Differentiate to Dominate: How Your MSP Can Stand Out from the Crowd
Our own Tim Conkle spoke at Channel All-Stars, a virtual event hosted by Channel Program. He covered important topics such as competing at parity, differentiation, and common sales mistakes MSPs make. Catch up on key ideas from Tim’s talk here!
There are a lot of MSPs out there, competing for business. Some estimates put the number as high as 40,000 — in the U.S. alone! Needless to say, our industry has gotten crowded. It’s also gotten extremely competitive, with the bulk of business going to top-tier MSPs, the major players that gobble up available revenue and leave everyone else fighting over the scraps (the Pareto principle in action).
So how do you stand out as a smaller MSP? You want to win new business and grow your organization, and you’re confident in your service delivery, but …
How do you get potential clients to choose you?
Your MSP needs differentiation.
Our CEO and the man behind The 20, Tim Conkle, spoke on this very topic earlier this week at Channel All-Stars, a virtual event hosted by Channel Program. Tim shared his thoughts on differentiation, and gave actionable tips and no-nonsense advice to small and mid-sized MSPs with big growth plans.
Here are some key ideas from the talk, just in case you missed it!
Competing at Parity vs Pitching at Parity
You want to compete at parity. You want to keep pace with larger MSPs. You want to give clients 24/7 support. You want to enlist best practices and best-of-breed tools. You want to do what elite MSPs do, and you want to do it well. But there’s a problem with all of this.
The problem isn’t with pursuing parity per se — again, you want to keep pace with larger outfits and remain competitive and relevant. The problem arises when you not only strive to compete at parity, but pitch at parity, too.
A lot of MSP owners want to assure prospective clients that their service is just as good as the MSP down the street — perhaps a larger MSP, one of those revenue-gobbling ‘major players.’ And so, they spend their whole pitch talking about their 24/7 help desk, their tool stack, their shiny new cybersecurity toy — in short, the technical side of things.
The problem with this is that if you spend your whole pitch trying to sound just as good as the MSP down the street, you’re going to get what you wish for — you’re going to blend in with the competition. You’ve failed to differentiate, and the potential client has no reason to choose you — unless you’re the biggest or cheapest option.
So strive to compete at parity, but don’t pitch at parity. Pitching time is differentiation time; stand out, or lose the deal.
Let’s go over Tim’s advice for strengthening pitches to help achieve differentiation for your MSP business …
Tone Down the Technobabble
MSP owners generally come from technical backgrounds. They know computers. They like computers. And they like talking about computers. It comes naturally.
But during a sales meeting, your focus shouldn’t be on the technical side of your business — unless the potential client keeps steering the conversation that way (if you find a fellow tech person to geek out with, go right ahead!).
This bit of advice might sound counterintuitive. After all, you’re an IT company selling IT services. Surely, you want to talk about those services.
Of course, you want talk about your services and the technical side of your business — just be careful not to get carried away. Tim has, through The 20, worked with hundreds and hundreds of MSPs, and he’s noticed that a lot of them struggle with sales because they insist on keeping the focus on the technology, and not on what the technology can do and the problems it can solve. They make the age-old sales mistake of discussing ‘features’ instead of ‘benefits,’ and lose out on tons of revenue as a result.
If you can avoid making the same mistake, it can help you increase your close rate and capture new business.
Listen Up
Tim’s been selling IT services for decades, and has spoken with thousands of business owners. The conversations can go in all sorts of directions, but there’s one thing Tim always makes sure to ask a potential client: What’s your goal?
This simple question is a powerful one. It gets people talking. And it helps you better understand where they’re coming from and what they’re looking for. This is crucial, because you’re not selling technology; you’re selling solutions to problems. You can’t sell solutions to problems you don’t understand.
So ask prospects what they want. Ask them what they’re struggling with, what they’re looking for, what they picture when they imagine working with an awesome IT company. Ask away, and then listen. Really listen.
If you can do that, you’d better believe they’ll remember you. That is differentiation.
So, what do most business owners say? When Tim asks them, “What’s your Goal?”, what’s the response he gets most often?
“We Just Want it to Work!”
That’s right — by far and away the most common response Tim hears is: “We just want it to work!”
This is telling. Potential clients don’t care how their IT works, only that it works. They want computers that do what they’re supposed to do — and they don’t want to pay an arm and a leg for it.
This reinforces a previous point — tone down the technobabble! Technobabble is ‘how’ and potential clients don’t care about ‘how’ — at least most don’t. They just want assurance that your MSP is going to take care of their technology. Explaining how you plan to do that is putting the cart before the horse; before you get into any technical details — to the extent that you need to get into those details at all — you have to convince the person you’re talking to that you’re on their side and that you have their best interests at heart.
And how do you do that? By telling them how nice of a person you are, and how you’re not in this business to make gobs of money, but simply to help people?
No way! You convince them by explaining how it’s in your best interest to keep their technology running smoothly. In other words, you talk business alignment.
“This is about how we do business” – Shifting the Paradigm
As Tim reminded the Channel All-Stars audience, a lot of the business owners you (or your sales team) encounter in the sales process have had bad experiences with IT companies. They’ve been burned. They’ve been slapped with hidden charges. They’ve dealt with sluggish response times and unprofessional technicians. And they certainly haven’t experienced the type of robust business alignment that a really good MSP can give them.
It’s your job, then, to call their attention to the very possibility of such a thing. Really take the time to explain the difference between the break/fix model of IT support and the managed services paradigm. Explain how with your pricing model, you make more money when everything ‘just works.’ That will definitely get their attention!
Let your competitors brag about how their fancy solutions can keep things running smoothly, while you enlist a much more effective sales strategy: explaining why your MSP will keep things running smoothly. Put things in terms of incentives — in terms of goal alignment.
If you can explain the principle of alignment clearly, you can help business owners have an epiphany of sorts. They will realize: “This isn’t about price; this is about how we do business.” They will start to think about which MSP is actually going to give them this amazing thing called alignment. And they will think of you and your wonderfully clear explanation of how alignment works. You will stand out as the MSP that helped them see things differently — in a better light.
Final Thought
People remember people.
Think about movies you’ve seen. Do you remember the endings? The details of the plot? Maybe, but that’s probably not where your mind went first. What you remember — what pops into your head without effort — are the characters. Their faces, voices, ways of behaving. You remember the people.
What does this have to do with sales and differentiation?
Well … everything! When it comes time to pitch to a prospective client, you want to stand out from the crowd — to appear as a distinctive and appealing option and not ‘just another IT company.’ The best way to do that is by connecting on a human level. Don’t ‘pitch’ to prospects; talk to them. And don’t just talk; listen, too!
MSPs that are good at sales understand that the primary purpose of a sales meeting isn’t to impress potential clients; it’s to connect with them — to start building a relationship even before any contracts have been signed. Because in a sea of MSPs with similar-sounding services and selling points, a prospective client will remember the one with a human face.
VISION ’22 Recap
Our Best One Yet!
VISION ’22 is in the books, and this year’s event was truly one for the ages. It set the bar high for VISION ’23, and we’re already feeling pressure to start planning next year’s event!
But before looking ahead, we want to look back at last week’s events. So without further ado, here’s your recap of VISION ’22. If you were in attendance, we hope this is a fun trip down memory lane. And if you missed out … there’s always next year!
Venue — The Omni Frisco Hotel at The Star
VISION conferences are all about teaching MSPs to ‘go big,’ and the venue for this year’s conference was definitely in keeping with that theme.
VISION ’22 took place at the beautiful Omni Frisco Hotel in the heart of The Star, a 91-acre entertainment district built around the Dallas Cowboys World Headquarters and the Ford Center. The vibrant area is packed with restaurants, shops, and Cowboys-themed awesomeness. It’s such a cool setting, we’re pretty sure even non-Cowboys fans dug it!
A huge shout-out to the hotel staff for their consummate professionalism, punctuality, and warmth — y’all crushed it!
Main Stage Sessions
MSPs come to VISION because they’re looking to grow, and they know — or have heard — that our annual conference is packed with content to help them do just that. This year, our main stage speakers delivered the goods and then some! Some highlights …
Panel Discussions
Attendees were treated to two panels at VISION ’22. The 20’s own Crystal McFerran (CMO), moderated “Ain’t No Rabbits” – How Marketing Magic Really Works, featuring top-tier marketers Jimmy Hatzell, Andra Hedden, Emalee Sugano, and Dana Liedholm. The conversation was fantastic and chock-full of insights and advice for growing MSPs. And props to Dana for stepping in at the last minute!
The second panel – Actionable Strategies to Grow Your MSP – featured a group of MSP owners who are doing big things and growing their companies like crazy. Chris Traxler moderated the discussion, and was joined on stage by Eric Emerson, Christian Wartchow, Seana Fippin and Gary Blawat. As members of The 20 MSP Group, these savvy entrepreneurs have risen to the top of the MSP game, and at VISION ’22, they generously shared their knowledge with the MSP community.
Hot Topics
VISION ’22 gave MSPs fresh insights into a variety of timely topics …
Joseph Brunsman’s presentation, brought to attendees by MSP360, broke down cyber insurance on a level that impressed us all. The amount of useful and actionable information that Joseph shared was next-level!
Like cyber insurance, M&A activity is currently a hot topic in the MSP space. VISION attendees got to hear from Scott Renkes and Ted Gwara from Pinecrest Capital Partners, a PE firm that served as The 20’s exclusive financial advisor on our ten recent MSP acquisitions. We’ve benefitted immensely from their guidance, and so too will MSPs that caught Scott and Ted’s illuminating presentation.
The 20’s own Ken Pecot (COO) spoke to the MSP community about analytics — how to use them, which ones to use, and why they’re crucial to the success of any growth-minded MSP. No one understands this topic better than Ken, whose expertise has helped The 20 in profound and measurable ways.
Sales and Marketing
Sales and marketing are crucial to MSP growth, but MSPs tend to struggle with one if not both things. At VISION ’22, our very own Michael Bone delivered an energetic and engaging presentation that helped MSP owners in attendance see what successful sales is really about. And Nabila Moumen from HubSpot took a trip across the pond to give a wonderful presentation on inbound marketing and how to leverage it effectively using next-generation tools. After hearing from Nabila and Michael, we’re pretty sure VISION attendees are going to return to their own sales and marketing programs with newfound enthusiasm and confidence!
Two CEOs Raise the Roof … and Some Money Too!
What happens when a couple of straight shooters — and two of the most successful CEOs in the Channel — sit down to talk shop?
We found out at VISION ’22, where Fred Voccola, CEO of Kaseya, sat down with our own Tim Conkle to discuss the state of the channel. Fred and Tim rocked the house, shared exciting news about what their respective organizations have in store, and initiated an impromptu donation-matching exercise with the audience. The result was $140k raised for The Coventry Reserve, a community that helps adults with special needs live a full, active, and purposeful life.
The 20 MSP Members Only Half-Day
On Friday, it was ‘just us chickens’ (MSP members of The 20 MSP Group), and we wasted no time at all.
Our CEO Tim Conkle kicked off the Members Only Half-Day with an overview of what’s on the horizon for The 20 MSP and for our group of MSP members. Ken Pecot talked about service delivery and gave a preview of some exciting changes in store. Michael Bone and Andrew Churilla gave a powerful presentation on the “art of prospecting.” And Crystal McFerran moderated an excellent panel on MSP marketing, sharing with members both “hard and easy truths.”
It was gratifying to see our tight-knit community come together and get down to brass tacks. Collaborating, cooperating, and conquering this industry together is what The 20’s all about, it’s what VISION’s all about, and it’s why our MSP members are growing fast and having a blast. Good stuff, everyone!
Breakout Sessions
VISION ’22 featured six breakout sessions led by companies at the forefront of innovation in managed IT services: Marketopia, ConnectBooster, SpearTip, SaaS Alerts, Kaseya, Cytracom, and ThreatLocker. Participants got to delve into key topics in cybersecurity, sales, marketing, and more, and came away from the breakouts with actionable insights to grow their businesses.
We’d like to thank our sponsors for planning these awesome sessions, and for your overall participation at VISION this year. Your energy and presence were awesome! And a big thanks to everyone who attended the breakouts, as well. It’s great seeing peers tackle problems and questions collaboratively — hey, that’s what we do at The 20!
Three-note Speakers!
An Emmy Award winning reporter, a retired Navy SEAL lieutenant, and a bestselling author walk into an IT conference … No, this isn’t the start of a joke; it’s what happened this year at VISION ’22, where we were lucky enough to hear from not one, not two, but three outstanding keynote speakers:
Chris Gardner — Businessman, Entrepreneur, and Author of the Bestselling memoir The Pursuit of Happyness
Jeff Crilley — Emmy Award Winning Reporter and Publicity Mastermind
Jason Redman — Retired Navy SEAL Lieutenant and Leadership Expert
But wait, none of these people work in IT — what are they doing speaking at an IT conference? Teaching MSP owners how to kick a** not only in business, but in life — that’s what they were doing!
Chris Gardner’s presentation taught us what it means to dream big and what it takes to turn those big dreams into big wins. Jeff Crilley taught us that “marketing without money” isn’t an oxymoron, but something every MSP can do to stand out from the crowd. And Jason Redman brought us to our feet with his amazing story of survival, redemption, and the extraordinary power of positive thinking.
A heartfelt thank you to all three of our keynote speakers. Your words moved us all.
Party Time!
If three keynote speakers are better than one, so are three parties! There was no shortage of opportunities to have fun this year at VISION …
Rooftop Kickoff Party — Featuring the Dallas Cowboys cheerleading squad and live music from The Buffalo Ruckus
Happy Hour on the Field — Food and drinks out on Tostitos Championship Plaza
VISION PARTY! — This year’s VISION PARTY was so much fun, Zeke Elliott showed up!
Why so many parties? Because we believe having fun is an important part of running your own business and being an entrepreneur. Fun is what energizes and inspires you. It’s what keeps you going and allows you to face the next obstacle down the road. If you’re a business owner, having fun is seriously important.
Plus, we just like to party!
A Few Final Thoughts
Looking back at VISION ’22, it’s hard not to arrive at the following realization: when people get together in the spirit of cooperation and collaboration, something special happens. Magical even.
And let’s face it, running a business is hard work. It takes determination, perseverance, and guts. But the struggle, while often overwhelming to someone working alone, becomes something more when it’s shared with others. It becomes a journey, an adventure, a source of inspiration and fun.
So THANK YOU everyone for your presence and participation at VISION ’22. Y’all make VISION what it is — a celebration of community and the power of togetherness.
Now, let’s get out there and have ourselves a big year!
When Disaster Strikes: Disaster Recovery and Your Small Business
When it comes to preparing for the worst, strive to be the best. Small businesses that invest in a robust disaster recovery plan are much more likely to survive a major incident.
When disaster strikes, will your small business be ready?
Notice the word “when” in the above sentence. At some point, for some reason, your company is going to experience a disruptive event that puts some of your IT infrastructure out of commission. It could be a cyberattack, a natural disaster, or just good old-fashioned human error. But whatever it is, it’s going to happen.
And when it does, having a plan of action in place — a disaster recovery plan (DRP) — will, more than anything else, be the difference between weathering the storm and getting dashed on the rocks of misfortune. Whether your company has 5 employees or 5,000, you need to treat disaster recovery planning like the vital business function it is, which means actually investing in it. Failing to prepare means preparing to fail!
In this blog post, we talk about disaster recovery planning: why it matters, what it involves, and how to approach the task of creating a DRP at your growing business.
Small Businesses and Disaster Recovering Planning
While it’s true that there’s only so much you can do when disaster strikes — many things are outside of our control — it’s pretty clear that small business owners could be doing more. Let’s look at some numbers …
Back in 2015, a study by Nationwide found that 75% of small
businesses don’t have a disaster recovery plan. A more recent report from Shred-it found that 67% of small businesses lack an incident response plan, which suggests that smaller companies are starting to get their act together — although not nearly fast enough.
With so few small businesses giving disaster recovery planning adequate attention, it’s no surprise that 40% of small businesses close permanently in the wake of a disaster (source: FEMA). Without any kind of DRP, a small business is likely to experience lengthy downtime after a disaster, which is expensive — to say the very least!
So what can your small business do to avoid becoming a statistic? Well, the first step is to finish reading this blog post — sound advice is coming your way!
An Important Point to Keep in Mind
Before we get into the nitty-gritty of disaster recovery, a quick word on the nature of disasters. When you hear the word “disaster,” you likely think of dramatic, cataclysmic events — earthquakes, fires, maybe a sweeping cyberattack carried out by nefarious hackers.
But the truth is, the two most common “disasters” are simple hardware failure and power failure. These more mundane, day-to-day disasters might not make the news, but they will take down your IT systems and, consequently, bring your business to a grinding halt.
Keep this point in mind as you cultivate disaster recovery capacities at your own business; you’re not just preparing for highly unlikely and highly
destructive scenarios, but fairly likely (and potentially highly destructive) ones, too. In short, develop your DRP with an eye to the fact that you’re going to end up using it!
It Starts with Backup
The cornerstone of every DRP is a sound backup strategy. Backing up data just means making a copy of it. It’s easy to understand why backup is such a powerful tool in the context of disaster recovery. When disaster strikes and crashes your IT infrastructure, you can lose data. But if that data’s backed up, it’s not really gone, is it?
An analogy: Let’s say your car gets stolen, but you have the exact same car — down to the mileage. You can just start driving your backup-mobile and it’ll be like nothing happened. Problem solved.
Of course, things aren’t quite so simple. Just as having a ‘backup car’ doesn’t negate all of the negative consequences of your car getting stolen, having a backup of your data doesn’t negate all of the negative consequences of a data breach, natural disaster, or any other disruptive event that does significant harm to your business’s IT infrastructure.
That said, it does diminish overall damage considerably, especially in the case of ransomware attacks, which have become utterly rampant as of late.
Let’s review two topics pertinent to developing a sound backup strategy: the “3-2-1 rule” and RTO/RPO.
3-2-1 Rule
Whatever your business’s size or specific backup needs, following the 3-2-1 rule is a good idea when it comes to backing up organizational data. This rule states that businesses should maintain:
3 copies of data
2 (or more) of which are stored on different media formats
1 (or more) of which is stored offsite
The 3-2-1 rule gives your organization resilience. If a disaster wipes out one storage medium, you’ve got the other to fall back on. If a disaster wipes out all of your on-site data, you’ve got the off-site copy to fall back on. The idea is that whatever happens, at least one copy of your data will survive, allowing you to resume operations as swiftly and seamlessly as possible.
RTO & RPO
RTO and RPO are difficult to calculate, but fairly straightforward on a conceptual level:
RTO stands for “recovery time objective,” and refers to how long your business’s IT infrastructure (or certain parts of it) can remain out of commission before it starts to do serious harm to your organization.
RPO stands for “recovery point objective,” and refers to how much data — measured in time: minutes, hours, days, etc. — your organization can afford to lose, counting back from the present. If your company can function normally without data from the last four minutes and fifty-nine seconds, but it needs 5-minute-old data, then your RPO is equal to 5 minutes.
Let’s connect these concepts to backup and disaster recovery.
One thing you want from your DRP is the ability to recover from a disaster quickly. But how quickly? That’s the question that RTO answers by identifying how long is too long. If your RTO is 2 days, it means
you can’t afford more than 2 days of downtime following a disruptive event.
Your DRP should also include a backup solution that makes sufficiently frequent copies of your organization’s data. But how frequent is “sufficiently frequent”? That’s the question that RPO answers by identifying the amount of data your organization can afford to lose. If you can’t afford to lose more than the last 10 minutes of data (RPO = 10 minutes), you want a backup solution that makes a copy of your data (and stores it offsite preferably), every 10 minutes — or even more frequently than that.
Backup vs Disaster Recovery
A lot of explanations concerning the relationship between data backup and disaster recovery overcomplicate things. So we want to put it in plain English: Data backup is an important part of your disaster recovery plan.
See? Simple. Two words tell you everything you need to know: “important part.”
Data backup is IMPORTANT because if you can’t, following data loss due to disaster, recover your data via accessing a sufficiently recent copy of it, resuming normal operations is going to be tough, if not downright impossible.
But it’s only PART of disaster recovery because the latter refers to everything involved in making sure your business can bounce back quickly after a disaster. This goes well beyond maintaining backups of data — as we will now discuss.
Creating a DRP for Your Business
Here are 4 tips to help you get the most out of your disaster recovery planning.
Tip #1: Don’t go it alone!
Creating a DRP for your small business can be daunting — especially when you’re already knee-deep in the day-to-day — so our first piece of advice is simply: Don’t go it alone! Involve your employees (it might even be a good idea to create a “disaster recovery team” whose job is to oversee and develop the procedures included in your DRP), your in-house IT staff/IT provider, your insurance broker, and disaster, backup and recovery (DBR) experts.
Tip #2: Figure out ‘the what’ and ‘the who’!
When drawing up your DRP, you want to include very specific instructions detailing not only what is to be done following a major disruptive event, but also, who is to do it. In other words, assign particular tasks and responsibilities to particular people within your company — and put it in documentation. Who’s in charge of contacting clients after an incident? What about vendors? When disaster strikes and every second counts, you’ll be glad you don’t have to waste precious moments trying to figure out who should do what.
Another component of figuring out ‘the what’ is taking inventory of all the IT assets at your company: hardware, software, devices, etc. Furthermore, assign relative levels of importance to the different parts of your digital landscape. The more important an IT asset is to your organization, the more quickly you want to restore it to full functioning in the wake of a disaster. So establish what’s critical, so that your DRP can prioritize getting those things back up and running the fastest.
Tip #3: Put it to the test!
This is perhaps the most effective — and overlooked — aspect of disaster recovery planning. Small business owners will create a DRP and
then file it away to collect dust. This is a big mistake, because in a disaster situation, the last thing you want to be doing is trying out your DRP for the first time. Practice makes perfect, so run drills that force you and your team to put your DRP into action. Nothing exposes flaws in a DRP like actually trying to run it through. Test, troubleshoot, rinse and repeat!
Tip #4: Work with an MSP!
Disaster recovery takes time and resources. There’s creating the plan. There’s testing it. There’s training employees. There’s revising the plan in light of technological and other sorts of changes. It adds up — and can get expensive if you’re not careful in how you invest.
For this reason, more small and mid-sized businesses are turning to managed service providers (MSPs) for help with disaster recovery planning, training, and execution. A good MSP can help with every facet of disaster recovery and business continuity, and stitch together a DRP that’s tailored to your organization’s exact needs. Moreover, MSPs know how to leverage modern IT solutions like cloud computing and the automation of backup monitoring and reporting to keep your disaster recovery investment from outpacing your IT budget.
If you’re really looking to improve your organization’s disaster recovery and resilience, it might be worth looking into DRaaS (Disaster Recovery as a Service), now offered by many MSPs. DRaaS is a cloud-based solution aimed at minimizing downtime caused by catastrophic events that disrupt IT functions. With DRaaS, a third party (your provider) copies your data and systems to a cloud infrastructure at a frequency in line with your RPO. If disaster strikes and causes your primary site to go down, your DRaaS will trigger a failover — the transition of your workloads from your primary
systems to your standby systems — thereby reducing, if not eliminating, unwanted downtime.
If you have DRaaS, you can rest easy knowing a whole team of experts is overseeing and managing every facet of disaster recovery at your business. Talk about peace of mind!
Final Thought
In the fast-paced world of business, waiting until you have a perfect grasp of something before giving it a try is a recipe for regret and missed opportunities. So don’t let the fact that you don’t perfectly understand all the ins and out of disaster recovery stop you from getting started on your own DRP. You can refine and learn as you go. What matters is that you take those first steps and get the ball rolling!
Top 10 Reasons You Don’t Want to Miss VISION ’22!
VISION isn’t ‘just another IT conference,’ because you’re not trying to grow ‘just another MSP.’
VISION ’22 is only three months away! The 20 warmly invite MSPs of all sizes to join us in Dallas, TX for the premier MSP event of the year. Learn results-driven growth strategies from industry experts, get inspired by an out-of-this-world speaker lineup, and connect with the most welcoming, dynamic, and fun community in the managed services world.
This sh*t is awesome! But don’t take our word for it. Check out this testimonial.
If you’re in the MSP game and are determined to not be ‘just another MSP’, don’t go to ‘just another IT conference’ — come to VISION and learn to be GREAT.
And if you’re still on the fence about attending VISION this year, The 20’s Crystal McFerran and Alexis Williams are here to give you a nudge with the Top 10 Reasons You Don’t Wanna Miss VISION ’22 …
Reason #1 – The Main Stage Speakers
What do an Emmy Award winning reporter, a retired Navy SEAL Lieutenant, and the author of the best-selling The Pursuit of Happyness have in common?
They’re all going to bring down the house on the main stage at VISION ’22!
Reason #2 — The Venue
This year’s conference takes place at the beautiful Omni Frisco Hotel at The Star, a huge entertainment district surrounding the Dallas Cowboys World headquarters and 12,000 seat Ford Center.
Reason #3 — Community
Connecting with other MSP owners who face similar struggles and challenges is what VISION is all about. So don’t go it alone — come to VISION instead!
Reason #4 — Our Sponsors
We have a full slate of industry-leading vendors, including Gradient, MSP360, Huntress, and more! Come to VISION and connect with the companies driving change in the MSP space.
Reason #5 — Exclusive Content
MSPs that want to thrive over the next several years need to be ready for what’s coming. At VISION, we’re going to talk about practical steps your MSP can take right now to position itself for success.
Reason #6 — VISION Party!
Is it really as fun as people say?
Join us at Concrete Cowboy on the night of October 6th and find out for yourself!
Reason #7 — The 20
We approach MSP growth a little differently here at The 20. Spending 2 days with us at VISION is a great way to see what we’re all about, and how we’re changing the MSP game.
Reason #8 — Breakout Sessions
We have a bevy of breakout sessions planned for VISION ’22, covering technical training, sales, and everything in between. Come make a business breakthrough with the right breakout.
Reason #9 — GROWTH!
It’s an exciting time to be an MSP. Demand for managed services is at an all-time high, and at VISION ’22, you’ll learn how to make sure your MSP captures its fair share of the expanding market.
Reason #10 — The Dallas Cowboys
You don’t have to be a fan of ‘America’s Team’ to hang out with the Dallas Cowboys cheerleaders at this year’s welcome reception.
The core tenet of zero trust architecture can be summed up as: never trust, always verify. Traditional security approaches treat a site as a fortress against the outside versus one which accepts it may be breached from inside. Your security plan should treat breaches as an inevitability rather than a possibility, and focus on the response rather than only prevention. Zero trust architecture grants better security, bottlenecks (or even stops) successful attacks, and can improve overall business functionality.
It works so well because it’s not a specific technology, it’s a strategy. Zero trust is technology agnostic (past a certain requisite level of minimum functionality). The hard part is building the policy and then maintaining it. To do so, you need to understand what you’re doing and why at every level.
Never Trust, Always Verify
Security has changed (see here on how to future-proof your MSP). We live in a post-security landscape where you have to accept security incidences as a cost of doing business rather than something you can always prevent. Total security is impossible, but you can mitigate its damage. Never trust a source even if it should be legitimate.
Many modern security problems come from an overabundance of trust inside one’s own network. What makes your job easy can make a threat actor’s job easier too.
Flat networks allow anything to talk to anything else on a given network. The flatter your network, the less work it takes to maintain but the more easily a security incident could spread. A ransomware event on the secretary’s computer probably doesn’t matter, but what about when it spreads across the network? A flat network is a plain of dry grass for the coming wildfire.
The topography of your network can matter as much as which EDR (or XDR) you use, what firewall you have, or even what email provider you use depending on the industry and required compliance. Things have just gotten more complex with the uptick in cloud services and work from home.
The situation is just going to continue getting more complicated. Each new exploit raises the bar in the arms race for security. The era of BYOD (Bring Your Own Device) and now WFH (Work From Home) have just made the need all the more obvious for zero trust architecture. Any device could be legitimate, but it can also become a threat with the right threat actors. Never trust, always verify.
BYOD and WFH
From a security standpoint, the worst thing your company can do is allow people to bring their own devices. From a social or morale perspective, the worst thing your company can do is forbid those devices (without a good reason). The cat’s out of the bag for employee devices in the workplace. You can try to implement restrictions, but it’s easier to just embrace the security implications of BYOD (and WFH).
The problem with BYOD isn’t the fact people bring their devices – it’s the lack of control over them. BYOD isn’t (typically) dangerous because of internal hackers (they may exist, but they’re rare for most businesses), it’s dangerous because the devices themselves may be compromised by the time they connect to the company WiFi or network.
WFH has the same problems, but exacerbated by the fact that you can’t control the network their device (which may not be in your purview) is on, you need a way in for their connection, and multiple services are stitched together to make this all transparent for the employee. You have the worst from BYOD, but all the way up to their connection.
How much can you trust a remote user (outside of what they need)? How much can you trust that same user knowing they might be on an unencrypted, public network? They aren’t malicious, but their network or environment is questionable at best (for most positions).
How do you strike a balance without making the security requirements onerous? You have to assume that something attached to your network is as much a way in as it is a way out for data and/or threats. Zero trust architecture changes this from a matter of who to trust to acknowledging that trust (from a security standpoint) is purely condition.
What It Means for Security
Zero trust architecture is a philosophy for security rather than a specific set of techniques. The implementation is generic at best, but follows an abstract, iterative process. You aren’t following a guide for how to do something – you’re looking at what general goals each security change should have.
Zero trust architecture distills the concept of not trusting everything (or anything) on your network to something memorable and applicable. You need to understand what attack surfaces exist which you can turn into protect surfaces. Each asset on your network performs a specific function – if it doesn’t, why is it there? The next step is to divide a network into spaces where there needs to be some form of trust, and a way to connect each microperimeter. From there, you establish an actual implementation enforcing what needs to happen as a zero trust policy (that is, put the previous findings into a sane policy) and maintain it.
There’s a lot of auditing and understanding the network setup involved for implementing zero trust architecture. You need to understand more than just what comes in and goes out of the network – you need to understand what goes on inside your network to make the business work. What ports need to be available to what networks? How do you isolate devices without choking the business?
Implementing zero trust architecture is an iterative process. Identify, survey, delineate, and then codify and maintain. These steps are effective in almost any process, but they have specific meaning for zero trust architecture. You need to establish your boundaries, then you need to figure out what happens in your purview, then you need to split up regions for sane security. Done right, this is the basis of a policy you can implement and maintain.
Identify the Protect Surface
Your protect surface is the opposite of your attack surface. Any way into your network is also a way in for potential threat actors.
Every unprotected device is a ticking time bomb if not managed properly. Every unknown device is an unknown threat. What do you need to protect overall and what do you need to protect for the business to function? It’s one thing to lose a couple rarely used PCs, it’s another when your core application server or production database gets hit. There are levels in between as well where sometimes the trade-off in security impact is worth the loss in flexibility or convenience to keep a business running.
You need to see what is an attack surface from the outside, but also, what can be used as such internally? A file share which your business depends on is essential, but it also needs some level of trust between multiple types of access. Done right, a compromised machine can only ruin data for a single department or in limited areas. Done (more) right, you have a backup to restore from because this is essential to your business.
Map the Traffic Flow
Every asset you have can create a hole in your security setup. A device needs to have a purpose where it is or else it can become a liability. A dumb, networked printer may make sense in one area, but should it have access to internal networks? It probably won’t matter (hacking is a numbers game for most basic intrusions), but it doesn’t add value at the expense of a potential risk. Each way in can be a liability, so make sure you know what has access to where and why.
This is basically creating a network map with dependencies. If a user needs access to a specific application, and a specific file share, how do they get there on the network? If it’s necessary, you probably can’t wall them off from both, but you can wall them off from other assets, ports, applications, etc. that may exist in the same microperimeter (see below) they need access to.
Define the Zero Trust Microperimeters
Divide the networks into regions which can have a sane policy. A microperimeter is effectively a subsection of your network which is secured as if each other portion is potentially hostile. This means that you are creating the equivalent of smaller LANs (like old school subnetting) but for smaller units using smarter technology for network flow (i.e. not going crazy from maintaining a traditional, paranoid subnet).
If an RDS requires a file share, they’ll probably end up in the same microperimeter, or at least have some path between them. You want assets which depend on each other to have some level of trust between them to prevent security from overwhelming functionality. Unless you’re in a high security environment, it isn’t typically acceptable to make a user jump between jump boxes to do basic computing tasks. You need to define the perimeters in the network based on both security and functionality.
Create a Zero Trust Policy
Once you know what goes together, why it goes together, and how it all goes together, you can begin creating an actual zero trust policy. Does your secretary’s machine need access to the DC? Almost definitely, but does it need access to a privileged engineering share? Probably not. Define your policy on real usage from what you measured before. We define our microperimeters based on our network mapping and what our protect surface is. A good zero trust policy is just enforcing what a network needs to function without allowing arbitrary access.
Zero trust architecture is a process and not a specific technique. How you implement depends on what you have available. A layer 7 firewall might be more efficient for making the separations less painful, but a standard layer 3 setup is good enough for most policies. The point is to separate out assets and prevent implied trust between each computing unit or microperimeter. We can always go back and change out the technology as things improve, but the general process behind creating a zero trust policy is always virtually the same, never trust, always verify.
It’s one thing to let an application server inherently trust its own database server, and another to let a random cloud service have wholesale access to your network. Base your policy on use and the minimum of what is needed to function combined with what the risk is for a given compromise. A minor compromise at a Department of Defense contractor is more impactful than the same level compromise at a franchised fast food restaurant.
Iteratively Maintain the Zero Trust Policy
Once a policy is set, it needs to be maintained. Zero trust is an iterative process. You assess the network and the resources available and you define policy based on what needs access to what and why. Business needs or technical changes can impact the previous policy and make it inefficient. You establish zero trust architecture once, but you never stop iterating over it.
Make auditing and refining your policy something which is ongoing. Small changes are easier than massive overhauls. Quarterly (or ideally more frequently) audit your resources and your network. What talks to what and why? This question is something you need to be able to answer about every line of communication internally, if not, things are falling through the cracks.
You need to keep looking for new holes and new weaknesses. What constitutes a “response” will vary depending on what you need to respond to. All that matters is that you make your policy congruent with the reality of security.
Going Forward
Zero trust architecture isn’t anything new, but the term does nicely package up concepts which have existed in security for ages. Research facilities and more secure government entities have used similar techniques, going so far as air-gapping and similar to achieve much higher stake “microperimeters”. Modern technology has made the principle easier to perform without having to make as large scale infrastructure changes and without the same headache of managing it. A modern firewall can split a network on par with air-gapping or separate networks (for most civilian purposes).
Flat networks are easy to maintain, but risky, while heavily subnetted and otherwise schismed networks are much more secure at the cost of functionality. You need to create the right balance so that your users get the best of both (where possible). Even if you can’t implement a full zero trust policy, preparing one can have its own benefits to shoring up security or even performance issues.
The very process of building a zero trust policy involves auditing the network, understanding what goes where and why, and trying to do something about the flow to prevent potentials roads of ingress and egress. Breaching a computer can breach your whole network and bring down your business, or it can inconvenience a user for an afternoon. It all boils down to how much trust each asset requires at a bare minimum to function at a business and reducing your attack surface around these requirements. Never trust, always verify.
Meet Zane Vakser, Member Success Manager!
Zane Vakser quickly became a tremendous asset to the entire team at The 20. Read below to find out more about Zane.
What do you do here at The 20?
I recently transitioned from a Support Desk Technician to a Member Success Manager.
Describe The 20 in three words…
Ambitious, Accommodating, Adept
As a kid, what did you want to be when you grew up?
A race car driver, which is ironic because I am a terrible “regular car” driver.
What’s the most challenging thing about your job?
Anything with printers – I hate printers.
What do you consider your greatest achievement?
Any of the times I have actually fixed a broken printer.
What do you think is the most important quality necessary for success?
Be willing to adapt, and approach every change with an open mind.
What do you like most about The 20?
The people I work with and the welcoming work culture they facilitate.
What do you like to do in your spare time? / What are your hobbies?
I’m really into music, whether that’s listening, writing or playing. I spend most of my time playing drums.
Where are you going on your next vacation?
No vacation spot can beat the comfort of my bed, so either that or NYC.
What is your top life hack?
Microsoft will pay you to use Bing instead of Google. It’s not my favorite but free money is free money!
Last week at Channel All-Stars, The 20’s CEO Tim Conkle participated in a panel discussion on ‘Strategies to Power MSP Growth.’ Here’s a recap of the stimulating conversation, just in case you missed the event!
It’s been one week since Channel All-Stars, a large virtual MSP event hosted by Channel Program. Our own Tim Conkle (CEO at The 20) spoke at the event, participating in a panel discussion on “Strategies to Power MSP Growth.”
Channel veteran, Kris Blackmon (Chief Channel Officer at JS Group), served as moderator, and joining Tim on the panel were Joe Alapat (Founder & CEO at Liongard) and Steve Petryschuk (Product Strategy Director at Auvik).
When you get such prominent and insightful industry voices in one room, the ensuing conversation is bound to be illuminating — and a lot of fun! Needless to say, this panel didn’t disappoint.
In fact, it was packed with so many actionable insights for growth-minded MSPs, we’d be remiss not to share some of the discussion highlights with our MSP community and blog readership. So just in case you missed the All-Stars event — or if you simply want to revisit some of the awesome content — here’s a recap of the discussion between Kris, Joe, Steve and Tim …
Cha-Change = $Cha-Ching!
It’s no secret that the managed IT services industry is growing and maturing — but not all MSPs are developing at an equal rate. In broad strokes, there are those MSPs capitalizing on market trends and fresh opportunities — the “leaders” — and then there are the MSPs eking out what little growth they do manage to achieve, and struggling to remain competitive — the “laggers.”
So, what separates the leaders from the laggers in the MSP space?
This question kicked off Wednesday’s panel discussion, and a consensus quickly arose among the three panel members: being successful as an MSPs means learning to embrace change.
The MSP world is constantly changing, and lately, at breakneck speed. As technology evolves, so too do customer expectations. Keeping pace with all of this change — and staying competitive — means stepping outside of your comfort zone. It means trying new things, discarding old methods, and innovating and automating at every turn.
As CEO at The 20, Tim has had the opportunity to guide hundreds of MSPs on their respective growth journeys. What has all of that experience taught him? Without hesitation, Tim shared that the “number one difference between MSPs in The 20 that actually knock it out of the park and those that don’t” is that the former are willing to change.
Getting Specific: How & What to Change
What should MSPs be looking to change exactly? The panel turned its attention next to specific areas that MSPs should be looking to evolve to win new business and sustain growth in the coming years.
Make Marketing Matter
The panel agreed that one area MSPs continue to overlook — although many are coming around, and doing so quickly — is marketing. It’s been said many times, but it bears repeating: MSPs need to take marketing seriously.
We’re talking about a fundamental shift in mindset here. Getting serious about marketing doesn’t mean doing one or two things and then sitting back, expecting the leads to come rolling in. It means committing to marketing as a core engine for growth, and sticking with it.
Preferring Recurring
The panelists also discussed the importance of recurring revenue. Long-term, steady growth comes from recurring revenue, not projects. A lot of MSP owners don’t fully embrace this truth — or they do, but don’t always make decisions from an ‘MRR-first’ perspective.
As an MSP owner, you should be looking to boost recurring revenue and wean off project work, but don’t expect to make this transition overnight. It takes time, effort, and a sound strategy.
It also takes saying ‘no.’ In the early days of growth, MSPs can easily fall into the “all revenue is good revenue” mindset — and with good reason. But as Joe reminded us on Wednesday, “never saying ‘no’ to a customer can get you in trouble.”
Saying ‘yes’ to every MRR opportunity can also get you in trouble. Just as not all revenue is good revenue, not all MRR is good MRR. A lot of MSP owners chase MRR at all costs, which ends up diluting their focus and spreading resources too thin. Look to boost MRR, but do so with an overarching gameplan. To quote Joe, you have to be intentional.
Learn to Let Go!
A lot of MSP owners start out filling every role at their business. And when you’re just starting out, you can be a one-person band; it will work … until it doesn’t. At a certain point, you have to give up some control, and let other people manage parts of your growing business.
Some MSP owners are slow to accept this. They get stuck in the mode of trying to do everything themselves — sales, employee training, engineering, marketing — even when it becomes stressful or downright unmanageable.
But it’s like Steve said during Wednesday’s panel, “taking your business to the next level rakes a different skill set.” In other words, you need the right people. This holds true whether you’re trying to make the jump to $500k, $1M, or $10M ARR. Surrounding yourself with the right team is paramount to sustained entrepreneurial success.
Steve encourages MSP owners to figure out their own roles first. Pick a hat, and wear it. Once you know what your role is, you can start building an elite team of people with skills that complement your own.
Keep Your Eyes on KPIs
The panel turned to an important topic next: metrics. Your MSP should be using a variety of metrics to keep track of performance levels, instill a culture of continuous improvement, and identify problem areas. And most likely you already are. But Kris posed an important question to panelists that really got the conversation going: which critical metrics do MSPs commonly miss?
Tim responded with a hard truth: MSPs miss a lot of them. He elaborated that MSPs tend to be great at tracking day-to-day service, but when it comes to the financial side of things, they’re often “missing the whole box.”
You want to get granular with your metrics. What are your most profitable contracts? Which clients are actually costing you money? If you look at elite MSPs, they track profitability at the level of individual contracts/clients. Do the same.
And when a client is costing you money, you have to decide: can this be fixed? If the answer’s ‘no,’ you’ve got to let them go. KPIs and other metrics need to give you data to make hard decisions, or else it will be left to emotion, a point Tim emphasized to the panel.
Not all KPIs are created equal, and it’s important to choose the right KPIs for your MSP. Steve shared an important point with the panel on the topic of selecting metrics: you want to strike a balance between leading and lagging indicators. Lagging indicators shine a light on past performance, and are certainly important — you want to know how your MSP has been doing, and where it’s at.
But you also want data that is forward-looking: leading indicators that give you some insight into the future, and the direction your MSP is heading. Metrics such as Net Promoter Score and CSAT Score are examples of leading indicators that can help you predict churn and retention, and even avoid negative outcomes — when you know a client relationship is suffering, you can take action to improve the situation.
Summing up the panel’s rich discussion of KPIs: get granular, focus on profitability, and look to the future as well as the past.
Nail Scale
A panel on MSP growth strategies wouldn’t be complete without some talk of scalability. If you’re serious about growing your MSP, you have to make scalability a priority. What works with just a handful of clients won’t work with a large client base. At a certain point, your processes — if they’re not streamlined, efficient, and replicable — will break down.
Joe shared a great way to think about scalability: think about turning as many of your MSP’s processes as possible into “managed workflows,” which Joe defined as something that “just runs.” He compared managed workflows to cattle, as opposed to pets, in that they can be easily managed en masse — a terrific metaphor that really captures the essence of scalability!
Final Thoughts
Channel All-Stars was an incredible event with an electrifying special guest in Gary Vaynerchuk, and a stellar lineup of keynotes and panelists. The event truly was a “celebration of the energy that powers growth,” and a reminder that a big source of that energy is community. When we get together and lift each other up, not only do our individual businesses benefit, but also, the IT industry as a whole.
Speaking of getting together — have you registered for The 20’s annual VISION conference yet? VISION ’22 is going to be a blast, with exclusive content for growth-minded MSPs, a fantastic speaker lineup including an incredible keynote (soon to be announced), networking opportunities galore, and the MSP party of the year. It all takes place at the beautiful Omni Frisco Hotel at The Star, home of the Dallas Cowboys World Headquarters.
Follow this link to register for VISION ’22 today!
Meet Shannon Willett, Front Desk Receptionist!
Shannon Willett quickly became a tremendous asset to the entire team at The 20. Read below to find out more about Shannon.
What do you do here at The 20?
My title is Receptionist, but I don’t think that really encompasses all that I do.
Describe The 20 in three words…
Collaborative, innovative, and fun.
As a kid, what did you want to be when you grew up?
As a kid I hadn’t nailed down what I wanted to be, too many choices.
What’s the most challenging thing about your job?
The most challenging part of my job is snack fulfillment. No, remembering that we’re all wired differently and recognizing the best way to help everyone.
What do you consider your greatest achievement?
My greatest achievement to date is truly understanding the fact that you only have one life, so you better go live it!
What do you think is the most important quality necessary for success?
I believe the most important quality for success is perseverance with a heaping dose of positivity.
What do you like most about The 20?
What I like most about The 20 is the diversity of personalities and skills collaborating to make our company successful.
What do you like to do in your spare time? / What are your hobbies?
When she’s up for it, I love to laugh with my daughter, other than that cooking, listening to podcasts, and being outdoors.
Where are you going on your next vacation?
For my next vacation, I’ll be headed to Amelia Island, FL for the 14th annual family vacay with my folks and brother’s family.
The 20 is proud to announce that it’s one of thirteen companies sponsoring Channel All-Stars, a huge virtual event for MSPs that are hungry to not only survive, but THRIVE, during these uncertain times. The event is taking place on June 8th, at 11:30 am EDT. Mark your calendars, because this is not one to miss!
It’s no secret that we live in turbulent times. International conflict, cybercrime, a pandemic — challenges press in on us from all sides. But challenges are opportunities — well, they can be, if you see them from the right angle. Being a successful entrepreneur requires not only taking advantage of opportunities, but seeing them where others see only difficulty.
At Channel All-Stars, you can join thousands of other MSPs from all over the world in a celebration of the power that drives us to grow, even in — especially in — difficult times. The 20 is thrilled to be involved in such a collaborative effort, as it speaks to our core values as a company. There’s nothing — and we do mean nothing — more powerful than a group of determined individuals getting together with a common purpose!
The event is hosted by Channel Program, a company dedicated to enabling communication, collaboration, and community-building in the Channel. Channel Program’s open and democratized platform seeks to foster unity across our $2.2 trillion industry, while embracing a diversity of voices and viewpoints.
Channel Program’s co-founders, Kevin Lancaster and Matt Solomon, are excited to interview the event’s headline guest, Gary Vaynerchuk (aka “Gary Vee”). Serial entrepreneur, best-selling author, prolific venture capitalist, NFT pioneer — you’d be hard-pressed to find someone more qualified than Gary to speak on the event’s central theme: turning business challenges into opportunities for growth.
Matt Solomon shared his excitement about getting to interview such a legend in the business world: “I’ve had the good fortune to interview Wayne Gretzky and Magic Johnson in past virtual events that attracted thousands of viewers. I am just as excited to have the opportunity to speak with Gary Vee about the obstacles he has overcome in his life, the keys to his success, and his thoughts on how to turn business challenges into growth.”
We’re excited, too! This is a golden opportunity for MSP owners to learn from one of the greats.
And, joining Gary is a truly “All-Star” lineup of speakers, including The 20’s CEO, Tim Conkle, who will participate in a panel discussion alongside Joe Alapat, founder and CEO of Liongard. Your MSP can, by attending this free virtual event, glean wisdom from some of the best and brightest minds in the MSP space. Expect actionable insights and practical steps you can take RIGHT NOW to achieve new growth.
If you’re struggling with sales at your MSP, or wondering how to capitalize on emerging opportunities, Channel All-Stars is sure to breathe new life into your business. Attendees will benefit immensely from a bevy of brilliant keynote speakers and panelists …
3 Panels moderated by Jay McBain, Kris Blackman, and Paul Green
Celebrating the power that drives growth is what Channel All-Stars is all about, and we cannot wait to see our awesome community come together on June 8th for an unforgettable event! The MSP industry is up against a lot, but together, we can figure out how to thrive in a volatile and unpredictable economic landscape. And we will.
You can register for this FREE virtual event . See you on June 8th!
Meet Sunny Golani, IT Support Desk Specialist!
Sunny Golani quickly became a tremendous asset to the entire team at The 20. Read below to find out more about Sunny.
What do you do here at The 20?
Try to be better than yesterday!
Describe The 20 in three words…
Teamwork, Learning and Fun!
As a kid, what did you want to be when you grew up?
I wanted to be an airline pilot.
What’s the most challenging thing about your job?
I would say trying to change the landscape of IT and process, but while being hard it is still fun to learn new things as it changes.
What do you consider your greatest achievement?
If I have to name one, it would have to be, obtaining my Private Pilot License.
What do you think is the most important quality necessary for success?
The ability to learn and being able to accept and learn from failures.
What do you like most about The 20?
The teamwork!
What do you like to do in your spare time? / What are your hobbies?
