Dave Sobel is the host of the podcast "The Business of Tech" and co-host of the podcast "Killing IT." In addition, he wrote Virtualization: Defined. Sobel is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business.
This week, Sobel answers a user-submitted question around how MSPs can address the challenge of mapping various technologies from myriad vendors to ensure their clients have everything they need.
Transcript follows below
This week, a question from a Patreon supporter: How to best play "MSP Tetris?" Aka, how do you get vendors to understand how all of their tools fit together?
The challenge is trying to understand how all these potential tools will interact and avoid overlap. The Patreon supporter found other vendors struggle when asked how their product fits with others in a comprehensive security stack. They focus on what they do, but not in context.
The Patreon supporter ended up mapping all of their current solutions to the NIST Cybersecurity Framework and that provided clarity to spot gaps, but was a lot of work to put together. If vendors helped to map their solutions to NIST CSF at the outset, it would make the assessment of solutions much, much easier.
So, how do we map these tools, and can we get vendors to contribute to that work? I'm going to actually give you four answers. What a bargain!
Four methods for mapping tools
My first impulse after years of being a vendor is to say that this is actually your opportunity. Most of these vendors simply will never do what you're asking for, and so this is the value you bring to customers. It's even on the tin, right? If you're a "Solution Provider," your value is in building the solution.
If you're an interior designer, you're the one who thinks about couches, chairs, art and you bring them all together to make a coherent whole. You don't ask the couch designer how their couch fits in with the paint, or how the bookcase manufacturer should work with the drywall company.
So, don't devalue yourself in the equation by having the vendors be the answer. They aren't, and your skill and expertise in combining technical solutions, particularly in new and inventive ways, is tremendous value. More evidence of that -- there is a reason that vendors buy up other vendors to fit into their portfolio. A key reason is that combining solutions does unlock more value.
Of course, inherent in that last statement is the fact that technology has integration points that an interior designer doesn't have to think about. Technology does have to work together, much like Lego bricks connecting and combining. Defining those edges is important.
That's where we get into more than one answer territory.
I asked Joy Beland, who has spent the last three years working on frameworks for the MSP community on the vendor side after also owning a provider, her take on vendors coming together:
Joy Beland: "I do think that the vendor community is going to do very well in assisting to MSPs to build out their solutions stack. Now, I say that with a caveat. The vendor community, um, really consists of different levels of vendors with different interests as in any industry, right? So, the vendors that are aligning with other vendors partnering and specifically even with direct competitors to make sure that the best practices, the guidance that they bring to the MSPs is vendor agnostic, is the most practical and is not just with the bias of we want to sell you something. Those are the vendors to watch and to really align with. And there's a lot of great ones out there.
"The second thing I wanted to say about this subject though is to encourage the MSPs to partner with their own peer groups and user groups in their communities because looking to the MSPs already successfully selling cybersecurity, finding out why did they choose the solutions that they chose, but goes into the pricing, the implementation, the ongoing resources needed to support that solution. All of these are really important solutions that they can be asking of their own peers who are doing it right."
She's right -- vendors that add value by coming together and remove themselves from the equation are the ones who are thinking the way you are. They're thinking about how their solutions fit together. Her lens is a solid evaluation criteria, too.
Don't go it alone -- get vendors to provide some guidance
My last two answers are already embedded in your question. You asked, "How to get vendors to understand how all of their tools fit together?"
I didn't include the second half of Joy's answer in which she points to how MSPs can look to one another for that experience, specifically in peer groups. She's right, and that's how most providers do find their answers.
Just like the discussions we've had on regulation (and see my video on that if you haven't watched it), providers have a lot more power than they might think. If you are a provider who brings together solutions, delivered from vendors and often through distribution, you are the end point. In the historical view, you used to just be the retail point for the transaction. That's no longer the case, as you are delivering the solution under your brand, and so you are the face of the relationship, and you own the last mile.
So, leverage your position. If you want vendors to jump through a hoop to win your business, make them. Beland is right about peer groups, and I'd add that instead of talking about leveraging these communities. Your trade associations, your distributor, your peer groups -- you can insist these vendors start providing this level of guidance.
If the community demands they map to a framework, and I'm thinking in the U.S. specifically around the NIST Cybersecurity Framework, but this would apply to any market, vendors can stand out and gain some competitive advantage right now by specifically citing which portions of the framework they map to and making that very apparent. Think of it like the "works with" logos on consumer products.
But most boldly, and my fourth answer, the community could do this work on its own. Consider an open source approach. Pulling together publicly is quite powerful. The question includes that the organization did the work to map to the NIST CSF -- if you released that to the community, you could start collaborating on the implementation.
If you're worried about "giving away" your secret sauce or intellectual property, think of open source. The value is in the ability to execute, not in simply having the intellectual property. I bet if we gave all of your work out to every competitor, most couldn't execute.
By your own admission, this is a ton of work, and maintaining it will be even more work over time. Instead, create an open source-style project, allowing contributors, and spread the workload. You know there are a number of similar providers in the same realm, and I suspect the vendor community would want to make sure they are represented right, so they would contribute as well.
This last idea pulls it all together in a "best of all worlds" situation.
This is why I'm also not a fan of frameworks created strictly by a single vendor, like ConnectWise's MSP+ Cybersecurity Framework. I highly respect the people who put it together. I just know that a vendor can't own this, because that isn't how standards are created. No single vendor owning something creates a standard, as no vendor is motivated to work with it, and the work is kept locked away in a single vendor.
First movers here are going to win and have significant influence. There are even several associations that might be perfect for this effort, including CompTIA or MSPAlliance. CompTIA communities could easily be a forum for this work and make this a deliverable created and managed by members. This is typically what associations do.
To recap how to map your MSP solution stack
First, this is your job. Assembling the parts is the value you bring, so consider how much you want vendors to do that for you. Don't be dismissive of that. Second, vendors already do this loosely, so leverage that, and those that invest here to make it clearer will stand out.
Third, if you want vendors to be more transparent about their mapping to the NIST framework, demand it, and organize your colleagues to do that. Finally, for a really bold innovation, make your effort open source. Lead the change.
You asked for an answer, you got four, and one of them is market changing. I look forward to your continued success. Tell us all about it.
About the author
Dave Sobel is the host of the podcast "The Business of Tech," co-host of the podcast "Killing IT" and authored the book Virtualization: Defined. Sobel is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business. He owned and operated an IT solution provider and MSP for more than a decade, and has worked for vendors such as Level Platforms, GFI, LOGICnow and SolarWinds, leading community, event, marketing, and product strategies, as well as M&A activities. Sobel has received multiple industry recognitions, including CRN Channel Chief, CRN UK A-List, Channel Futures Circle of Excellence winner, Channel Pro's 20/20 Visionaries and MSPmentor 250.