This MSP’s investments in industry compliance certification and private cloud offerings are paving the way for new growth.
Lee Bird remembers vividly when he started break-fix company Btech in 1989. It was the same year the World Wide Web was founded and AOL launched its Instant Messenger chat service and began welcoming users with the iconic greeting, “You’ve got mail!” In 2000, Bird decided to focus on providing affordable, managed IT security services to credit unions — well ahead of managed services becoming a common offering. Back then he had five credit union clients, and today Btech has 110 active credit union customers. “This industry has incredible peer support,” he says. “Eighty-five percent of our leads come from referrals. Unlike some industries we worked with in the past, including banks, credit unions are not afraid to refer you to other credit unions if you do a good job. They are typically not-for-profit businesses, and they have a culture focused on serving members rather than on trying to outperform other credit unions.”
Homing in on one market has enabled Btech to identify specific needs shared among its client base and to develop a higher level of expertise. Within the past couple of years, Bird identified three areas that have contributed the most to his company’s sustained growth.
1 — Embrace Regulatory Requirements
After 2000, Bird says regulatory requirements became the primary driver for IT solutions and services purchases among credit unions of all sizes. “Credit union examiners perform financial audits, which also entail evaluating IT systems and data protection policies,” he says. “A credit union may undergo an audit once every couple of years, once a year, or even once a month depending on a variety of circumstances, including how prepared the organization is for its first audit. Knowing that examiners take into consideration the independent audits that credit unions undergo to comply with industry regulations, this is where we’ve focused our efforts.”
Btech does not perform the audits, as that would be a conflict of interest. But it does work with independent third-party consultants and coordinates audits for its clients. Additionally, it helps resolve problems uncovered by the audit, which could range from inadequate firewall protection to the need to segregate job duties and responsibilities so that no one has access to data and systems outside of their immediate area of responsibility.
Ever since the Sarbanes-Oxley Act of 2002 (i.e., SOX), credit unions have been required to demonstrate they have internal controls over their financial reporting. The audits credit unions and other service organizations underwent to prove compliance were known as the Statement on Auditing Standards (SAS) No. 70. An SAS 70 Audit represented that a service organization had been through an in-depth examination of its control objectives and control activities, which often include controls over information technology and related processes. As Btech’s business evolved, Bird made sure to keep up with SAS 70 requirements, including working with SAS 70-compliant technology vendors.
In 2011, Statement on Standards for Attestation Engagements (SSAE) No. 16 took effect and replaced SAS 70 as the authoritative guide for performing a service auditor’s examination. SSAE 16 established a new attestation standard to contain the professional guidance. In 2015, Btech made the strategic move to become an SSAE 16 certified organization. It was an expensive move but one that Bird says has been well worth it. “Becoming certified took a year organizing the documentation to meet the SSAE 16 audit requirements, and it cost $35,000,” he says. “But, except for a handful of the largest IT providers in the country, it sets our company apart from our competitors.”
Btech prominently displays its SSAE 16 certification on its website, and Bird says it’s the primary topic his salespeople lead with when engaging new clients instead of talking only about services, features, and costs.
2 — Sell SSAE 16-Compliant Private Cloud Services
Like the SAS 70 requirements, SSAE 16 certification requires Btech to work only with SSAE 16 certified vendors. While seeking vendors that met this requirement, Bird came across private cloud service provider CUProdigy last year and began evaluating the company’s services for its clients. “We’re introducing private cloud services to our clients this year, and we believe it’s going to be one of our biggest new revenue drivers,” says Bird. “Credit unions want to take advantage of the cost savings, performance advantages, and security advantages of the cloud, but they can’t use public cloud companies like AWS and Azure due to regulatory compliance requirements. With CUProdigy, credit unions have NDAs [nondisclosure agreements] with the cloud provider, and they always know where their data is.”
Bird says the biggest cloud opportunity he sees is selling Infrastructure-as-a-Service (IaaS). “Credit unions have been buying hardware and software for years, and they don’t have enough resources to manage them,” he says. “They don’t want to spend money every five years to refresh hardware, and from a disaster recovery [DR] standpoint, examiners want credit unions to store their data outside their local region. CUProdigy is owned by 20 credit unions, which gives our customers further peace of mind that this opportunity is a fit for their business.”
3 — Keep Your Sales Funnel Full At All Times
Even though more than 85 percent of Btech’s new business comes from referrals, it doesn’t exclude the MSP from advertising, says Bird. One of the top lessons he says he’s learned over the past few years is not letting up on marketing when sales are good. “You have to have a message with good timing and brand consistency,” he says. “I come from the old school of sales before social media and even before fax machines. Everything was about phone calls and meeting with clients face-to-face. After getting back to these basics, we started seeing positive results in our sales funnel once again.”
Btech has clients throughout the country, so it’s not possible to personally visit each one all the time, but attending regional credit union trade shows does enable the company to see a large percentage of clients in a short period. “Credit unions like to work with solutions providers that work with credit unions,” he says. “It’s important for our clients to see us at their trade shows. Missing a credit union trade show is like forgetting to buy your wife flowers on Valentine’s Day.”
Lee Bird, president, Btech
Bird attends 8 to 12 trade shows a year and often gives presentations at the events. “The presentations are always educational, and oftentimes I like to focus on security topics such as the latest security patches for Microsoft SQL server, the importance of antivirus, ransomware threats, and similar topics,” he says.
In addition to attending and speaking at trade shows, Bird says emails and personalized, one-page mailers are part of Btech’s marketing strategy. “We have about 3,000 credit unions on our mailing list, and we get 20 percent open rates on our electronic messages, which we track with Constant Contact,” he says. “When we send mailers, I personally sign each one, and those yield approximately 2 percent follow-up responses from prospects, which is also very good.”
The target audience for Btech’s messaging is CEOs, CIOs, and CFOs, says Bird. “These are the decision makers who are tasked with keeping their organizations compliant, and they understand the dangers of being deficient in IT.”
Btech’s sweet spot is credit unions with between $200 million and $500 million in assets, says Bird. “These organizations typically have one or two people focused on day-today IT tasks, but they need someone like our company that can help them with their compliance requirements.”
Bird says that he wishes he had 25 people selling services for Btech as he did back in the break-fix days, but he prefers the annuity business model over the previous model. “The kind of business we’re building now can scale without requiring us to hire a lot more employees,” he says. “For example, we’re currently managing more than 100 firewalls for our clients. We could easily scale to 200 firewalls without having to hire another engineer. The cloud creates a win-win for us and our clients by removing the minutiae of managing boxes and blinking lights and allowing us to focus on the best ways to use technology to solve complex business problems.”