respective markets.
“Partnerships have become a key and central focus for all service providers both big and small. There are so many vendors, programs, discounts and opportunities in the channel that it is a full time job for several people just to keep up with it all. Good partnerships have become the difference between thriving and surviving in today’s complex marketplace.
“This leads to the last thought concerning talent. Technical talent has never been easy to find, but if you consider the amount of technical knowledge needed in today’s complex IT environments and then throw in a pandemic, work-from-home, and mergers and acquisitions happening all around us, it is no wonder that MSPs are staying up late at night working on their business models, maintaining partner relationships, and supporting their customers who are also working late at night supporting their customers. Like it or not, the world has changed, and one of those changes is you have to be able to offer 24×7 support.
“While the technology, partnership and talent struggles are very real for all managed service providers, I believe that there has never been a better time to be one. With great chaos comes great opportunities.”
“I’d say security is far and away No. 1. Managing our environments plus managing our clients’. It is a lot to keep on the rails.
“After that it would be the workload, margin management and talent management. Additionally, as the increased costs are passed onto clients, we have to have a stellar group of account managers (we call them client relationship managers) who have to help budget management, expectation, planning, etc., so there are no or very few surprises. It is a massive workload to manage to ensure we are all on the same page.”
“By far the biggest issues facing us are the potentially self-destructive urges of those we protect and serve as MSPs.
“More than a year later, I am still wrestling with educating our clients about the criticality of protecting every endpoint that gains access to their networks, and every pathway they use. Some of us made the mistake of providing access first and security second, and are now facing the challenges posed by trying to reverse that.
“Combined with the increasing sophistication of threat actors and the sadly static level of expertise of our users, this spells real trouble.”
1. Increased security concerns. “We went 27 years and never had a client with a real security breach. We always told clients to upgrade their security stack. Some did, some just ignored it and would say it would never happen to them. We always did our best with each client and reviewed yearly to tell them what they needed to be doing. Then COVID hit and every client was under attack. Now many more clients are listening and doing massive upgrades on their security stacks, but many are not. The ones whose businesses were hit hard with COVID shutdowns just flat-out do not have the money to do the required upgrades wither.
2. Quality talent shortage. “When COVD started we started to see a huge increase in the number of people applying for jobs. I thought this was great. The issue is as COVID went on I realized that most of the people out of jobs were the bottom performers from their company. The top performers that I would prefer to hire are now asking for $20,000-$30,000 more than a year or two ago. The problem as an MSP is, we cannot absorb this price increase within a client’s contract, and during COVID I did not want to start huge price increases on clients’ contracts. At the start of 2020, we were just getting ready to do a price increase, but delayed it due to COVID to be nice to our clients. Now a year-and-a-half later, all of my costs have gone up and I have no choice but to start doing price increases.
3. Increased workloads and stress. “COVID has changed the way every business works. We now get calls at all times of the day and on all days. Users will call at night, early morning, and on weekends. They never used to since they left their computer and work at the office. Now, since they work from home, some of them want to work at all times. This means an increase in our after-hours calls, which puts a higher workload on the on-call techs. Then the client does not want to pay for the after-hours work even though it is listed in their contract. They comment, ‘Well, my staff have to work, so you should help them and you should not bill extra.'”
“Our MSP has always been 100% virtual so we felt very fortunate when the pandemic hit to see little to no impact to our day-to-day operations and support to our clients. We were able to quickly pivot to be able to best support and provide remote work assistance to our clients immediately.
“However, not all clients were equally set up for a remote workforce so there definitely was added stress in quickly figuring out ways to best accommodate the transition, as well as ongoing routine support, in terms of priority and workload. We also made the decision early on that our mission to serve our clients, above all, meant that we needed to continue onsite support as usual during the pandemic.
“This was a difficult decision as our clients are all senior living communities that were high risk. However, none of our staff contracted the virus as a result of onsite IT support. Ongoing, we continue to see the need to quickly pivot to remote work as an option for our clients. Security is definitely another huge concern; we are seeing ongoing ransomware and phishing attacks on a much higher basis.”
“MSPs today are dealing with more stress than ever. Massive changes in work patterns of our clients and own team due to COVID, constant new security threats, hardware shortages at every level and clients overloaded by economic and emotional pressures. MSPs today need to circle the wagons and focus on the fundamentals of their business and make smart, calculated moves forward. At Red Key Solutions we have had to designate some quarters as pressure release/digestion quarters to give the team time to regroup without major changes for three months.
“That strategy has helped us navigate this period without overheating. However, most of the new work patterns will be here to stay, so now MSPs will need to rethink the way they have provided their entire service and reimagine it for a long term post covid world.”
“Our pain point is more than finding talent. We have plenty of applicants for our positions; the challenge is in getting them up to speed in a timely manner to meet the expectations of our customers. Today’s MSPs handle so many different technologies, from cloud, data security, VoIP to infrastructure support.
“Regardless of the skill set of the incoming staff, there is always a sizable learning curve. The applicant pool right now is predominantly entry level, just from a pure numbers perspective. Business does not wait for employees to get trained up on everything they need to know. With the post-pandemic market around the corner, we expect to be adding clients and projects, so we need the staffing and trained staffing to handle it. We are having to silo new employees into handling certain customers or certain types of helpdesk tickets until they are up to speed while we transition.”
“I don’t think any MSP owner can ever stop worrying about security, workloads and talent shortages.
1. Security: “The ever-evolving landscape, having to ensure our business and our clients’ businesses are protected. It’s getting increasingly harder as the workforce spreads out, though a proactive security training session for all new starters should now be on top of MSPs’ lists. Although very time-consuming, one-on-one personalised security awareness will save countless hours, or even days recovering from an attack.
2. Increased workloads: “I think a lot of companies have had it fairly easy over the last year, so its only natural that as workloads pick up again it can seem to be busier. And there’s a sudden rush for requests of new team members to cope. However, make sure these new additions are really needed, as you may simply be going back to a pre-COVID state of workload, and we just need to mentor our team to fit it all in again. But if your turnover is spiking and project numbers are increasing, then maybe it’s time for some new hires. Or partnering may help if its only a short term spike.
3. Talent shortage: “This is a big problem for the U.K. market for sure; finding A players with good technical skills is harder and harder. In fact, we find the talent pool so exhausted that we actually advertise for first-, second- or third-line roles 12 months a year! We are continually interviewing every month, and when we come across a gem, we make an offer even if we don’t yet need that person, only because we know we will. And like they say about London buses, when you need one, you’re sitting around waiting for one to show up, but when you don’t, three come right past you!”
“MSP life at the moment is a definite challenge and not for the faint of heart. [In particular, there’s] the ransomware scourge that necessitates a higher level of security awareness and attention for not only protecting our own MSP, but those client networks that may have differing levels of risk tolerance and perceived threat/financial capacity that sometimes drives inaction.
“At the same time, there’s a war for talent. It’s difficult to locate A players, so an evolved recruitment marketing strategy is critical. You need to take care of your people, cultivate a desirable company culture, embody authentic leadership that acts, not talks, and develop career pathways with engaged training programs. Retention is as important as recruiting. Always be recruiting.
“It’s also important to consider how work has changed since the pandemic. Increased workloads, feelings of isolation/disconnection, clients with unrealistic expectations, all combine to create burnout, mental fatigue, leading to loss of productivity and decreased employee satisfaction. The trick is to support a culture of mental wellness, creating an environment that encourages self-actualization and becoming better every day.”
“MSP life at the moment is a definite challenge and not for the faint of heart. [In particular, there’s] the ransomware scourge that necessitates a higher level of security awareness and attention for not only protecting our own MSP, but those client networks that may have differing levels of risk tolerance and perceived threat/financial capacity that sometimes drives inaction.
“At the same time, there’s a war for talent. It’s difficult to locate A players, so an evolved recruitment marketing strategy is critical. You need to take care of your people, cultivate a desirable company culture, embody authentic leadership that acts, not talks, and develop career pathways with engaged training programs. Retention is as important as recruiting. Always be recruiting.
“It’s also important to consider how work has changed since the pandemic. Increased workloads, feelings of isolation/disconnection, clients with unrealistic expectations, all combine to create burnout, mental fatigue, leading to loss of productivity and decreased employee satisfaction. The trick is to support a culture of mental wellness, creating an environment that encourages self-actualization and becoming better every day.”
We recently covered the new Pulseway MSP pain points survey that focuses on MSP stressors and concerns about growing their businesses. We asked our MSP 501ers and NextGen 101ers to weigh in with the most prevalent issues they are facing.
Overwhelmingly, and unsurprisingly, they cited cybersecurity concerns and meeting requirements around those as the most common struggles.
Partners also expressed feelings of angst around the talent shortage and increasing workloads. Moreover, they have feelings of isolation/disconnection, and clients with unrealistic expectations.
Dive into our slideshow above to learn more about what’s keeping your partner peers up at night. Then be sure to register for our upcoming webinar where we break down the full MSP 501 list for 2021.
About the Author(s)
You May Also Like