alphaspirit - Fotolia
IT assessments are growing up.
The role they play for both channel partners and their customers is more critical than ever before. For partners, in particular, assessments are a revenue generator, a potential practice area and a vital part of IT strategy planning. An IT assessment also provides compliance and security well-being for partners' clients.
As the market evolves, so does the importance of doing IT assessments. As industry participants acknowledged, yesterday's assessments were about technology; today they're about technology and a strategic business discussion with the customer.
"Assessments are moving away from telling customers what technology they need and towards conversations about, 'How can I help you solve your business challenges?'" said Peter Kujawa, president of Locknet Managed IT Services, a division of EO Johnson Business Technology, Wausau, Wis.
For Kujawa, and other savvy channel partners, assessments are part and parcel of new customer engagements and they're a billable service.
Oli Thordarson, CEO of Alvaka Networks, based in Irvine, Calif., said that now more than ever he views the relationship with his company's clients and what he does for them as a service relationship and a trusted advisor relationship. To earn that title, his firm has to know more about the customer's IT infrastructure and what's going on with their systems than they do.
For that, Alvaka Networks needs a good toolbox that includes management and monitoring tools and assessment tools. "Assessments for us are a tool that's leveraged heavily at the beginning of a client relationship. And it's used at intervals throughout the term of the relationship to assess where the client is at, to measure progress against infrastructure and management goals, and to prepare for audits," Thordarson said.
Jay Ryersevice president of business development, Digitel Corp.
He added that assessments can also be opportunistic. If his company's consultants find a particular problem, they can use the assessment tool to help correct it, as well. He also said that assessments are part of the due diligence process to assess the client's system to make sure everything is working right.
Partners like Kujawa and Thordarson may have done assessments in the past. If they did, much of it was manual, earlier tools were difficult to use and results were inconsistent, they noted. It's only been more recently, a couple of years or so, that these partners, as well as partners like Jay Ryerse, vice president of business development at Digitel Corp., based in Atlanta, have relied on assessment tools as a have-to-have.
"As we come into new engagements, we use assessment tools to review the network and uncover the unknown," Ryerse said.
But as the tools get more diverse and take a deeper dive into the network, assessments provide more visibility, more consistency and allow his engineers to analyze what's going on very quickly, he added.
These three partners all use assessment tools from RapidFire Tools Inc. The vendor offers several IT assessment modules: network, security, Exchange and SQL Server. Compliance assessment tools include modules for Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).
IT assessment: From free to fee
Many channel partners offered potential customers free assessments as a way of getting a foot in the door and to compete against other partners that also gave them away for free.
Not so much anymore -- at least among those partners that learned the true value of IT assessments.
"The reality is, customers who pay for assessments are serious about doing business with you and customers who pay value the information that you provide more than those who don't," Kujawa said, who added that paying customers are also more likely to buy what you recommend.
Thordarson agreed. "It's a hugely valuable service that's devalued when offered for free," he said. An IT assessment is one of the most important things partners can do for their clients, he said.
Kujawa admitted that his firm is not quite 100% there when it comes to charging for assessments but that's definitely the company's goal. Locknet charges for what he called "robust assessments" while a simpler assessment is free.
So what's the difference between these two levels of assessments?
Both types of assessments require sending someone to the customer site and using a series of tools to assess the environment, meeting with key constituents, and learning about the customer's business and strategy. The more robust version includes monitoring incoming and outgoing traffic for two to four weeks -- rather than getting a snapshot of a moment.
"So the quality of data that we're able to provide to the customer is much more robust and gets into areas not covered by a simpler assessment," he said.
Partner firms charge anywhere from $5,000 to $10,000 or more for assessments, according to Mark Winter, vice president of sales at RapidFire. Price variations usually have to do with the level of information provided to the customer and the amount of analysis done.
Ryerse explained that his company charges at a range of as little as $500 to $100,000 and more for assessment reports. The fee is based on a customer's needs and the time it takes to perform the assessment. Digitel also offers all of the RapidFire assessment modules except the recently launched PCI module, which he expects to add to the company's toolbox.
The partner offers one or more of the modules to customers depending on their needs. So, for example, if Digitel is taking over a healthcare IT environment, the company might first go in and conduct an assessment to build a baseline of the security and HIPAA conditions. If his company is doing a HIPAA, SQL Server or Exchange server assessment, it may run the tools quarterly to get an ongoing position by reviewing and comparing reports to provide the best products for the customer.
"We'll run the tools monthly if a business is in the security space or in financial services where it's very worried about its security position," he said.
A new practice area
From a general business standpoint, partners are expanding their services revenue and are looking to move services into each end of the services lifecycle, according Kevin Rhone, senior consultant and practice lead at analyst firm Enterprise Strategy Group.
"That includes delivering more high-value services such as design, architecture and planning, what the customers are running on their network, their data environment … and assessments are a part of this," he said.
Partners understand the value of assessments for the customer relationship, so it's no surprise that IT assessments have evolved to become a critical tool for many partner firms. Additionally, companies of all sizes are required to have assessments for regulatory purposes -- banks, hospitals, credit unions, mortgage companies, financial services companies, and any company doing credit card transactions is a good candidate for a PCI DSS assessment regardless of size.
Ryerse also pointed out that insurance companies review assessment reports as a condition of issuing a cybersecurity policy. When a policy is renewed a new assessment report is expected.
So, in addition to being used to acquire new customers and onboard new customers, assessments improve customer retention and help identify new projects, according to Winter. But it doesn't stop there.
More recently, partners use assessments to migrate customers to the cloud, to know what they're moving and to know what the new IT environment looks like once it's moved.
"Our MSPs [managed services providers] are also selling risk analysis and are getting paid to create new practice areas," Winter said.
The long-term use of IT assessment data is part of a customer's IT strategy planning and an important part of the sales process at Locknet. "I see it becoming even more important to the point where we will always do assessments with clients. It's where the market is moving," Kujawa said.
It's where partners like Digitel are moving, too. "I expect that one day it will be a full-time practice area for us although it's not a full-time practice now," Ryerse said.
Noloki Healthcare I.T. and Compliance, the healthcare IT, security and compliance division of Alvaka Networks, is just a few years old. "Assessment tools for Noloki become incredibly important," Thordarson said, who noted that security issues as well as compliance and regulatory issues are driving the increase in business.
Assessment is part of the firm's service methodology, he said.
Read more about the value of third-party IT assessments
Learn why charging for value is the key to MSP success