Is The MSP (Managed Services Provider) Model Broken?

Break/Fix
The evolution of the MSP started in the 1990s with the emergence of application service providers (ASPs) who helped pave the way for remote support for IT infrastructure. From the initial focus of remote monitoring and management of servers and networks, the scope of an MSP's services expanded to include mobile device management, managed security, remote firewall administration and security-as-a-service, and managed print services.

The model really came to the fore in the UK in the 2000s, so it’s been with us now for around 20 years or so. Over the last 5-10 years we’ve seen a huge shift towards focusing on Cyber Security, largely driven by the massive increase in hacking and phishing and other nefarious activities. Alongside this, we’ve also seen the maturity of RMM (Remote Monitoring and Management) software, with names like SolarWinds, Autotask, Kaseya, ConnectWise etc. dominating the MSP market. These pervasive platforms are now recognized as the gold standard for managing customers’ IT systems. They underpin most MSPs business operations, to the point where we’ve seen marketing slogans like “In God We Trust, Everything Else We Monitor!” Really?

With the focus on Cyber Security and the ongoing battle to prevent attacks, detect threats and remediate issues, MSPs have turned to their RMM platforms to assist them with the huge task of keeping their customers as safe as possible. And herein lies the problem….

RMM Poses a Threat

Security watching surveillance cameras

So, how does RMM work exactly and why does it pose a threat? The basic premise is that software agents are installed on all your devices, which monitor their health and report back to a central RMM platform. They’re able to do this because they have full administrative access. When your MSP is alerted to an issue, they can take over control of that device and fix the problem. Unfortunately, to be able to do this, the software agents must be “open” to the Internet to work properly. Furthermore, the main RMM platform, which is often Cloud based, relies on “backdoors” to allow full communication with the agents.

Compound Interest

Unlocked Padlock

Albert Einstein said it was the eighth wonder of the world. It’s certainly a great concept, except when it comes to Cyber Attacks!

What if I were to tell you that this is the very concept that hackers now use to target the millions of SMBs out there. These are typically the businesses that say, “it’ll never happen to us” or “why would they target us, surely we’re too small?”

Here’s some stats from the Federation of Small Businesses: At the start of 2020 in the UK there were 5.94 million small businesses (with 0 to 49 employees), 99.3% of the total business. SMBs account for 99.9% of the business population (6.0 million businesses). SMBs account for three fifths of the employment and around half of turnover in the UK private sector.

It’s true, hackers aren’t targeting you specifically. They’re not even targeting your MSP. Instead, they’re going after the RMM vendors because they realize that time invested in executing 1 or 2 targeted attacks will allow them to reach potentially millions of users! Compound Interest.

Is there a better way?

Think about the term IT. It stands for Information Technology, information first and technology second. Modern business runs on information and technology is just a set of tools.

MSPs have become hung up on the technology. RMM has given rise to the concept of proactive resolution of IT issues. This is where your MSP will fix potential issues on your infrastructure (Servers, PC’s, Laptops, Switches/ Routers etc.), often before you even know there’s a problem. This has created a culture in the industry of faster resolution times, tighter SLAs and a race to the bottom.

Do you really get any benefit from this? Think about what value you get from that weekly/ monthly report that you receive from your MSP that tells you they’ve automatically fixed 573 issues. Is this reliance on RMM really for your benefit? Or is it just a way for MSPs to cut their support costs through automation? Your managed service boils down to handing over total control of your IT assets to a 3rd party, just so they can fix IT problems that you didn’t even know about!

The reality is that the technology we use now just doesn’t fail as often as it used to. But still things do go wrong and that’s when you probably do need some support.

A Different Approach – Information First

Locked Padlock

You deserve Information First Technology that compliments and enhances your business. A different approach that switches the focus away from RMM and on to:

Information Management – Being able at any time to put your finger on exactly the information you need right there and then. Confident that everyone is working on the same versions and, even better, no worries about losing it by mistake.

Information Security – Protecting your data and ensuring it’s safe from hackers and fraudsters. Too often the Information part of IT is overlooked and security is an afterthought.

Compliant Systems and Support – Why focus on RMM and fixing issues you’re not even aware of? How about we just don’t have those issues in the first place? Why not create a compliant framework that considers how your information is structured and who has access? How about extending that framework to your technology, making sure that what you use is fit for purpose? Support is then available when it’s really required.

This new approach could help businesses empower their staff to become even more productive. No matter what environment they’re working in now in 2021 (Office, Remote, or Hybrid), they can be safe in the knowledge that they can access the information they need using compliant tools and devices, to carry out their day-to-day tasks.

Want to know more?

If what we’ve discussed in this blog sounds familiar and you want to know more, why not get in touch with us:

E: enquiries@macnamara-ict.co.uk

T: +44 203 4439 451

Like this article?

Share on Twitter
Share on LinkedIn
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

Making Sense Of Information Security

Making Sense of Information Security – Online Course

In this series of 5 short tutorials, ‘Making Sense Of Information Security’, Ciaran delivers a step by step guide on getting to grips with this at times tricky concept. Aimed at office managers, we cover areas such as how to get senior management buy-in, how to undertake a risk assessment, how to approach treatment of those risks, your responsibilities to data subjects under the GDPR, and more.

Read More »
copilot-logo

Enhance Productivity with Microsoft 365 Copilot

AI tools are transforming how people approach their work, but online ‘free’ tools such as ChatGPT are not secure for businesses to use, and you should never enter any confidential or personal information into free online AI Services. This information can be used to train the AI and make it available to other users, and may constitute a data breach.

Read More »
3D rendering. Abstract background concept of cyber security and attack, system crash.

The 7 Most Common Attack Vectors in 2024

With the rapid onset of new technological capabilities, cyberattacks are a very real threat to any modern business. After all, as more businesses implement new technologies into their business, cyber attackers gain more new targets to try their hand at.

Read More »
Scroll to Top