Why MSP's need to talk the language of Business

Are you truly aware of the systems that your clients are using?

In today's rapidly evolving business landscape, small and medium-sized businesses are finally realising the crucial role that IT services play in their organisational structure. With the growing popularity of Software as a Service (SaaS) and Infrastructure as a Service (IaaS), organisations are now faced with the challenge of effectively allocating their limited budgets. As Managed Service Providers, it is easy to become complacent in our familiar area of technology, but businesses are increasingly seeking a conversation about how IT can be a driver in their overall success. They want IT to be aligned with their unique business needs, rather than being constrained by outdated models. The recent pandemic has shed a harsh light on our reliance on technology for business operations, exposing the inflexibility of many existing systems. As employees and businesses struggled to adapt, they sought alternative solutions by bypassing rigid IT teams and directly subscribing to online SaaS services, thus giving rise to the phenomenon of Shadow IT.

Shadow IT refers to the deployment of IT systems, hardware, and software by teams outside of the central IT department, typically done to bypass imposed limitations and restrictions. In the past, this often involved the use of USB sticks or personal devices, which still remains a concern for many organisations. However, the rise of online SaaS software and the ability for employees to easily sign up and upload data has led to the emergence of sprawling systems, with numerous SaaS applications that are not visible to Managed Service Providers or central IT departments. This has largely been a result of outdated IT systems that have failed to keep up with the evolving needs of users, hindering their effectiveness and prompting the employees to go out and look for their own alternative solutions.

As Managed Service Providers, it is crucial that we fully grasp the broader business needs of our clients and their strategic goals. Failing to do so will result in employees troubleshooting their own issues, which in turn can introduce poorly configured platforms, unknown data locations, and unaddressed risks. To address this, we must shift the nature of our discussions with clients. Firstly, we need to uncover what we don't know and shed light on the hidden world of shadow IT in our clients. Secondly, we must ensure that our ongoing recommendations are not only relevant but also effective in meeting their unique requirements. In essence, we need to evolve from being mere IT geeks to becoming trusted business risk consultants. 

Set a Benchmark to establish a clear boundary.

Our clients should rely on us to provide them with a comprehensive business risk consultancy service because they often overlook the strategic implications when adopting new services. Instead, they tend to focus on solving specific problems without considering the bigger picture. They fail to address critical issues such as user management for the new platform, the presence of Multi-Factor Authentication, or integration with the Single Sign-On platform. Even when they do consider these factors, they often neglect to configure the platforms beyond their basic settings. 

Let's steer them in the right direction. Let's initiate discussions that go beyond the traditional reach of IT and drill into the true risk position of our clients. To kickstart this process, we need to establish a starting point. Conduct a Benchmark to uncover the risks that your clients and you are unaware of. I would recommend approaching this with a curious mind! As Managed Service Providers, we usually have the advantage of monitoring software in place, which allows us to prompt discussions and generate talking points. Once we have compiled a list of the software being used, we can raise important questions such as:

• Are you aware that these employees are utilising this cloud software?
• What kind of data resides within this platform?
• Do you know if it is configured to align with the organisation's security policies?
• Who has control over the users and their access privileges?

Conducting these Benchmarks should be treated as a discovery process for both new and existing clients. By engaging in this exercise, you are likely to uncover elements that were previously unknown to you, which should be viewed as a positive development. Before conducting the Benchmark, it is important to set the stage with the client, emphasising that you are taking a broader approach than ever before. Your goal is to assist them in gaining a comprehensive understanding of their true risk position. This proactive approach will help minimise the possibility of them asking the dreaded question, "Why didn't you already know this?"

Make the Benchmark approachable and visually appealing, using language that is easy for clients to understand. Avoid the temptation to provide all the answers in one document and instead take the time to explain the findings to them. It's important to remember that for many clients, discovering their true risk position can be surprising, so our role is to help them comprehend that there are straightforward solutions for most of the issues identified. After reviewing the Benchmark, their next question is likely to be, "How can we mitigate these risks?" It is our responsibility to develop a roadmap tailored to their specific needs and business objectives.

A Roadmap that works for them

After revealing a list of risks that impact their business, they will naturally want to eliminate them. However, it is crucial for us to help them understand that this is a continuous journey and there is no such thing as perfection. Each step they take should bring them improvements, but risk will always be present. We should never promise perfection. Before jumping in to moving forward, it is important for us to take the time to understand their business position beyond the technical aspect. Understanding answers to questions like the following, will enable us to guide them on the right path:

• How are they doing as a business, have times been good or bad recently?
• What does the future look like, are their any big projects or plans on the horison?
• What is their appetite for Risk and do they operate in a sector that requires certain compliance?
• What keeps them up at night and what areas are critical to keep them doing business? 

Take small steps and achieve some quick wins. If you want them to join you on this journey, it's crucial to show them tangible successes and help them understand that they have the power to fix things. Consider their budget constraints and encourage them to make progress as quickly as possible, while also emphasising that any improvement is better than none. Start by establishing the fundamentals before diving into more complex technical solutions, and use a progressive approach to avoid overwhelming them. Implementing measures like Multi-Factor Authentication, robust Endpoint Protection, and comprehensive user security awareness training can deliver significant and cost-effective results quickly.

Once you have started implementing the roadmap, it is important to establish a comprehensive 12-month plan aimed at achieving tangible and attainable goals. These goals could include obtaining certifications such as Cyber Essentials or reducing the overall risk score. To ensure success, break down the plan into monthly projects that can be completed to reach the desired outcome. It is crucial to accurately allocate budgets for each project to gain buy-in from stakeholders and avoid the need for additional funding requests. Additionally, make sure to involve the right individuals in the decision-making process, as obtaining approval and support from top-level management is essential for successful implementation. Remember, change is most effective when it is driven from the top of the organisation.

Review your plan and don't be afraid to change

It is crucial to acknowledge that things rarely go exactly according to plan, so it is important to be adaptable and communicate this to the client. As their business landscape evolves, it is natural for changes to occur, and your roadmap should be flexible enough to accommodate these shifts. While the ultimate goal may remain the same, the path to achieving it can take various routes. To effectively stay on top of these changes, it is essential to regularly meet with the client to discuss progress, identify any obstacles or challenges, and gain insight into their current concerns. Regular meetings not only keep the conversation flowing but also allow you to showcase the improvements you have implemented and gain a deeper understanding of their priorities. 

By consistently being present with the client and engaging in discussions that go beyond the technical level, you position yourself as someone who can provide valuable input on broader organisational issues before decisions are made. To prevent meeting fatigue, these regular meetings should become the primary focus of your client engagement strategy rather than be in addition to your existing meetings. While it's still important to cover items such as support statistics and patching schedules, these can be presented in a high-level storytelling format unless further exploration is necessary. The main objective is to maintain focus on the overall journey and the improvements being made. Whenever problems arise, solutions should be integrated into the ongoing journey rather than becoming distractions.

Regularly update the initial Benchmark to showcase the advancements made and bring attention to any new risks discovered. As your journey progresses, the client should witness a consistent decrease in risk. However, if this reduction is not occurring due to the client's lack of engagement, it will be evident why improvements are not being achieved and it will be more difficult for them to hold you responsible if things go wrong.

Transitioning from a sales-driven approach to a consultative one can greatly enhance the effectiveness of selling your services. By focusing on providing solutions to problems, you position yourself as a helpful resource rather than a mere annoyance. It is important to acknowledge that each client's journey will be unique, but the solutions to their problems can be standardised across your service offerings. Not all clients will achieve the same level of success, and that is perfectly acceptable since risk is a subjective concept. As long as clients are truly aware of their risks and are making meaningful progress, we are fulfilling our role as Managed Service Providers.

Clearbenchmark offers a comprehensive solution for Managed Service Providers looking to guide their clients on a transformative journey. To learn more about our platform, visit our website or contact us today. Experience the platform in action by signing up for a free trial and see the impact it can have on one of your clients.