Twenty years ago, the IT channel debated whether it was prudent for value-added resellers to offer managed services. Today, the question is not whether managed services are relevant, but rather what role reactive or break/fix IT services can and should play in the future of IT management.
Business model of reactive IT
The first and most selfish (for the provider) issue to address is whether there is still a viable business model for reactive IT management. I would argue there is not. There are many reasons for companies operating within the IT channel to embrace proactive managed services. Still, there are fewer reasons for why channel companies would continue to deliver reactive IT solutions. While there may have been a time when reactive IT services were needed and actively practiced, those times are over and have yielded to a proactive model of managing IT.
None of the original business and technical reasons for managed services originating in the late 1990s and early 2000s have gone away. The need for recurring revenue, the shift away from capital expenditures in IT and the general momentum towards proactive IT management all point towards greater (not less) adoption of the managed services business model.
To my knowledge, there are no new tech startups with goals of developing a thriving break/fix book of business. All the latest IT services companies I see start with managed services as the cornerstone of their business models. This trend is supported by the end user shift from reactive IT toward proactive managed services as the preferred IT management model. Period.
Both MSPs and clients understand that managed services is the best model (so far) for cost-effective IT management. As the cost of IT procurement goes down (through cloud adoption and migration away from on-premises computing), the long-term management of IT assets becomes the primary business objective.
Last -- and perhaps most persuasive -- is that reactive IT services are inherently not a scalable business model. Reactive IT relies heavily on billable hours and utilization models. Reactive IT is highly manual, requiring little, if any automation or repeatable services that can be delivered to many companies at a time.
IT companies do not begin with the express purpose of building a business that does not have a hope of scaling.
It is worth noting that there are some situations where reactive IT would be accepted. Dealing with the aftermath of a cyberattack would be one such example. However, having a business relationship with an organization where the provider is predominantly offering reactive IT services does not encourage safe IT behavior, and it does not produce any positive outcomes, other than a short-term fix.
From a business model perspective, all the investments and interest from private equity firms are focused exclusively on proactive IT operations and not on reactive and highly manual IT. While practicing reactive IT may be a stage every IT provider goes through, it should not be a stage at which much time is spent.
Break/fix does not address security and privacy issues
Aside from the business model issues, reactive IT has another problem in its inability to address and fix core IT challenges related to data security and privacy. Organizations throughout the world are grappling with how to guard against increasing attacks on their businesses and IT systems. These cyberattacks are on the rise and show no signs of letting up.
As organizations struggle to secure their data, MSPs offer the most compelling and realistic strategy for long-term management of these cyber-risks. Reactive IT providers may offer short-term "cleanup" services, but do not address the core risk issues most companies face in 2020.
Similar to MSPs offering a natural solution for long-term IT management, they also offer a compelling answer to the question of long-term security and privacy of IT assets, including information. Organizations today understand that when a breach happens, they have already lost. Data breach notification requirements, the stigma of public knowledge of a cyberattack and the loss of credibility, all weigh heavily on the minds of CEOs and business owners. These attacks on organizations differ greatly from the outage of an email server or the inability to print; both common problems during the early days of managed services.
Put differently, the IT challenges business owners faced when reactive IT was popular are not the same. Instead, today's IT challenges center around data privacy and security issues not specifically addressed by reactive IT management strategies.
Only managed services (defined as proactive IT management) is capable of addressing and mitigating the common attacks on data occurring everywhere on the planet. MSPs are in the best position to provide meaningful IT management while keeping organizational IT management costs under control. Break/fix IT cannot do this.
Key takeaways for MSPs
- Reactive IT business model is no longer viable or in demand.
- Clients relying on break/fix IT are not addressing core issues with data security and privacy.
- Managed service providers are the best way to address privacy and security.
About the author
Charles Weaver is the CEO and co-founder of the International Association of Managed Service Providers (MSPAlliance). Since its inception in 2000, the organization has grown to more than 30,000 members worldwide. Under Weaver's management, MSPAlliance has expanded its reach and influence to include education, standards of conduct and certifications for managed services professionals and companies. Author of the book The Art of Managed Services, Weaver writes and speaks extensively about the managed services industry.