By Rich Hervig, Brightside IT
I don’t wish to be overly alarmist, but I don’t believe I am when I say that businesses in the MSP industry are rapidly approaching what will prove to be an adapt-or-perish moment. At issue is the fact that clients are coming to view the solutions we MSPs deliver as simple commodities. The day is soon coming when MSPs that aren’t delivering either the cheapest or the best tools are very likely to lose commodity-minded customers to whoever is. And, for those MSPs that do offer the cheapest or best tools as a primary value proposition to clients, margins are likely to start tight and only get tighter.
Given this approaching reality, the best (and perhaps only viable) way forward is to make sure your value proposition to clients isn’t about delivering tools, but about delivering results. This requires developing a thorough understanding of clients’ needs and motivations, as well as the problems they come to you to solve. It also means remaining in the driver’s seat when it comes to how you and your client frame and discuss the tools and services you provide. If you give clients an opening to treat your toolset like an à la carte menu, or question where they might replace a tool you prefer with a cheaper alternative, you’re likely on a quick path to becoming a simple delivery and management service for commodities.
On the other hand, clients are seldom eager to concern themselves with the details of the specific solutions their MSPs provide – the convenience of relying on experts to select and effectively manage technologies beyond the client’s understanding is an inviting feature and a reason to enlist an MSP in the first place. If you keep the discussion focused on the results you ultimately provide, and maintain effective services in that regard, the fact that you use any one specific tool rather than another need not come up.
The mandate to achieve regulatory compliance is a strong motivator that drives businesses in many industries to enlist a knowledgeable providers of managed security services. Ensuring a client’s compliance – and peace of mind when it comes to potential regulatory penalties – is perhaps the strongest of the results-defined services MSPs should frame their value propositions around.
For instance, healthcare and related businesses that are covered by HIPAA must take extreme care in maintaining compliant practices, even as the complexity of the law all but requires specialized expertise in order to comply successfully. Failure to comply with HIPAA can result in fines totaling into the five-figures, plenty enough to devastate a small or even midsized company. Worse than that, non-compliance that leads to the exposure of patients’ protected health information (PHI) can result in criminal action being taken against individuals, putting business leaders at risk of personal fines or even criminal prosecution for the most egregious offenses. Reputational damage is also a big concern; past failures to keep patients’ private information can be easily found by potential clients.
In our own case as an MSP, we’ve succeeded in framing our core offering as providing HIPAA compliance-as-a-service. From a technology standpoint, we utilize tools that allow us to conduct HIPAA risk assessments, compliance verification, employee training and compliance coaching, audit support, and more. Our technology stack also includes key tools, such as Beachhead Solutions’ SimplySecure for delivering HIPAA-compliant data encryption and remote access control over devices. However, these specific tools are invisible from our clients’ perspective: we detail solutions and the results we achieve in client-facing materials, not the tools themselves. On occasions when a client might ask why we aren’t using a free tool they happened to hear about in order to offer cheaper service, it’s simple for us to explain that the end result we deliver – fully effective HIPAA compliance – is dependent on the solutions we do put in place, and that anything less than fully effective isn’t effective at all. If a data breach occurs, regulators won’t offer just one percent of a fine or one percent of a prison term for coming close. They won’t just put part of your name on the wall of shame. And those enforcement actions may well put you one hundred percent out of business.
Put it that way, and clients understand there are no HIPAA-compliant half-measures and enlisting an MSP that gets the job done right is worth it. Bargain shopping for tools might save a few bucks, while the right compliance-oriented MSP might save a client’s company.
About The Author
Rich Hervig is CEO of Brightside IT.