Choose your acronym wisely
Deciding whether to be an MSP or VAR is the most important you'll make, says Billy MacInnes
17 May 2019 | 0
One thing that can often get lost in all the talk about partners moving from the reseller model to becoming managed service providers is the effect it can have on the dynamic of the relationship between partner and customer.
When you’re supplying, installing and implementing and maintaining hardware and software, there’s still something of an arm’s length type relationship, no matter how ‘trusted’ you are.
One of the big arguments in favour of making the shift to become a MSP is that it makes for a closer, ongoing relationship with the customer. The recurring revenue model means that partners no longer ship and forget with a note to return in two to three years time.
The greater responsibility that the managed service provider assumes, compared to the traditional reseller, makes for a more valued relationship with the customer. By taking on some of the tasks usually shouldered by the IT department, the MSP becomes more entrenched within the customer’s operation. This also means, however, that the potential consequences of failure for the MSP are much more damaging than for a VAR.
And this is where a big problem arises because there’s a real danger that the MSP is likely to be blamed for something that really should be the customer’s responsibility. For example, in the event of a security breach, even if the MSP is completely blameless, they often end up carrying the can and being dumped. This is a consequence of their closer relationship with the customer because it leads to a presumption that they have greater responsibility as a pseudo-internal operation.
The dilemma for MSPs is that they often have to assume more responsibility without being given the amount of control they require to protect themselves and their customers.
For example, a customer might be more than happy to sign up for a managed service but steadfastly refuse to put the security measures in place within its organisation to ensure its operations, including that service, are not at risk from a breach or cyber attack. What is a MSP supposed to do to protect itself when the customer won’t take the necessary measures to defend its operations?
The answer should be unequivocal. If customers are refusing to take the necessary measures taking the necessary measures, MSPs need to fire them because they can’t accept the risks associated with managing them and the prospect of a breach or event. At the very least, they need to have a ‘no harm letter’ in place which stipulates that they are not responsible if such a breach or event takes place.
Turning down business is hard, of course, but it’s better than opening up your business to risk from a reckless customer.
In a recent conversation with one MSP, he revealed to me that his company had fired three clients over the years because “they had become too much of a liability to the firm”. He added that he also knew of MSPs who had terminated clients or deliberately increased their prices to the point where the customers had decided to take their business elsewhere. “You need to protect your organisation,” he said. “You need to set the defined perimeters of what sort of client you want.”
You have to admit that the notion of protecting yourself from your client sounds a little bit weird. But there’s a quid pro quo when you set up a business model designed to help you become more entrenched with the client and to develop a deeper relationship, it also means you make yourself more vulnerable to weaknesses within the customer’s organisation.