We’re nearing the end of 2023, but some MSPs still treat their business like it’s 2013—reluctant to adopt software-as-a-service (SaaS), cybersecurity practices and automated processes that can help both them and their customers.
It’s a problem that puts MSPs at risk of falling behind, according to Kevin O’Loughlin, CEO of Nostra, an Ireland-based MSP and member of the CompTIA board of directors. Now’s the time to immerse yourself in the latest tech solutions, business models and customer demands to prepare your business for long-term success, O’Loughlin said during a session at ChannelCon 2023 called The Future of MSPs.
“We get brought into conversations that 10 years ago we were not part of. Some basic quick wins can be had around automation. There are a lot of things that MSPs can run to be more efficient, like automated invoices. Lots of MSPs don’t offer that to customers. We did a straw poll and found that more than 50% of end users didn’t even know that invoice automation was a possibility. MSPs have to get more involved in their clients’ business.”
Five Trends Impacting the Market
O’Loughlin detailed several trends that MSPs should be aware of—and responding to:
- Expected 10% CAGR for MSPs through 2025
- Complexity of IT environments
- Cybersecurity and compliance
- Shift toward cloud reducing reliance on internal IT
- Increased reliance on tech to drive operations
“IT environments are changing. In an internal IT office, most companies have complicated networks, they need lots of security and technical solutions in place. They are moving away from legacy applications, accounting, enterprise resource planning (ERP) and everything is delivered as a SaaS solution,” O’Loughlin said. “We have 300 employees and we have zero physical servers. More customers are moving to that model. When you have that model, all you require is an internet connection. As businesses shift to more tech, an MSP’s role becomes more critical.”
Customers Expect More from MSPs
It’s quite possible that an MSP’s current role with customers could be completely changed or replaced over the next five years as new services and solutions allow MSPs to do more and get closer to customers—especially around cybersecurity, O’Loughlin said.
“Lots of MSPs tell me they have cybersecurity, but when I dig into it, it’s things like patching services, not real cybersecurity,” he said.
With a string of high-profile breaches and other cyber incidents involving MSPs, O’Loughlin noted that MSPs are increasingly being blamed for things that they had no culpability for. In part, it’s because MSPs may not be adequately outlining responsibilities and liabilities with customers.
“There’s a big gap between the MSP and the customer around presumptions. When things go wrong, one thing customers want is a single person to point to. As we look into the future, the customer no longer cares who their supplier is. ‘My internet connection has gone down. I don’t want to know if it’s the internet provider, the firewall or the MSP. I just want my internet back,’” O’Loughlin said. “They don’t want multiple providers either. MSPs have to widen their skill set. You have to have a wider skill set to win in the future market. And not having a security practice won’t win going forward.”
In some cases, mergers or acquisitions (M&A) of operations that are not core to your current offerings could be a good strategy, O’Loughlin said. “It will be very hard to be a traditional MSP and scale into security. We acquired a pure security business and the leader stayed on. He’s effectively the CEO of our security decision. Running an MSP without a security practice is risky. And if you’re not looking at SaaS applications, you’re at a real challenge too.”
Potential M&A targets could include communications providers, security companies or SaaS specialists. “There’s a lot of work in it, but you have to stay active in the market. If you do nothing, your client base will erode,” O’Loughlin said. “In Ireland, we had a telecom buy an MSP and they started hammering our customers that had internet connections. We did a huge amount to defend against that. If we didn’t have something in play, absolutely we would have been at risk.”