RFsole - Fotolia
The MSPAlliance has remained staunchly committed to instilling standards of professionalism among MSPs throughout the many surprising changes of the managed IT services industry's more than two-decade-long development.
MSPAlliance CEO Charles Weaver co-founded the association in 2000 at a time when managed services began picking up steam, yet questions lingered about whether the MSP business model had longevity. Over the next 20 years, the organization developed a series of MSP certification and auditing programs, business consulting services and insurance offerings, while amassing roughly 30,000 members internationally. Additionally, it established annual MSPWorld conferences as a networking and educational hub for the MSP community.
MSPAlliance's certifications programs include MSP/Cloud Verify, which audits firms against best industry practices, according to Weaver. In October 2019, MSPAlliance expanded its Verify programs to include Cyber Verify, in which outsourced service providers can earn one of three levels of cybersecurity ratings, ranging from A to AAA. MSPs can use their Cyber Verify rating to show clients that their cybersecurity practices have been audited and approved by an independent examiner.
The majority of MSPAlliance members represent companies that provide managed services as a prominent piece of their mix of customer offerings. For example, a firm's business may consist of 50% managed services and 50% consulting or virtual CIO services. Weaver noted that some members also come from the MSP software market, which sells tools such as remote monitoring and management to MSPs.
Editor's note: The following interview has been condensed and edited for length and clarity. The interview took place prior to MSPWorld 2020 rescheduling its March conference in response the coronavirus outbreak. MSPWorld 2020 is now scheduled for Sept. 30 to Oct. 2 in New Orleans.
What was the inspiration for the MSPWorld events?
Charles Weaver: We held the first event back in 2002. It was an MSP CEO leadership event of about 25 MSP CEOs. We got together in Berkeley, California. That was really the start of the idea that we could and should be doing events to get the MSPs together and networking. We have always had this model of trying to move the MSP community into a more professional mindset. We wanted to be the A.D.A., the Bar Association or the American Medical Association for MSPs. That's always been our angle, trying to [provide] programs that would put MSPs in control of their own destiny, but also have, in an unregulated area, more self-governance and standards of behavior.
How did the Verify programs evolve?
Weaver: From about 2000 to 2004, we were just trying to fight for awareness and for some amount of legitimacy. In 2002, I remember a fairly well-known analyst firm said to me, 'Don't you think managed services are going to go away? Aren't you concerned about that? Because we certainly think that 'MSP' is going to be a flash in the pan. It's going to go into other areas like business process outsourcing or just general outsourcing of all types.' I remember that was the mentality. The hardware vendors were very much, I would say, anti-MSP at that time. So, we were fighting a lot of those political channel battles.
But it wasn't until 2004 that we said we want to get into the business model of making a standard [for MSPs]. That's when [the Verify programs] started.
The Verify programs represent the majority of what we spend our time doing today. Verify is really a program that has evolved and is now starting to really explode in a good way, because of the focus on security, cyber hygiene, preventing attacks on customers and preventing attacks on MSPs themselves. All this is moving toward MSP Verify becoming a very effective tool to help MSPs communicate that they are doing what they should be doing for their customers.
How do the Verify programs examine an MSP?
Charles WeaverCEO and co-founder, MSPAlliance
Weaver: We look for a lot. We're looking for: How is the organization run? How does the organization make decisions? How does the MSP handle security? Is the MSP efficient? Are they doing all the things they should be doing based on decades of best practices in the MSP space -- like the correlation of [help desk] tickets and being able to efficiently automate routine maintenance, things that the MSP does for the customers all the time? We look at financial [and] corporate health. Are they using the right insurance to protect themselves and their customers? It's a very long list. It's a process that is very involved, but it makes the MSPs a lot better at what they do when they go through it.
Where does the Cyber Risk Rating system stand today?
Weaver: Since we launched [it], I think we've issued somewhere around 50 or 60 Cyber Verify ratings to date globally. We are running a workshop at MSPWorld. So, you can tell we're already moving like gangbusters to scale this and to try to keep up with demand.
Are there any ideas or themes that you're looking to underscore at MSPWorld 2020?
Weaver: It's going to have security themes. We've certainly seen some new breaches or attacks on MSPs. I think that you're going to see a heightened awareness amongst the attendees about taking security a lot more seriously. To me, that's evidenced by the fact that so many companies have already signed up [for] that Cyber Verify workshop. It tells me they're concerned about it. It tells you that they are now thinking about it.
We're going to have some pretty big MSPs, as well as smaller MSPs, in the audience. We're going to have an end user who is going to talk about how they outsource and what things they're concerned about giving their end-user perspective.
We're getting a lot more involved with some of the state law enforcement agencies, who are now interactingand communicating with the MSPAlliance and its members. You're going to hear a lot more about that at the conference.
In part two of this interview, Weaver discusses cybersecurity and emerging opportunities and challenges in the managed services industry.