Episode 09: Going Big in the Cloud and Compliance
Listen to the Podcast
Read the Transcript
Erick and Rich discuss a new solution from SaaS Alerts that reveals how much money MSPs can make securing more than just Microsoft 365 and Erick’s AI-powered “30/30/30 strategy” for generating leads on social media. That’s followed by a timely and important conversation with Val King, CEO of Ascent Portal, about the often overlooked compliance opportunity for MSPs. And finally, one last thing: the search for a thief with a sweet tooth who made off with 10,000 Krispy Kreme donuts.
Discussed in this episode:
Police search for thief who stole van loaded with 10,000 Krispy Kreme donuts
Transcription:
12-28-23 MSP Chat Episode 9 Audio Export
Rich: [00:00:00] And three, two, one, blast off! Ladies and gentlemen, welcome to another episode of the MSP Chat Podcast, your weekly visit with two talking heads talking with you about the services, strategies, and success tips you need. To make it big and manage services. My name is Rich Freeman. I am chief content officer at Channel Master, the organization responsible for this fine show.
I am joined this week as I am every week by your other co host, Erick Simpson, co founder of Channel Master, chief strategist, my friend for many years, Erick. How are you? I’m doing well, Rich. How are you doing today? My friend, my business partner, my chief content officer and channel analyst. How’s it going?
It is going well. It is going well. It we’re as we record this, people will probably be hearing this later, but we’re heading into the holidays as we record this. And I’m getting that homestretch feeling here. Just a few more weeks of sprinting. And then we got a little time off.
Yeah, a little time to reflect, to appreciate everything that that we worked so hard to achieve and take a little time off and recharge and get ready to go at it again. In 2024. Cannot wait. Yeah. 2024. Lots of big things ahead for channel mastered for the entire MSP channel. It’s going to be a big year.
Folks, thank you for joining us on the show today. In our interview segment today, we’re going to be talking with Val King from Ascent portal about opportunities for MSPs in compliance, but we’re going to kick things off here by. Focusing in on our story of the week, which comes to us from SAASsalerts.
Now, if you are not familiar with SAASsalerts, this is a cloud security vendor. Their specialty is correlating input from a number of different SAASs applications to help you spot anomalies, signs of trouble. If you’re logged into a system in Chicago over here, but also simultaneously logged into a different system in Australia over there, there’s probably something wrong.
Small example of what of what they do. Today they support Microsoft 365, Google Workspace, Slack. Salesforce and Dropbox, which, by the way, is a pretty robust selection of SaaS applications for a cloud security vendor out there. A lot of them really just zero in on Microsoft 365 right now.
But as we know, Erick, there, there’s an entire universe of other SaaS applications out there that SMBs are using. QuickBooks. Has 8 million users HubSpot, Box, we could go on and on. There are a lot of different SaaS solutions out there. Right now, SaaSAlerts doesn’t support those. But what they have announced this week as we record this, is a new offering called AppWizard.
That, theoretically, Allows an MSP to secure any additional SAAS workload beyond the ones that are built into the product already. Now I say theoretically because SAAS owners will tell you in order to add that additional SAAS workload, we’ve got to have a What they call a viable API to work with.
And so that just basically means it’s got to be exposed to partners and it’s got to be sharing the kind of information that’s relevant to SAAS alerts for purposes of security. So I mentioned location before. If they can’t see. Where you’re logged in from through the API, if they can’t see log in and log out times and some other things, then they can’t do it.
But if that information is available, basically the way this is going to work, Erick is if you are an app wizard user and your customers are using a SAAS workload that isn’t secured by the product right now, you’re going to send information in or the name of that application really to SAAS alerts. They will get back to you within 72 hours and let you know whether there is or is not a viable API for that solution.
If they is, if there is a viable API, they will add that product to the platform within a matter of days. And it becomes available not just to you, but to everyone else, all the other MSPIs. P partners working with SAASs Alerts. Now their estimate is probably a majority. We’re going to find out within the next few weeks here, how many SAAS applications out there are in widespread use among the 900 or so MSP partners SAASs Alerts works with right now.
How many of those have a viable API and how many don’t, but the expectation is that a majority of those potential additional workloads are not. Covered with a viable API. And so there’s going to be a a sort of petition campaign that SAAS alerts is working on to [00:05:00] help collect the names of some of these companies that don’t have an API, but should, they’re going to be working to get more companies to provide this kind of information.
So MSPs can secure these workloads. So two things, Erick, if you are. An MSP who has customers who are using SAAS workloads beyond that short list that I had before, and you’re not securing those workloads. Two problems there. One, your customers are exposed on all that they and their data exposed on all those different workloads, but you are also Leaving money on the table because the SaaSAlerts people are recommending that their partners, once a workload has been added to the system, they’re recommending that you charge 200 per customer per month for each additional application that you secure, which obviously is going to add up 20, 000 a month of recurring revenue, 240, 000 a year of recurring revenue for just one application.
And there are bound to be a number of different applications. that are not secured today, that should be secured today, that your customers will agree they need to be securing. There is a revenue opportunity for MSPs that could be quite considerable. And then there’s also just the serving your customer better angle of actually securing all or a lot of their SAAS workloads.
Yeah. Holy cow, Batman Rich. There, the, so many thoughts, right? First of all, very ambitious, right? Meeting the needs. of MSPs today. As we know, Rich, our customers as MSPs, our customers are moving more and more rapidly to these cloud based applications. It is, that’s where we’re going.
That’s where the puck is going. So let’s skate to where the puck is going to be and address that. So SAAS Alerts now has an opportunity to identify more and more of these cloud applications. These SAAS applications that SMBs are utilizing to identify whether or not there’s a viable API, like you said, and they can create the integration to not only alert and identify suspicious activities, but they can also take some action when there’s suspicious activity afoot, let’s say, right?
So there’s. The huge opportunity for MSPs, there’s the challenge that Sazalert has set for itself at its partners to say, look, let’s elect and nominate these applications so that we can get after it. And then thirdly, there’s this sense of comfort for the MSP that says, Oh, wow, we know that.
We can secure, the perimeter, we can secure the hardware, we can secure the applications that we have control over. Now we have the ability to help secure these applications that we have no control over and provide peace of mind, not only to ourselves, but to our clients as well. And create this revenue opportunity and just for the MSPs that are doing the math, the accounting wizards out there, those numbers are based upon having a hundred customers.
So it’s basically 200 per application per 100 customers equaling, 20, 000 a month and 240, 000 a year. That’s how the math works out. And then for every additional application that’s being brought on board or being covered, another extra 200. So a huge revenue opportunity, rich, something that is timely and I think is going to help MSPs.
And SAASsAlert’s partner channel as well. And I’ll point out that the pricing and the pricing model, all of that is recommended by SAASsAlert. You’re not required to charge those numbers. But they say if you do, you could get up to a 91 percent gross margin on that service. It’s a revenue opportunity and a profit opportunity as well.
All of it really does hinge, though, on the SaaS vendors playing along, and that’s why this whole sort of petition movement that SaaSAlerts is going to be getting started is so critical. What they want to do is collect a lot of signatures from a lot of MSPs at, saying, if you will create the right kind of API we will provide security services for your solution and that’s going to benefit everybody in the ecosystem.
So we’ll include a link. In the show notes to that petition, I’m pretty sure it’s an online page you can go to and hopefully people who agree this is something that we need the industry to be focused on. We’ll go ahead and participate in that. Yeah. Just one more thought on that. As we end this.
This new story, which is, these petitions these signatures, this could also be a way for SAAS Alerts to influence those vendors who have not yet exposed a viable API. To consider doing so. So there’s Oh, that’s exactly the purpose. That’s exactly the purpose, basically.
AppLizard is out in production as of this week, so presumably SAASsler’s partners are saying, and I’m [00:10:00] just randomly choosing a name here, QuickBooks. I’ve got customers using QuickBooks. I want to secure that. And then SAASsalerts goes out and checks is there or is there not a viable API.
And they’re gonna essentially put together like a top 10, a top 20 list of requests like that, that they can’t fulfill because there isn’t a viable API. And then once they’ve got hopefully a lot of signatures collected. In the spring sometime, they’re going to go out to those vendors and say, look, you’ve got thousands of partners out there who would like to be securing your workload.
Help us do it. Here’s what you got to do. Create the right kind of API for us. Let’s go into your tip of the week, Erick. We’ve got a very security heavy show here, and this will be a security related tip of the week, but. I can’t quite tell it’s if it’s a security related tip of the week or a diet plan because it sounds a little bit like a diet plan.
Oh, yes, it does remind me of the 30 30 30 diet plan. That’s where I took my inspiration from right? So this is a 30 30 30 social media marketing strategy 30 30, I don’t mean You know, 30 days of 30, 30 grams of protein, 30 minutes of cardio for 30 days. That’s, I think that’s the 30, 30, 30 weight loss plan you’re referring to.
And it’s more of identifying 30 articles that are of interest to your target audience. Spending 30 minutes a day on LinkedIn and other social media. And then posting for 30 days. And so the idea here is to represent yourself as a thought leader, an industry expert, someone that seen a few things.
Thereby knows a few things and create a warmer attraction to your target audience. As rich channel mastered, we are continuing to explore the limits and the boundaries around AI to help us write research to do research and to maybe give us some ideas on how to compose things and things like that.
We don’t actually. Just deliver stuff right out of AI, right? It’s a tool that, that helps us become more efficient and to gather a lot of information and then maybe to help structure some things, but ultimately it’s us humans that, write the piece, but it saves a lot of time, energy, and effort.
And this prompt I’m going to share. for everyone to use in ChatGBT is a prompt that’ll help you identify these articles. So I’m just gonna, we’ll post it in the show notes, but I’m just gonna read it out loud. And the prompt that you’ll use in ChatGBT is, You are a blogger who writes about the cybersecurity industry.
Find 10 of the most recent news articles in the cybersecurity or technology industry that affects small and medium sized businesses and provide the title and a short story of each article’s key points along with a link to the online article. And Rich, I’ve been experimenting with this prompt. I’ve been doing a lot of coaching with MSP sales teams and teaching them how to use this prompt.
And it works really well, especially now that there’s been an update made to ChatGPT that allows it now to go out and search the internet, right? What it will do is it’ll identify You know, as many of these, if you tell it, find 20 or 30, it may not be able to find 20 or 30, 10 seems to be about the right number at a time.
And it will identify the title of the article, a short summary of the article and a link to the article. And now what you do with that rich is you re you read the article, right? Make sure that it fits. And sometimes it doesn’t, right? Find the one that you like, pull it out, and that becomes one of the articles that you then will share in social media.
And it’s a good idea to get the right hashtags in there, and to tag the folks that you want to make sure that they see that. Now there’s also lots of ways to write prompts to get the hashtags. You could write another prompt, Rich, that says, Hey, review this article summary that it just created, and write, five hashtags relevant to this.
And again, AI is not perfect. It makes a lot of mistakes. So that’s why the human element is so important. Rich, as you well know, but it just helps us create a process and an efficiency around doing this. And I suggest maybe doing, finding 10 articles. Every few days, right? Just to make sure that, you don’t put something up that’s stale that you found three weeks ago that may not be relevant when you get ready to post it.
But here’s a way for you to elevate your brand and image offering tips and advice. And you can even include blog posts that you write as well. If you’re writing blog posts to your audience, include that as well, right? You want to mix it [00:15:00] up and then try to, create that outreach and then create connection.
You can even, Rich, go the extra mile and identify the folks that you want to connect with. And then in the connection request, instead of just saying connect and leaving it at that, write a little note. Hey, thought you might be interested in this article I found. Here’s a link. Of course, AI has done the heavy lifting for you and you’ve proofed it to make sure, it makes sense.
Here’s a link. Let me know what you think. Let’s connect. And now you’re making connection requests as well as increasing your brand and visibility. And that really is the key thing Erick there. The payoff for this exercise is you are. Seeding awareness, you’re positioning your company with potential customers as a thought leader and authority and security.
And that’s that’s a drip marketing process where you want to do that on a consistent, steady basis for a while. Because there, there will come a time for some of the people on the receiving end of these topics and these insights that you share. There will come a time when they are unsatisfied with their current MSP or they don’t have one and they want to get one.
They have an incident and they need help with it. And, who do I know who’s an expert in security and you want your name to pop up when that scenario arises, and this is a way to keep your name top of mind with a lot of potential clients and it’s a way to use AI To accomplish that goal without having to invest a lot of money with maybe a marketing agency or a lot of time in figuring all this stuff out yourself.
You there’s, there will still be time that you have to invest in the process, but you can get a lot of the heavy lifting done with some artificial assistance and and potentially make a big marketing difference for your company. Yeah. And a couple of things to follow up on that rich. This is.
I, it saves me so much time because this is where I’ve shifted to and RTM and channel mastered. Having to research, can you imagine how much time searching and typing in keywords into a browser and trying to find articles this way? And then, trying to find 10 it could take over an hour, 90 minutes, two hours, who knows?
You’re trying to find the right thing. This just allows you to, display these results. in a very concise format with a summary so that you can basically just go instead of how to read the whole glance of the summary. This one sounds interesting. Let me dive into that one. That one doesn’t make sense.
That one. No, I don’t think so. And it just speeds up that process tremendously. And this is not in a replacement for the direct outreach that your sales team or you will do to try to schedule appointments or to connect with folks. It’s just a way for you to warm up. Your target audience. It’s a way for you to be seen as that industry expert or thought leader.
Once you identify the folks you really want to connect with, once they’re connected with you, you’ve given them some really valuable advice and guidance through posting these articles and asking for their feedback, if they respond to you, then great, that’s an open door for you to say, Hey, great.
Would it make sense for us to chat? Let’s see if there’s an opportunity for us to work together. So it just, again it’s a branding and awareness motion that is also a marketing motion that hopefully potentially leads to a sales appointment. Okay, so give it a try folks and let us know how it works for you.
We are going to take a break right now. When we come back on the other side we will be speaking with Val King of Ascent Portal about compliance as an opportunity for MSPs. This is actually a recorded interview that we did with Val on the sidelines of the Channel Futures Leadership Summit in Miami just a few weeks ago.
So if you’re watching on video, The background’s going to change a little bit, but it’s definitely interesting, insightful stuff. Another money making opportunity for you. So stick around, we’re going to be right back
and welcome back to part two of today’s MSP chat episode our spotlight interview segment, our spotlight guest this week is Val King, CEO of Ascent Portal and we’re going to speak with him a little bit about compliance and some other matters. Val, thank you for joining us. You are quite welcome.
Everybody loves to talk compliance, so glad I can be here. Now, you, sir, are something of a serial entrepreneur. Before you founded Ascent you founded White Hat Virtual Technology. Tell folks a little bit about yourself, about White Hat, and maybe the path that got you to Ascent, which is a compliance related business.
WhIte Hat Virtual Technologies began by doing desktop virtualization projects. And then out of that we saw doing those projects that customers had a very difficult time figuring out how to manage them. so Then that began the foray into managed services. And then we figured out that you couldn’t just manage VDI, you could, but for the customers who wanted more, we had to [00:20:00] have Microsoft expertise, SQL database, group policy, server, network.
And so then at some point we ended up with a whole room full of Engineers realizing we should probably just do this whole managed services thing. Now coming from a space where health care and financial services where our primary customers, they had compliance problems. So I was as part of this CAO of a regional health care system.
And one of the first things I did when we got assigned was, okay, so how are we doing on HIPAA? HITECH? How are we doing on our controls that protect patient information control? So wait a second. I have all the responsibility. We’re not doing anything. Okay, that’s not good. Out of White Hat, as a managed services provider, Ascent 1.
0 was born, which was a bunch of pre printed, was 1, 000 controls pre printed on pre printed Post it notes on big, huge Post it note sheets stuck around the conference room, which was fantastic right up until the cleaning lady came through. So we realized version 1. 0, there were some challenges. So anyway, out of that, out of white hat, out of working with companies that required, had compliance requirements, Ascent was born with the idea that compliance need not be difficult.
It not be, need not be a time sucking vortex. There ought to be an easy way to do it. So out of that, the rule was, How do we do compliance? Less than 3 minutes and 3 clicks and know exactly where we are. And that was the foundational statement on which the set was born. tHat that explanation implies an answer to the next question.
But if you were an MSP, And you are responsible for managing more or less everything for your clients. And that includes compliance because they have regulatory requirements. What are the essentials of a compliance management service? Today it is much more interesting because the water level has come up considerably on MSPs, much like we started with antivirus, antimalware.
We’ve had to add firewalls. The water level continues to rise now. At least for our MSP, we require our customers to have cybersecurity insurance. And that’s now the low bar, but only according to the insurance industry, only 50 percent of businesses have it. But since we are required to have it, we require our customers to have it.
So if there’s a problem. The Deep Pockets Theory comes into play, we want to make sure that the customer is in there with us. So that sets the low bar in terms of the 47 carriers that we work with, there is between 6 and 13 controls, multi factor authentication, anti phishing training, and the like.
That have to be in place for that policy to be valid. In other words, you fill out your application, and then if you happen to have a breach, they compare what’s on your application to what is actually reported during the breach. And if those things don’t line up, then they write down your claim or it can write off your claim.
So if I’m an MSP today, that’s my low bar. I’m going to go. And then that’s not me saying you need cybersecurity technology. That’s me taking a look at your insurance policy. I’m probably the only MSP asking to look at a cyber policy might pick up some points there. And I’m going to identify those things that are required by cybersecurity insurance to put them in place for the customer, which is going to probably pull through a lot of projects.
Now, how do we track that? And how do we manage it in a way? That is at a time sucking vortex for an MSP that doesn’t have a pile of resources around. and FTEs to go manage this, then that’s what we leverage Ascent for. And yet, if I can’t figure it out, unless then it’s a multi tenant portal, it’s white labelable, it is something that you should be able to make money on with your second customer and some legitimate money.
Here’s some, alms for the poor and help your customer track at least their cyber security policy. And then if they have other frameworks of controls, PCI DSS for credit cards. Hip hop, healthcare, get a little dentist office somewhere, because I couldn’t answer the question of what’s the state of our cybersecurity program.
And I would venture to say, MSPs can’t answer that question for their customers. This tells you in real time on a score of zero to 100, where am I? So I can say I’m at a 68. We want to be at an 85 boss. Here’s the areas where we. That’s a much better answer. So that’s what, if I was an MSP today, I’d be leveraging the fact that Bao was lazy at one point in his life and wanted a tool some 700 years ago to get me there and leverage something like that so I could build a security practice without having a pile on FTEs that would make me look good.
And as I say, many times I can make myself look like an idiot. I don’t need a vendor’s help. Val we’re very aware of the requirement to strengthen our [00:25:00] end client’s cyber security posture and the need to ensure, like you said, that deep pockets theory to make sure that the portfolio cyber security services that MSPs are delivering to clients align with the requirements of the Cyber liability insurance policy.
This, to me, and of course, I come from the days when we didn’t have to worry about this stuff as an MSP, right? Back in the early days. Firewall, had some antivirus. We were probably in pretty good shape. We had a security program in place for the day. Exactly. What are your thoughts on the need for today’s MSPs and MSSPs to basically mature to the point?
where they are comfortable having these conversations, they are mature to the point where they are evaluating services that complement each other to, to achieve that level of compliance against a client’s cyber liability insurance policy and are having these critical conversations with their customers.
It seems to me that the MSPs have to increase their maturity level and their consultative expertise to like you said, require them to have certain things in place like a cyber liability insurance policy. You have to sign up for our, minimum cyber security portfolio in order to become a client of ours because the risk is just so great for everyone involved.
So share some of your thoughts on what today’s MSPs need to do to play at that level and then what the implications are for them looking into the future. If they fail to become that, that provider of choice for their clients. That’s a great question. I think I would start by getting my own organization.
The highest, since we’re talking about cybersecurity insurance, the highest premium paid by a group. is MSPs because we have access to so many other clients. So reducing my own premium, going through the process of securing ourselves and using that potentially as a value add for the customers and building some internal expertise.
would be where I would start getting my own ship right. Not to mention I don’t want to be in the news because we’ve had a breach. Secondarily today there’s so many outsourced options and, tools like Ascent. For us with Ascent, we’ll help them on board. Their first half a dozen or so clients will be the sales arm for them.
And then we’ll also put the services team behind them if they’re not comfortable delivering it. Now, what do MSPs make on products? Not much. We understand the value of them having those services, but if they can’t, then we will back end them with those services until they can pull that expertise in the house and then for us to back away.
That’s how we’re solving that in practical terms today, but I wouldn’t, instead of the risk of hiring FTEs to build my whole own security practice. I think I would call my shots, something like a SIT, pulls through more security projects. I’m going to make revenue off of. Okay, that’s a place to start.
SimSoc, I’m probably not going to build that. I’m going to go find a partner that can deliver those services that I can feel comfortable with. And I’m going to build my practice out that way in a combination so that between my expertise and growth as an MSP, I’m complimenting with partners and for the pieces it makes sense for me to bring in house after I’ve got a few more customers, I got a little more revenue, I got a little more expertise, then maybe shed some of those partners and bring those services in house.
But to answer the back half of your question, if you don’t do that, I think you’re going to get run over. I think it’s table stakes to offer a minimum of cybersecurity today. If, I think we end up in a world where if you’re going to be in business, you’re going to have a cybersecurity policy.
Because I think the dollars, pay for it all, are coming from insurance companies. And you look at healthcare, you look at car insurance, you can’t have a car without having insurance. And then who’s, and who’s going to go remediate it when you file a claim? The insurance care is going to be, you’re going to go to one of my prepaid providers.
Who’s going to provide the services. So you want to be at a place where you can offer those services, where you stay relevant. Now we’re not there today, but it’s not, doesn’t take too much of a stretch to look into the future and see that if all of our premiums are going to the insurance companies and they’re already beginning to make rules required to get it, that at some point that’s who we’re going to be dancing with.
Do you have a sense for how many MSPs out there include some sort of compliance management service in there? bundle of services that they provide to their clients. How widely delivered, appreciated a service is that, and to the extent that, like you said, this is gonna be table stakes before too long, to the extent that there are a lot of [00:30:00] people out there who are not doing it what are the barriers that are keeping people out?
Just the word compliance who wants to deal with that? Nobody wants to wake up and wrap their head around it. You’re too busy trying to figure out how to get my all in seat, right? How do I. Deliver on ticketing and support. Now, if you’re a very mature MSP and you’re looking for places to expand, makes total sense.
But if you’re the one man band tech, who’s got, tech two and three, and you’re trying to figure out how to automate patching and you’re at that level of the game compliance, I was like a bridge so far away, right? For us. So there was a time when we were a little bitty and tiny as 50 of us now, but when there was four of us compliance, now one of our first customers was healthcare.
So to answer your question. Those companies that are taking care of health care or financial services that already had a compliance requirement, which for me is a, they tend to be very specialized. I would say 20, 30 percent of MSPs actually have a solution in place. There’s about five or six players in the space providing solutions.
But it’s a very small percentage what I’m where it’s driving. The adoption is part customer and part. Part the customer requirement for themselves, but the customer is asking it from the MSP. Do you have a sock to your wheel hostess? Do you have this? Do you have that? We’re starting to see those questions come.
There’s a few states that are making those requests. Is that your question? Or did I leave a gap there? And no, that that, that sets me up, but it’s interesting pretty much entirely to this point in the conversation, we’re talking about this in almost defensive terms, right?
The client is asking for this, the cyber insurance company, you’re going to need cyber insurance coverage. You’re not going to be confident that you’re, adequately covered unless you’re keeping track of requirements, etc. So this is something that you need to do to remain competitive and to keep your clients secure.
But it does make me wonder how much money can an MSP make? How profitable a service is this? What do you charge typically? So a SID portal itself It is about 60 percent less expensive than what the majority of our competitors charge. And I honestly, I get some comments like this must be a toy.
It must not be effective. We take that because it effectively is, I’m not trying to hop by a house with every one of these that it runs, give or take 50 bucks per admin user. We don’t charge for viewers. So an MSP, it’s got, 20 employees. That’s probably maybe three. So maybe 150 bucks a month.
It’s multi tenant, however many frameworks, be it FFIC, HIPAA, HITECH, all that’s free. And if you pay for our ISO hours, if you want our help with that, but outside of that. That’s it. So it’s nickels to get started, but that’s the idea is to get started and to get moving. So from a cost perspective it’s a negligible really.
It’s more a matter of. From a revenue perspective of first and foremost, you’re going to get a lot of project pull through because do they have MFA? And do they, are they doing any phishing trade? Do they have an EDR in place? Those are all projects you can pull through and probably put some services behind maintain for the customer.
And not because you said they had to do it, but because their insurance policy did. And since, and I harped there because that’s the low bar for everybody. And then, if they’ve got more controls in terms of, now we’re seeing CPAs have to have a written information security program. So if you got a little accounting office.
They didn’t have this requirements six months ago. Now they do. Car dealerships now have some new requirements. Car dealerships have requirements because they have social security numbers. So they’re now seen as a type of financial services organization. So a whole lot of organizations that historically have not been employed, millions, forget it, I’m not doing it, now have that requirement.
So I would say it’s very lucrative in that you can make revenue on something like a cent. With your second customer, but you’re going to get a lot of pull through on projects and that if you’re going to bundle ISO hours to help them maintain it, because it’s a real time score, by the way, and this isn’t just one and done as for me, it seemed silly the bank to get attacked some 20, 000 times a month, looking at the scans that are bouncing against our firewall, about 700 or so more legitimate attacks.
And we’re doing. Maybe 40 risk assessments a year of some, I don’t want that to sound like full blown, a little tiny and we’re looking at little tiny aspects with one good audit a year and sometimes I’m making 50 passes at something that I’m getting, give or take 20, 700 folks, give or take a month.
It didn’t take me long to put that math together. So I wanted to have something real time. Are we, is everything staying up? Are we on top of our policies? Are we on top of this stuff? So I think that’s going to pull through ongoing services every year. We see every one of these compliance frameworks add new requirements, which brings about more opportunities to have conversations, more projects to pull through, and [00:35:00] more ways to deliver value to your customer beyond talking about AV and PCs and patching and technology refreshes, this is, things legitimately impacting the business and business conversations that can happen.
The MSP can latch on to, I think to turn into some serious dollars for themselves and it’s not self serving, right? You. This is a requirement the customer has to go through. It might as well be you that helps them get there is the way I see it. So I think it’s, I think compliance is a, I think there’s a lot of money to be had and a lot of services to be delivered and a lot of ways to stand out from MSPs who are frankly afraid of the work clients.
Val, it seems to me that delivering these types of services would not only generate a lot more revenue from projects like you mentioned, But also, the profit margin on these services appear to me to be much greater than typical MSP services because we’re not really rolling trucks all the time. We’re not hopefully having to respond.
To, a lot of situations that require costly labor because we’re relying more on technology and automation and AI and things like that. What are your thoughts there when we look at, say I’m an MSP and I’m thinking, boy, I can, on, even if I work really diligently.
And I get my, my, gross margin up to about 60 percent for my managed services. Compare that to, investing the same amount of, attention in delivering compliance services. Do you feel that those services would be more profitable because of the differential in the cost of labor and less reactive and driving on site to do things and things like that.
Wow. All right. I haven’t, of all the questions I’ve been asked in all the podcasts I’ve, I have sat through, I haven’t had that question before and I think that’s a fantastic question that should have been asked about 15 podcasts ago. How do I want to tackle that? Let me throw additional. Okay. All right.
Add a, I’ll add another zinger and recovering MSB, right? So I see that, right? This is the perspective that I bring. So especially relevant. Now, because of the tech shortage, the increased cost of hiring new technicians and engineers, right? It’s very relevant now. So for me this moves you from the most expensive labor we have.
And from my perspective of talking to other MSPs is the support desk. Now, not so much in the actual dollars of an L one, but a few don’t have a handle on your support cost. That work is going to puke into your project teams and is going to slow your organization down. So what I will say is that, yes, you should be, you may be able to build a new category in ISO services you haven’t had before.
And that’s a premium service. That’s not a commodity today. Not yet. And certainly not built around compliance. You’re also getting to, to see the work coming. So I know when we need to do a policy review because it’s scheduled, it’s not 2 AM on a Saturday night on Halloween. I can see this work coming.
So I’m not paying after hours. I’m not paying double time. I can work this labor into my existing program so that it’s on a consistent delivery. So I can fill gaps around my project portfolio and other things to drive it. So while it is both a premium in terms of the actual dollars and the type of person you’re able to bill, it’s great for plugging holes in your schedule and getting consistent billing month after month, which is what we’re looking for, right?
Reoccurring revenue, validate the payroll to make that margin to keep the wheels on the bus. Shifting our focus to delivering more compliant services, because as we’ve been discussing on this episode, if you’re not moving in this direction, you’re going to be a dinosaur in, in a couple of years, right?
You’ve got to move in this direction as an MSP to deliver these types of services because this is where we are going to. By generating that higher level of revenue, it also allows us as MSPs to Reward and incentivize our existing staff because that’s the other side of the coin. When you talk about this tech shortage, we’re not only seeing, it’s tough to bring techs in, but we’re also seeing our technicians and engineers being, lowered away by other competitors, right?
And part of, there’s a lot of reasons for that, if we can help guard against that by delivering higher margin services, we can then reward. And [00:40:00] incentivize our existing team and get them the tools that they need to do the job to keep them satisfied. Because, we talk about technology sprawl, we talk about vendor sprawl, and all of these things have an impact on that work life balance.
for our teams, right? So for they, we expect them to come in and, work, all of these different platforms and be reactive and be on the service desk and go on site and all this. And we say, look, we’re moving in this direction and we’re going to be more strategic and consultative to our clients.
We’re going to, generate more profit margin. We’re going to reward you. We’re going to invest in the right tools and technology and, I would say. Collapse all these platforms and centralized things to give you a better experience at your job. All of these little details help, I believe, guard against someone just deciding, Oh, I’m going to leave because somebody offered me, more money.
Yeah. There’s something to that. So we can affect that a little bit. But also. Make the rest of their experience there because, we don’t want to leave a good, job as a technician or engineer or a good role. But it’s easier for us to leave if we’ve got this opportunity that’s going to pay us more and I don’t have to deal with all this noise anymore.
And it’s not stagnant. I’d like our guys, I want them to. They’re passionate about technology. They have home labs, they’re buying some of their own stuff and sticking it in there and blowing stuff up on the weekends, mad professor style, but I want them to stay curious and I don’t want to pigeonhole them into, okay, you’re managing desktops and we’re fixing desktops and you have reset your 1000th password this week that there’s no growth there.
That’s not exciting. This is. This is interesting work. It’s new work. It’s pulling through higher end security projects. It validates a reason to go to a CompTIA and load up on some security certs for your team. It’s growth. It’s not vanilla stuff. And so it’s a way to fuel your team with some more interesting work to do.
Your customer is paying for right here. And yeah, you can go someplace else, but if you’ve got a good manager, you’ve got a good gig and they’re feeding you new and interesting things to work on, there’s, I’d many times in my life, I’d have taken less money. To do more interesting work or to be down with the mission of what the company, you’re driving something.
When you get done at the day, you can turn around and look back at the building. Go, we did that we solve that problem. It’s not, I patched my hundredth PC for the week. Woo hoo. Yay. That’s again, that’s table stakes. So I think that I’ve never really looked at it from that angle officially until you asked, but yeah, that’s.
That’s really, I want people that wake up the fire in their belly to go do what we do, because it’s not easy. You have those days where your hands are on your knees. You’re like, what was I thinking? Those days happen, but you have to have the fire. Oh, you have to, but it makes it so much more interesting and entertaining to be able to do interesting work and to solve real problems.
And what’d you do? We want to patch some PCs today. No, I, fundamentally prevented my organization, one of my, one of our customers from having a breach since got incident response at it, managing vendor due diligence. There’s a ton of aspects to that are not typical IT fare that are more interesting and probably makes for a better story of parties.
Val, thank you so much for joining us. I want to leave folks in our audience with a phrase that you used at one point in the interview that really resonated with me. Anyone out there in our audience who is not providing compliance management services because they’re afraid of the word compliance they’re doing themselves a disservice, they’re doing the clients a disservice they’re doing themselves a disservice from the perspective of employer recruitment and retention.
This is really something that people need to be working into the mix and there are ways to do that make it a lot easier. It’s not scary. It I mean it’s pioneering in terms of what the customers are rolling it out to your customer, but in terms of how to build that practice for yourself it’s not, a big bag of Legos and no instructions and you having to figure it out.
It’s fairly well baked. So you can ease into it with some simple steps, do some testing and figure out if it’s right for you. Not a whole lot of money, not a whole lot of stress. You need to get there. I don’t care if it’s a set or anything else. If you’re an MSP and you want to be an MSP, you need to be able to offer security.
You need to be offered compliance services. And this is a way to, to slide into this business in a way that creates revenue while you’re learning and you can get into easy, you’ve got some bumpers around you, so you don’t screw it up so that you’ve got a way to get where you need to go. I think that’s the problem is security looks.
It looks like it’s something on the other side of a canyon from where you are. I don’t even know how to get there. It’s like watching a magician do something awesome. It’s fantastic. You’d like to know how they do it. Ah, I can’t do it right now. You can, it’s not that hard in terms [00:45:00] of the path there is fairly well beaten now in terms of for those that want to get there and want to do it, who don’t want to be pioneers hacking their way through the jungle and there, there’s a lot of revenue there.
to be had. And I, the last piece I’ll add, and I know we’re done, but I was did a very little very light amount of research and I was told that there’s 1900 different security products in this space today. That just seems overwhelming. What do I even buy? What do I recommend? How do I build a stack out of that?
And it was one thing that I figured out with Ascent, because it wasn’t its purpose. Its purpose was to make my life easy at a hospital. That was its purpose, right? I’ll be honest. That was it. But it was 1. 0 and protect, the debris is blown across my backside. So what we discovered was working through compliance, it pointed out holes in the organization.
We talked about cybersecurity policies and that pulling through projects. It pointed out holes that led us build. What products do I need of that 1900? I need MFA. Okay, I can solve that problem, but which of 1900? So it became a good guide going forward. So I have, I’m wanna do CIS controls, I’m gonna do, IG one, or I wanna do IG two.
Okay. Those things are going to pull through more products and more solutions, but it’s gonna be very pinpoint. And you, to your point, you can see it coming. When you can recommend it, you go find your partner, line them up to deliver it. So it’s not 1, 900 products. It’s what does this customer need to be compliant?
What products are those and then how do I wind that in and that’s, it’s a such a better place to be than reactively trying to respond to an audit or an exam or something else and having to run around, spend your most expensive labor trying to solve problems, ease into it, make your revenue, let it drive your security program and your QBRs related to security.
And breathe. It’s not that for folks who are listening or who are watching, they want to get in touch with you. They want to learn more about Ascent Portal. Where should they go?
Ascent portal. com, A S C E N T portal. com. My name is Val King. You can also find me on LinkedIn. I’m happy to talk to you myself, right? Because if I’m you, I want to understand it. Make sure that you’re not screwing up and you can screw up all by yourself. You don’t need me. But you can go to Ascent Portal, you can get a demo, you can get a 30 day free trial.
We can walk you through it and make sure you’re comfortable with what you’re signing up for before you unleash it on your customers. One other important aspect, which I get on occasion is, oh White Hat, that’s an MSP and you’re going to come snake my customer. No, there’s a clause in our contract that says, if we ever take one of your customers, you will get all your money back, from day one.
So not interested in your customer. I want you to be better. I want you to be successful. This has been something we’ve had in the skunk work program for seven years for us, which has served us very well. And now we think it’s at a place that and frankly, we used it as a competitive advantage ourselves.
And now it’s got legs and it’s worthy of helping other MSPs. And I’m much more interested in that, making this community better, which is why I’m on podcasts and doing speaking events is I want to give back, right? This industry has served me very well for the last 11 or so years. And I want to give back to, I’m still interested in making a profit.
I’m not going to lie about that, but I’m definitely interested in serving and helping other companies get where they need to get and hopefully avoid some of the bear traps we’ve stepped in along the way to get here. Thank you. Thank you very much, Val King. Appreciate speaking with you. We’re going to take a break, folks.
When we come back on the other side, Erick and I are going to wrap up the show share some final thoughts on this topic of conversation. Maybe have a little fun. Stick around. We will be right back.
And welcome back to part three of this episode of the MSP Chat Podcast. Big thanks again to Val King from Ascent Portal for joining us. I love this topic Erick, because compliance is one of those areas where I think A lot of MSPs are missing out on that business opportunity because they’re not 100 percent confident of their ability to deliver the service.
And this is one of those areas where there are options out there for the MSP who doesn’t have compliance expertise in house. And this is obviously what what Val and his company do, but it’s just, one of those things. You shouldn’t be ignoring given that all your clients need help with it just because it’s not something that you’re certified in right now.
Yeah, you’re absolutely right, Rich. I think the most successful MSPs and MSSPs that I’ve worked with are the ones that are focused on compliance and [00:50:00] demonstrating compliance to regulatory laws and also Compliance against a business owner’s cyber liability insurance policy. But compliance is where quote unquote, the big money is, these are the folks that have to take action to maintain and demonstrate maintenance in terms of regulatory compliance and cybersecurity compliance.
So it’s a huge opportunity. And I think you’re right. A lot of MSPs look at this as. Ooh, that’s a little bit outside of my wheelhouse. We want to get there at some point, but they just really don’t have a strategy or an understanding. Of how to attack this opportunity. And I think, a scent portal provides that that option.
And there are other vendors out there that have solutions or have added services to say, I know it has a product as some of the other big. Names out there have some sort of compliance assistance that you can get. A sense is definitely an option to check out. There are others out there.
Just don’t let that low comfort level with the topic keep you out of the market because most of your customers have compliance needs. And the obvious one is cyber insurance. Everybody, we hope has that requirement. And you’re putting yourself potentially at a competitive disadvantage if you can’t.
provide any compliance assistance. So check that out. Ericka leaves us with time for one last thing, and it comes to us all the way from down under in Australia specifically from Sydney, Australia, a town called Collingford, which is northwest of Sydney. This concerns a recent theft of a van very early in the morning on a weekend I believe morning.
And the question I have, Erick, is, was the thief stealing the van or the cargo inside the van? Because, it was a white van and car theft, you could imagine that being the motive. But inside the the delivery van was 10, 000 Krispy Kreme donuts, freshly made. That this thief made off with if not for the fact that the suspect was described as a woman in her early 30s I might suggest that the police put out an APB on Homer Simpson, because I’m thinking it’s the donuts and not the vehicle that this person may have been going for, and 10, 000 donuts, that’s that’s paydirt.
Yeah. And you can just imagine, Rich you took my phrase. I was going to say there was an APB put out immediately and I’m sure law enforcement prioritized finding those doughnuts right immediately. Because as the old joke is law enforcement loves their doughnuts. And so do we, I’m wondering where the where the coffee.
Van was, there’s a perfect, there could be a perfect strategy here. Oh, it’s the Starbucks van and the Krispy Kreme van. We’re gonna create this diabolical theft and now we’ve got, breakfast, donuts and coffee for 10, 000 people. Is there a festival going on somewhere or something? I like it.
I like it. Yeah. Yeah. That’s the thing for the police to check out basically. Was there a coffee theft? Cause there might be some connection between those two things. bEfore we make it off to go or make off to go get some donuts of our own here, we’re going to thank you very much for joining us on MSP Chat.
We’re going to be back again next week with another episode for you. If you are listening to us on audio did you know that you can check us out on video as well? Look. for MSPChat on YouTube. Every episode goes up there. If you’re watching the YouTube video, you can also find us wherever you get.
Whether that’s Google, Apple, Spotify, you pretty much name it, you’re gonna find us there. Regardless of where you find us, video, audio, please subscribe, rate, review, help other people find the show so they can enjoy it as much as you do. MSP Chat is produced by the great Russ Johns. He is available at russjohns.
com. He is also part of the team here at channel mastered. If you have a podcast or would like to have a podcast, Russ can help you out with that. So let us know by all means. So once again, we are going to see you next week on the next episode of MSP chat until then folks. Thank you once more for joining us.
And remember you can’t spell channel without MSP.
[00:55:00]