Speaker 1: Welcome to the JMARK Business Innovation Technology Experience.
Todd: Hello, and welcome, everybody, for another episode. Today we have the special, talented Howard Trumbull from JMARK today along with myself, Dax and Kristina. And we’re excited to be talking about the crazy and subtle red flags that you can look out for when choosing a managed services provider. So this is a interesting topic, because it’s a tough decision when choosing a managed services provider. You are handing over the keys to your kingdom. The network infrastructure, the data on your network, the security, the productivity of your users is all driven through technology now. And giving over the reins to the wrong provider can be detrimental in so many different ways to your organization. Or it could be successful and profitable and awesome in so many different ways. And so that’s what we’re going to talk about today, and Howard has a lot of experience in the managed services industry. Howard, why don’t you get us started with … What are some of the top things in your mind that people need to watch out for? And why is it important that they actually take the time to do some due diligence, and what does that look like?
Howard Trumbull: Yeah, Todd. No, you brought up some excellent points there to start off with, the synergies that can be created with a good MSP versus what can be taken away from your organization by simply choosing a provider that can’t help you, creates the downtime, creates the problems, doesn’t support the applications or the technology that your company is built around. It would be massive. It would be akin to throwing out whatever it is that you’re doing today. You’re looking at your laptop there. You’re looking at your application suite. Whatever it is, whether it’s Microsoft base or Google based, throw it away, just stop using it. Or if you partner with the right technology provider, all of that works all of the time. That’s a massive difference. That’s night and day. So partnering with the right MSP is akin to having everything work all of the time. We know technology is not perfect. There’s going to be bugs. There’s going to be reasons for downtime, whether it’s internet based or application conflict based, whatever it is. A good MSP is going to be ahead of the curve. That is the difference of reactive IT and proactive IT. When you’re paying for an MSP, you’re paying for that proactivity. That’s where it’s at.
So whenever you’re looking at a MSP, a good set of questions would be, what do you do to be proactive? Are your engineers looking at the Microsoft documents that are coming out in the next week? Are they looking at the patches that are coming out next week? Do you guys have the delay on patching us versus what’s out there in the real world? A lot of real things there, and that’s just one layer. That’s just around the operating system layer, let alone the network layer where you have your firewalls or your network equipment, the application layers, where you’re actually doing the work. We’re all here. Our computers serve a purpose. We’re not here to have computers. They need to do something. They need to do the work. That Excel doesn’t exist for the sake of Excel. You need it, because it’s doing a lot of math for you. It’s tracking your inventory. it’s tracking your employees. Whatever it is, it needs to be available, and it needs to be right.
Todd: I think you touched on something really important there that people need to really understand. And I think we need to give some sample questions and help people understand, because this idea of automation and this idea of patches is extremely critical. I mean just yesterday, today, whenever you’re listening to this, but this is pretty much every month, there were 102 vulnerabilities released from or patched from Microsoft. It’s a massive number, and that’s happening on an ongoing basis. When you’re looking at an MSP, you need to ask questions like, can you show me your current patch status across the client base? Can you show me how many automated scripts you ran last month or in the last year to fix something or to prevent something from happening? Show me the number of alerts that you have collected and taken action on, whether automated or manual from your clients. Because it’s easy to say, “Do you do patch management?”
Everybody is going to say, “Yeah.” Well no, patch management is, and patch management, I mean they’re a beast and a half. I mean there is Windows patch management. There is Adobe applications. There’s Oracle. There’s Java. There’s all these different things that are massive security threats, and a lot of companies, MSPs are failing miserably at it. We go in and do network assessments, and that is the biggest thing we often find, is a just mass of vulnerabilities, because simply they’re not doing their patches right. And so understanding that, and we always talk about this when we’re getting ready for these, about we’re not trying to be rah, rah JMARK, because we want people to understand the base of what we’re talking about. But for comparison, on the patch management, on the automation, JMARK runs millions, literally millions of scripts across our client base, millions of monitoring sets that send us alerts across our clients. And these are happening all the time.
And so obviously those numbers are going to change depending on the number of devices that an MSP handles, but the point is that you should be surprised when you hear the number. It shouldn’t be like there’s a few hundred or a few. But anyways, I just wanted to make sure that we give some really specific questions to ask, because that is one of the biggest risks to our organizations in terms of handing over the reins.
Howard Trumbull: I completely agree. The numbers, like you said, it’s hard to understate them. You look at the number of machines that a network might have, a network might have 10, 100, whatever machines. All of those 24/7, 365 have different updates that are coming to them, whether it’s operating system level, whether it’s application level, whether it’s security, whether it’s feature. It is constantly being bombarded with change. Whatever that change is, those machines are being bombarded with it. Someone has to manage that. It can’t just happen accidentally. Accidental updates lead to downtime. Whenever you get a Microsoft patch that comes into your OS in the middle of the day, you’ll notice it. It’s doing you a favor, because it’s securing your machine, but your Microsoft suite might’ve stopped working. Your Java application might stop working. Your browser experience might stop working until you do a reboot or until you restart that application. And how do you know the difference? There’s no magic wand that any of us can wave, that’s going to tell us that this is on purpose or that this isn’t a problem. So for a good MSP, staggering or staging those actual updates is key. It’s key to the success of those updates being taken into the machine safely and not creating downtime.
Dax: Yeah, I think it’s important. People don’t stop and ask MSPs about their processes, about what they have set up in order to make these things happen. And like you’re pointing out, Howard, these things don’t just happen by magic. They happen through planning and through setting up these processes so that they can happen, they can happen at the right time, and that they can happen continually so that the client is protected. And we’re not just talking. I mean we are talking now, right now specifically about patching and everything. But it’s across the board. I mean processes for all of the things that the MSP is going to do in every aspect from security to onboarding to dealing with service calls, all of these things. I think that’s another very important question to ask, is to delve into the processes and find out what kind of planning and systems that the MSP has put together to make sure that the service can happen in whatever aspect we’re talking about.
Howard Trumbull: Absolutely, and that brings us to another point. Does that MSP have a preferred or supported technology stack? I don’t care who you are. You can’t update and manage every device. There’s too many of them. There are organizations out there that make a version of the device that you like. There’s a different one. There’s a blue one. There’s a white one. There’s a great one. It doesn’t matter. There is going to be a different version for a different reason, whether it’s price point or features or whatever it is. And we can’t know them all. It’s impossible for a technician to know every single product all of the time in every revision. So another good question for your MSP is, do you have a preferred technology stack that you support? And does that facilitate the technology that my company is using?
Todd: It’s often not even about a preferred technology stack. It’s often just, do you even have one? I have not seen, I’ve seen very, very few MSPs who actually have a product catalog, who have a stack of solutions and are actively working that catalog. And it’s a maturity thing. When you’re asking questions about the maturity of the organization, or you want to ask questions about the maturity of the organization, that’s kind of one of them. What Dax touched upon on explain some of your processes, how do you train your technicians on my network? How do you do due diligence on my network and learn everything? How does that information get cross trained across the organization. What does your product catalog look like? As my company grows, are there things that are going to change? And how do you handle that? And it’s really easy to see when someone is kind of BSing you. But then again, nevermind.
And so you just got to be careful and watch out for these things, because you want someone that is with you, guiding you, helping you and mature to get to that next level. I also think along this line, we’re touching upon this topic of the not only maturity but the expertise of the organization, the expertise of individuals within the organization. Because who’s responsible for patch management? Is it a team? Is it just a free run across all the technicians? Are there certain people held accountable for it? What is the process that your team gets trained? What are the certifications that you hold as an organization? What are the certifications that your individual technicians hold? How are you constantly increasing that expertise?
We talk about all these things with patch management and processes and training and all these different things, product catalog and stack. Who is responsible for them all? And are they set up for success? And those are the kind of things that help you really understand the maturity of the organization.
Kristina: Yeah, I feel like we have talked a lot about questions that you should ask when you’re vetting and deciding if you’re going to go with an MSP. I think it’s important to note that you should also be paying attention if they’re asking you questions and the right questions, asking about your company, your company goals. How do you want this partnership to go? I think that’s just as important as all the questions that you’re asking them.
Todd: That’s so true. It’s such a tough decision, and I think that it’s such a hard decision that a lot of people just don’t ask the questions. They get a referral from somebody, or they hear something that sounds good to them. They connect on a relationship level with the salesperson or somebody, CEO of a business. And they don’t take the time to really ask those questions of all these different things. And when your MSP is the one asking the questions, that’s a sign to you that they are mature. You may not qualify for them. [crosstalk].
Kristina: Yeah, you want them to be vetting you just as much as you’re going to vet. It should go both ways. Or if it’s not, it might be a sign that they’re just kind of hungry for any business they can get, which is [crosstalk].
Todd: Right, absolutely.
Howard Trumbull: Absolutely, and that’s one of the biggest red flags, if there are going to be red flags, is that MSP that says, “We’ll do it,” a blanket statement, “We’ll do it.” Well you’ll do what? “We’ll take care of it.” Well there are a lot of different things on my network, and there are applications. Are you prepared to take care of my database? Are you prepared to take care of my line of business? Do you even have partnerships with my vendor? It’s critical to get those partnerships in order to get that support. So SLA, the service level agreement, if you don’t have a good SLA with that vendor, it might be days before they get back to you. And that’s days of downtime that you may incur, because they don’t have the partnership in place.
Todd: Yeah, I think that’s important, because going back to what Kristina and you said, Howard, a lot of MSPs are going in and especially right now, where there’s a hunger with COVID, because a lot of people are holding the purse strings pretty tight, is they’re making it into a budget decision instead of a strategic decision. And making sure that your MSP understands your technology, takes the time to get to know your network, so that they know what they’re getting into, ask questions about all the different applications you use and how you set things up and everything, and to make sure that there’s people on staff that can actually take care of those things. Also on that same line, I think it’s a good quality when, in the right situation, when an MSP goes, “That’s a great technology, but the problem is X, Y and Z. As you grow, as you spread out, as you do this, blah, blah, blah, that application or that technology is not going to serve you. We ought to make a plan to move you to a different technology in the coming year,” or whatever it is. So there’s a lot that can be said for that.
Howard Trumbull: Absolutely. How many small businesses started with MS Access? It’s a small, little database. It’s easy to develop on and make your little line of business. So then your little business can grow into a larger business. Well, except whenever it becomes a liability, because you can’t get the backups. You can’t get the uptime. You can’t get the feature set. You need to be partnered with a company that can tell you, “Hey, listen, there are better ways of doing this,” and help you move into it. They give you that confidence to scale up or scale out, depending on what you need to do. They need to know the difference. That little company that told you, “We’ll take care of it,” they’ll probably take care of your little application forever, regardless of if it’s being good to your business or not, regardless to whether it’s creating liability or not. They’ll take care of it. Sometimes that’s not the right answer.
Dax: Yeah, there’s a couple of things that, Howard and Todd, you both kind of touched on and merged together, which is you mentioned, Todd, the MSP making a plan with the business for making these changes and being able to say, “Look, we can help you plan this out and make these changes. We can help you prioritize. We can help you decide what needs to be done, decide the right timeline.” And like you were talking about, Howard, that this works into an MSP that’s going to help your business strategically. We talked a lot about the technology side and that type of thing, but are they also coming at it from a business angle, from helping you make the right strategic decisions with your technology and make the plans in order to continue to grow, to move past? These are the applications we’re using now and into the next phase as you grow. And if they have people set up that can help you look at that side of things …
Kristina: Yeah, I would say too, to get a little bit away from all the techy stuff, a very important thing that you should look at it, do they have a bunch of testimonials from happy clients? And if they don’t, I think that’s a big red flag.
Dax: I would also say, as one who has collected a lot of testimonials over the years and put them into marketing materials and stuff, look at the testimonials, and look at what they say. They might have a lot of testimonials, but if those testimonials are all this company is great, and they’re very generalized and vague, that to me is a sign that I want to know specifics about anything. If I’m going out for Mexican food, I want to know the testimonials about the tacos, because that’s what I’m going to order. I want to know that they are good at the things that they say they’re good at and not just good in a general sense.
Todd: Yeah, I think it’s a crazy world out there in terms of testimonials. And the FDA has come down on various things regarding that, but one of the things that we do at JMARK is we have a C-sat that goes out, a customer satisfaction survey that goes out after every ticket. And through that ticket, we collect just thousands of testimonials. And they’re very specific. So and so did a great job doing blah, blah, blah. So and so did this. Or they talk about different technology and things like that. The IT company that you’re going with should have plenty to choose from. And hopefully, but not always, they should be in your industry, from companies that are in your industry.
Kristina: Yeah, I think something else to consider is if they have a large turnover rate within their own company. Because you don’t want to call in and get someone different every single time. It would be better if you talked to the same helpful of people who are familiar with your network.
Howard Trumbull: And a large turnover rate is tough. It takes time for an engineer to get familiar with your particular network. They get familiar with your business. They get familiar with your long term. The strategy on a business is real. Just because there are challenges in the summer does not mean that you’ll have those same challenges in the winter. And if you need to retrain people constantly because of a high turnover rate or because you’re not putting the right level of technician on the problems, it’s huge. It’s going to create downtimes. It’s going to create confusion. Todd touched on the C-sat, the customer satisfaction score. You’re going to have a poor satisfaction. You’re going to have a poor experience for that end user. They may not get the applications that they need. They may not get the email access that they need. The calendars may not work the way they want. We’re talking about very specific tasks for their work, but that all adds up to a unproductive employee. And that’s costs the business money. It’s a secret cost of the poor IT experience. You may look at the cost of one MSP versus another, and you say, “Wow, that MSP costs more.” Well try to measure that in downtime. Try to measure that in unproductive employees. It gets huge.
Todd: And I think that goes into questions for people to ask, is where do you store the knowledge? Is the knowledge secured? Because at JMARK, we have people moving around all the time. And it’s not so much, though, that people call in and get different people, but it’s just enough that we have to have good processes to make sure that, if so and so takes a very specific issue for a client, that fix is documented so that next time somebody else has that same issue at the same client or a different client, they can quickly go and see how the issue was resolved. And so it’s not always just about making sure you have the same people over and over again but that you have a system and processes in place to make sure that the network is documented. It’s not like every time they call in, they get 20 questions of, “Who are you? Who are you with? What software are you using? What version is your computer? What this, that?” All of this needs to be documented so that the technician is knowledgeable and can quickly take care of the issue without having to worry about if there’s turnover or a different person handling the issue.
Dax: Yeah, I think that kind of leads into another huge aspect for me, which is training. Training, and you touched on, which I think is also a training aspect, Todd, keeping track of these processes and keeping track of the knowledge and being able to impart that knowledge to the right people within the organization across the board. So like you said, that solutions can be implemented on another team for another business when it’s already been figured out but also training, because technology is constantly always changing. And so not just, I mean very much for the purpose of certifications but also just knowledge. Does your MSP have a system set up to make sure that their engineers and technicians are constantly updating their knowledge base and constantly, continually remaining subject matter experts in their fields and in their part of technology so that the MSP itself isn’t falling behind.
Howard Trumbull: Totally, and one of the things I would ask is, and I would just come out and say it just absolutely open, say, “Hey, does your MSP, does your organization have a culture of lifetime learning?” It’s easy to rest on the laurels of all the technology, but it changes every day. Technology is fast paced. I can’t imagine anything faster than the speed of technology these days. Basically you have technology that was good, and it was great yesterday. And there’s going to be a change to it tomorrow, and you need to be ready for that change. Are you going to cross train? Are you going to read whitepapers? Do you have an in-house trainer that’s going to take that, boil it down and then disseminate it, work with your vendors to get the important changes that your engineers need to know? If you don’t have a plan for that, or if they look at you blankly like they can Google it or something, red flag, run away.
Todd: Great stuff. I also want to mention, all of this stuff we’re talking about, it didn’t occur to me until a minute ago, when I was reading the comments on the Facebook Live and Robert, who was talking about how he’s talked to a lot of prospects and that they’ve mentioned that the customer experience was so bad that they won’t outsource again. They don’t trust the industry, and it kind of taints the industry. And all this stuff we’ve been talking about is kind of around this idea of customer experience. And in response to that, I want to kind of point the finger where it’s due. And that is back at the business owner. And it’s really important that, and that’s why we’re having this presentation, is it’s really important that business owners or whoever is responsible for making this decision does the due diligence to make sure they don’t have a bad experience. If they had a bad experience, that’s not an indication that the whole industry is broken. That’s an indication that you made a bad choice. You didn’t do enough due diligence on the company you hired to make sure that and guarantee that you had a great experience.
We had another episode where we talked about guaranteed outcomes. When you sign an agreement with an MSP, you are essentially signing guaranteed outcomes that you are getting from that MSP. Howard mentioned SLAs. SLAs often are taken, they’re often just kind of brushed aside. They’re viewed in an agreement, and they’re often just kind of brushed aside. No one is really looking at … Did we hit it? Did we not hit it? Is this taking too long? Are we hitting this SLA? And it’s that kind of thing in agreements where the business owner needs to realize, sure, I’m partnering with somebody, and I’m handing over the reigns. But at the same time, I should be getting an outcome. There is a guaranteed outcome that I should be getting, and that is a great customer experience, increased productivity, increased understanding of technology. And it could ricochet into many other areas of profitability and production and different things. But going back to that, if somebody has had a bad experience, and then get over it and move on, because it’s not like that everywhere.
Dax: Yeah, I think there are a couple things that you mentioned, the first one again coming back to the SLAs and the guaranteed outcomes, that’s another thing. Make sure that the MSP that you’re talking to is measuring their own performance. Why are these the SLAs? Why are these the service levels that they are putting forward in the agreement? How do they know that they can meet these levels? What are they tracking in themselves to make sure that they can do what they say they’re going to do and deliver to you what they’re promising when you’re meeting with them? And the other part is also you started talking at the very beginning of what you said, Todd, about customer experience. And find out about what customer experience and what customer service means to them. Find out about their dedication, not just on an executive-to-executive level when you’re first meeting with them but what it means for them to serve your end users and take care of the people down in the trenches doing the work for you and their workstations and the technology that actually runs your business.
Kristina: I think another time not to choose an MSP too is if they’re the cheapest one that you’ve found. Which some people might want to go for that, but I think if we’re talking technology in your network, which is a huge part of running your business, it’s not something you want to go cheap on.
Todd: Kristina, you opened up a can of worms now. No, that’s a great comment. We’ve talked many times. JMARK is not the cheapest guy on the block, and we don’t say that to put us in some bucket. But we know where we’re at, because that’s where we’re at. We know what it takes to be profitable. We know what it takes to make our clients be successful. And it’s a shame that people often don’t recognize the value out of increased cost. And I’m not saying increased cost for the sake of increased cost but truly what you’re getting. And when you look at an agreement, or you’re looking at multiple agreements for MSPs, and you’re comparing monitoring, monitoring, firewall management, firewall management and this and this and this and this and this, you have to really look at those things and understand. Are they the same? They’re using the same words, but they’re not using the same … The meanings aren’t the same. And the same thing goes with SLAs and different things. And Dax, you were talking about this earlier with the strategy. We talked about how internally we have to have this strategy to make sure technicians are, knowledge is transferred.
But what does the strategy to make sure knowledge is transferred up to the business? Are they strategically meeting with you and helping you make decisions, helping you make a budget, helping you to know what is ahead, helping you to see the warning signs in the economy or your industry or whatnot? And I think one of the best discussions I had on this, we were talking with Jeff Shore at BRS CPAs. And he was talking about how there was this big … the value versus the cost. And you can’t just look at the cost, because you essentially get what you pay for. And when you hire the right IT at the right cost, not necessarily the highest cost but the right cost for your organization, you are getting so much more. And the value just maximizes over and over again with increased productivity. How much increased productivity actually work? How much is increased profit worth? How much is being able to provide better customer service to your clients and customers, because your technology works? All these things go into the perceived value of technology. And anyways, I could go on forever on this topic.
Howard Trumbull: Yeah, Kristina definitely opened up a can of worms with that word, cheap. So I’m sure everybody is familiar with the engineering triangle, if not by name, by the three words that it encompasses. You have good, fast and cheap. Pick two, pick two. You can’t pick all three. So if you pick something that’s cheap, it’s going to either be good, or it’s going to be fast. It’s not going to be both. You’re either going to get somebody immediately responding to you that’s not going to know what they’re doing or how to support you, or you may get somebody good, but it’s going to take a day. And you’re just going to be out that time. Or they may be priced correctly, and you may get the right person, and they may not be as expedient as you’d like. Those are real limitations in the real world. And as the business owner, you need to find the right balance. You need to find the right fit. And Todd touched on it earlier. Just because you had a bad experience with one IT provider doesn’t mean you’re going to have this same experience with another. It’s entirely possible that that was a good MSP. But it was the wrong fit for your organization.
There are target client profiles out there, and there are MSPs that are better for small companies. There are MSPs that are good for ginormous companies. There are some really, incredibly large enterprise software vendors out there. We’re talking about where you’re supporting tens of thousands of end points or tens of thousands of users. And they’re going to be geared better for there. They’re not going to be able to help the SMB that has three employees and barely can afford one firewall. It’s not the same class. Verticals enter into this. There are MSPs that are going to be excellent at supporting ocean-side marinas. Their technology is going to be towards renting surfboards or checking in boats. It’s not going to be the same as an MSP that manages manufacturing software or enterprise retail software. They’re totally different beasts. That’s not to say that there’s not one MSP that can do both. It’s possible that they have a culture that can foster that kind of cross training or engineering challenges or can create room and focus for those technologies. But that’s going to be a unicorn. That’s going to be a company that is focused on the lifetime learning, on the scaling up of their resources and not just … Hey, we’ve done it this way for 20 years, and that’s all we know.
Todd: Two things, I think, that I want to add to what both of you just said, is one is that is a great comment about the expertise and the fit with an organization. JMARK, we have various service teams that specifically service certain types of organization. We have a banking team. We have a healthcare team. But what’s so beautiful about our structure is that there are technologies, and there are vulnerabilities, and there are issues that happen within the banking industry that only happen in the banking industry. I’m sorry, they generally only happen in the banking industry. But those vulnerabilities easily crossover into other industries. So we can learn about a certain type of configuration that secures things better. We can learn about how to prevent some certain vulnerability in the banking industry or healthcare industry or hospitality industry or whatever it is. But then that gets transferred to, that knowledge transfer gets migrated to the other teams and to our automation technology so that we can apply that fix across the entire client base.
So this is one of the hardest things, I think, with choosing an MSP, is you have these MSPs that are very specific. They only do banking, or they only do chiropractors or something. I’ve seen them all. And the good thing about it is, yes, they are getting that very specific expertise, and they understand the knowledge, or they understand the technology and the software in your industry, but they also have these blinders on. They’re blinded by what is happening in that industry, because they don’t have the greater knowledge transfer from what’s happening in other industries. And I think that’s really important to understand. And it may take a lot of questions to really understand. Is the company that you’re looking at going to be the right fit? Do they have the right balance of expertise in my industry and right balance of expertise in other industries? And before I go on with the second point, go ahead, Howard.
Howard Trumbull: Yeah, Todd, you brought up an excellent point there, those blinders so white shoes and MSP over in-house IT. What are some of those decisions that take you over to saying, “I need an MSP. I need a bigger roster. I need a deeper …” I was just trying to think of the baseball analogy for it, a deeper batter’s box. You need more people. You need more eyes on a problem. And in-house IT, it’s often very difficult to get them out of the blinders, because they’re a email guy. They’re a firewall person or whatever it is. They’re not going to be in their comfort zone. They’re not going to be within their expertise looking at something that’s outside of their expertise. MSPs have the same challenges. If you don’t have one that’s committed to that cross training, if you don’t have one that’s committed to that lifetime learning, you’re going to have a couple of guys that know a particular type of software. Like you said, there’re MSPs that focus on certain things. There are ones that only do certain enterprise like Microsoft Dynamic. That’s all they do. They only support this one tool. Well great, I love this Microsoft suite, but I don’t use Dynamics. I actually use SAP.
Yeah, well the worst one would be if they said, “I’ll do it.” They just, “Yep, I’ll do it. I’ll support Dynamics. How hard can it be?” It’s hard. It’s big. I don’t have to tell you guys, SAP is a beast. And if you don’t have the partnership, you’re not going to get the support. It doesn’t exist. So now you have entered into an agreement, potentially for years, for somebody that can’t support the thing that keeps your business running and keeps you productive and keeps revenue coming in. That’s scary stuff.
Todd: Yeah, you made me think about something. And we did this for an article or another episode. I don’t remember now. But I’m sure, Howard, you’re part of this too. But on Facebook, for example, there’s a lot of groups that are for IT business owners. And I’m a part of a lot of those groups or IT professionals in the industry. And it is crazy how often you see these business owners come out and go, “Hey, we just hired this new client, and they have this technology. Does anybody have any experience with that?” Or, “Hey, we just got this new client, and they’ve locked, the previous IT locked us out of their server. Anybody know how to do this?” Or, “Hey, we took on this IT, and they have a VoIP phone system. And we’ve never done anything with VoIP. Anybody have any experience with this specific one.” And it’s just like, what the freak are you thinking?
I mean somebody said, “You are the most professional company that will help my organization be successful, that will help me to retire comfortably, that will help my employees to be successful and so that I can give them more benefits and raises.” No, it’s just craziness. And this goes back to what Kristina talked about with the lowest price option. You have so many people up there that are going at this lowest price option, and they’re shooting themselves in the foot. And along with the lowest price option, the other thing I wanted to add is, and it’s really the same thing, is this idea of a month-to-month contract. The month-to-month contract plays right in line in terms of the mentality of a low-price contract, because people are looking at it from the standpoint of what’s the least amount of investment that I can put in and be able to pull out if this doesn’t work out.
Howard Trumbull: There’s no strategy.
Todd: Yeah, there’s no strategy.
Howard Trumbull: There’s not strategy. Month to month, there’s no strategy.
Todd: There’s no strategy. You really have to get in bed with your partners and understand, work with each other and go side by side through the problems. We’ve talked about this at the beginning with COVID and lots of other things, but you choose partners that help you be successful. It’s kind of like you hire employees to do things that you’re not great at. You hire employees to do things that are great at other things. Well you hire your partners to do things that are great at something that you’re not great at and that help you to move forward and be more successful. And then you end up hiring somebody who is just going at the lowest cost, that doesn’t have the expertise, doesn’t have the resources, doesn’t have the automation, doesn’t have the everything set up so that you can be successful. It’s sad, very sad.
Dax: Yeah, I think it’s, to me it comes down to this idea that you need to remember. We’ve talked about SLAs. We’ve talked about contracts, agreements, like you mentioned, Howard, for a certain number of years. And you need to remember, those things all go both ways. You were committing to this MSP, but you need to be making sure that this MSP is committing to you, committing to your growth, your goals, your strategies, your business and what you’re trying to achieve for the same amount of time. And if it’s a month-to-month contract, they’re not doing that. They’re not going to be committed to you either, because there’s no longterm, like you said, Howard, strategy insight for them either.
Howard Trumbull: If you don’t have the commitment on both sides, it’s a bad relationship. They’ve got you under something, some threat of things are going to break. Just remember how bad things were before you came along. Your workstations were down or whatever it was. That’s no kind of partnership. What are we, terrorists? No, what we’re trying to do is create mutual successes, mutual outcomes. We need to have a strategy in place that says, “Here’s how your company is going to get to the next level.” And that may be reducing downtime. It depends where you are in your maturity. If you are experiencing a lot of downtime, our initial piece is going to be … Let’s triage this. Let’s get you as safe as possible, so then your employees can work as much as possible. Now what’s the next revenue enhancer? Is it that you guys need to have better logistics? Is it that you need to have more understanding of the data coming in so that you can make better financial decisions, better planning decisions, better hiring? All of those are those next steps that you can’t do if you’re in break-fix mode. Which that break-fix mode is exactly the mentality of month to month, looking for the cheapest we can buy.
Hey, guys, I just need my computers working. Whenever you hear somebody say that, and it’s like that’s not true. You need to level up, and I can help you do that. That’s that. You want that confidence from that MSP of … I can take your business to the next level. I will grow with you. I will help you scale up or scale out, not just I’ll fix your computers.
Dax: Because you need a partner that’s going to be that sort of upfront, honest with you and call you on your own BS, so to speak, and tell you, “Look, I know that’s what you think you want, but if you want to achieve more than that, that’s not the right attitude.” And sometimes we talk a lot at JMARK about honest conversations and the hard conversations. And you need a partner who’s going to be that open with you, to help you.
Todd: Yeah, and that can be very clearly seen during the sales meetings. If they are pushing back, not in a combative way, but in a way that they’re trying to understand and in a way that they’re trying to produce that mutual outcome, like you were mentioning Howard, those are the things. And it comes up in many different aspects as well. I mean I’ve seen in agreements, because I deal with a lot of the agreement stuff at JMARK. And there are times when a client will come back, or a prospect will come back and say, “I don’t agree to this. I don’t agree to this. I don’t agree to this. I don’t agree to this.”
And we’ll say, “We’ll meet you halfway on this one. No, I’m not going to agree to go that direction on this one. We’re not going to agree with that.” I mean when you are trying to create a mutual outcome, there’s going to have to be some give and take on both sides. And a business owner has to recognize that there are risks in their organization that an MSP can’t stop, no matter how great they are. And at the same time, though, we look to pivot a little bit. If something does happen, is there the protection in place to help my organization? Does the MSP have X amount of liability insurance? Does the MSP have cyber liability insurance? What happens if I am breached? How will you help me, and what does that mean? There’s a lot of people that don’t understand the issue with cyber liability and what happens when that takes place. But I think as we’re kind of evolving here and pivoting and talking about different areas, this idea of the mutual, beneficial agreement really stands out to me, because that’s what you want. And that takes place in all parts of what we’re talking about, in the actual, physical agreement as well as just how strategy you’re helping each other to win, helping each other to be successful.
Howard Trumbull: Yeah, so it’s funny, Todd. So your trigger word there was cheap. My trigger word is risk. So whenever I hear risk, that’s whenever I fire in. Everything is risk. The safest computer is one that’s unplugged in the middle of a warehouse that’s under lock and key. It’s not productive. You can’t do it. There’s some amount of risk that an organization must accept in order to be productive. Now there are, of course, layers that we can put in place to keep the bad guys out, to keep your people from going where they’re not supposed to go, to make sure that you’re getting the work done safely. So those conversations are very critical. You were talking about what questions can we ask of a MSP. What can you do to mitigate my risk? What can you do to lower my risk profile? Are you just watching some firewalls? There are companies that will come in and just install a firewall. Well that’s only as good as the time that it was installed. From that day forward, every second, every minute it is less effective, because the dangers are changing. He bad guys are doing different things. The firmwares are being updated, and if they’re not doing those things, it’s less effective. Every second it’s less effective than the moment they installed it.
So if you don’t have somebody who’s watching for that, if you don’t have a company that’s on top of that, looking for how to patch it, how to update it, is it being actively hacked? Is somebody trying to get into your network through weak passwords? If they don’t have a password policy for you, they say, “Hey, use whatever password you want. It really doesn’t matter,” you run. You don’t walk away from that MSP; you run. A lot of these breaches on a lot of these SaaS or software as a service providers come from weak passwords. It’s sad. You have some of the greatest technologies that are put out there in the world with firewalls and intrusion protection prevention, but Jimmy’s password was ABC123. That didn’t take but one third of a second for a hacker to get through. So they’re in your network now as Jimmy, getting your data. They’re over there installing around somewhere. And now what is that downtime going to look like? It’s going to be massive.
Kristina: I think something else to consider too, that I don’t think we’ve talked about, is how long the MSP has been in business. I think that might be something that people can overlook, but it’s very important when it comes to what we talked about earlier, which is maturity. And that’s something they’re just not going to be capable of having if they’re a brand-new company.
Todd: Yeah, I think that’s a great comment, and I want to see if we can combine what you’re saying, what Howard is saying, because I think that the time in business can be negative and positive. The time in business, I mention these Facebook groups, and a lot of them are these small companies that have been in business for a long time, 10, 20, 30 years, and they haven’t grown. Maybe you had a tiny, little growth. But you want to be with an organization that has been in business for a while, that has matured, that has stubbed their toes, that have gone through some trials but has consistently grown. And asking those kind of questions to their history and progress and some of the failures even and can shed light on that. And then going back to what you were talking about with risk, Howard, that goes into play in the same light. Because a mature organization, not necessarily one who’s been in business for a while, but a mature organization will have their ducks in a row when it comes to security. I mean the amount of security threats that have started since just the beginning of COVID is like 20 times bigger than last year. It is a massive number.
So when you talk about, Howard, about the moment your firewall is installed, the depreciation is essentially going down, because that thing is getting hit, hit, hit, hit, hit, and more vulnerabilities are coming out all the time. I mean it happens, and it’s not even the technology, though. It’s just that the techniques are changing. There are social engineering techniques. There are fishing attacks done in different ways. I mean we recently had a email sent to many users in the organization, and I got it too, that looked exactly like the email that we get from our spam protection system. And there were slight differences that you could see, but it was somebody trying to hack us. But even beyond that, I remember years ago going to an industry trade show, and I was trying to register for the classes and sessions I wanted to go to. But somebody else in the organization has registered it, and he was on PTO for like two weeks. I social engineered the lady at the trade show company to give me his password so I could log in and edit my sessions. And while I was not doing anything nefarious, that’s the kind of crap that can destroy your business.
Dax: Yeah, I think it’s important that your MSP is paying attention to all these things. We talk about, Kristina, you mentioned time in business. And we bring it back around to maturity and stuff. And I think that’s, to me, a huge key. What have you done with the time that you’ve been in business to grow and be better and stay up to date and ahead of the game where possible with technology? Or are you just resting on your laurels? Are you just like, hey, we’ve been in business for 20 years? We’re good to go. I’m an expert, because I’ve been doing this for 20 years. But that’s not the case with technology. The case is, how are you using your experience to benefit the new knowledge that you are constantly gaining and combining those for the benefit of your clients?
Todd: You touched on something that reminded me, Dax. We kind of played on this a little bit with certifications, when we’re talking about that. But it’s also important that the MSP understands the regulations that they have to abide by and that they go through the audits, that there’s audits on many types of organizations in the world. But MSPs often slide under the radar and don’t do anything. JMARK has a SOC audit. We’ve been SOC compliant for around five years. And that changes every single year, so it gets harder and harder. There’s NIST frameworks and other type of cybersecurity frameworks that we go onto. And in terms of the GDPR and the California Consumer Protection Act and all of these different things, you may not think they affect you, but they do. Your data is going somewhere, and it’s potentially mixed with other data. And it’s really important to understand how your data is being handled, how it’s secured. Does the organization make effort to become compliant? Do they get audited by third-party entities, whether through penetration tests or through other types of audits? And that’s really another area that I think is important to touch on when looking for red flags.
Howard Trumbull: Absolutely, and that’s going to limit the growth of your company. If you can’t partner with an MSP that has the kind of the rubrics for security, for compliance, you’re going to run into those through them. You’re not going to be able to grow because of them. If you can’t work through, for example, PCI compliance, if you can’t work through PCI compliance with your MSP, you’re never going to be able to realize the complete profits of your credit card sales or your mode of transactions. You’re always going to be penalized by your financial institution. Why? Well, because my MSP can’t get their act together. Well now you need to talk to an MSP that can actually work through PCI compliance and making sure that what they’re helping you put in place meets your business goals. It’s that mutual success. In this case, if they can’t help you with your PCI compliance, guess what they’re not. They’re probably not being able to control their data. They’re not going to be the most secure company. So it gives you a little bit of an insight into their own company. If they can’t be as secure as you need it to be, they may not be as secure as they need to be.
Todd: Well I think we’ve had a great discussion, didn’t even realize how long we’ve been talking. This could be potentially one of the longest episodes we’ve had. So to wrap this up, I think we talked about a lot of different red flags. And please shout out if I’m missing any red flags here, but we have the red flag of security. We have the red flag of maturity. We have the red flag of the agreements. We had the red flag of being cheap. Yeah, being cheap, month-to-month agreements. We have the red flag of the certifications and the compliance of the organization. What else is there? Did I miss anything?
Howard Trumbull: The culture of lifetime learning. If they can’t learn, they can’t change. They can’t adapt. They’re not going to keep up with you.
Todd: Yeah, and we also talked about an MSP that pushes back and that grows strategically with you. Anyways, there are so many red flags to look out for when choosing an MSP. And we hate to see organizations like we mentioned, that Robert was talking about on our Facebook page, where companies have hired an immature MSP and have been totally turned off to the model. I mean the truth is that outsourcing your IT can be one of the most beneficial moves to an organization, but it has to be done right. And you have to look for these red flags, and you got to take the time to really understand. Is this organization the right organization that’s going to help me to go to the next level and be successful? We have a blueprint, we’re calling it, that’s coming out within the next month or so, that we’ll go back and attach to this post and be sending it out to our prospects as well or clients’ prospects. And that’ll kind of be a guide to some of these red flags and a guide to questions to ask to help set your MSP. But as always, please reach out to us. If there’s any questions that you have, if you want to learn more about JMARK and our services, just head over to JMARK.com and fill out a form or give us a call. Until next time, have a wonderful week.
Speaker 1: Thank you for attending this podcast. We hope it has been informative and helped convey that at JMARK we are people first and technology second. To learn more and discover additional content relevant to your business, please visit us online at JMARK.com or at LinkedIn, Twitter, Facebook and Instagram. You may also call us at 844-44-JMARK. Thank you for your time, and we look forward to seeing you again.
