Category: Featured Article

The Consulting MSP – How to Profit from Specialization

By Caroline Paine, Director of MSP Sales at OnApp

MSPs field all kinds of requests for a range of cloud services from their clients and new clients alike. Those that specialize and find their niche can be much more successful than those who try to be all things to all people. AWS, Digital Ocean, GCE and other mega-cloud providers have spent years building up infrastructure that offers point-and-click access to compute or storage services for all levels of consumer. However, they don’t have a consultative approach to providing solutions. This is where competitive – and most importantly, competent – MSPs can shine!

By understanding the needs of specific business types and catering to them, a regional MSP can win customers and thrive. In this article, we’ll look at what it takes to be a consulting MSP, which challenges must be overcome, and how a cloud management platform can help.

The Consulting MSP

For most MSPs, trying to be all things to all customers is becoming obsolete. It’s better to serve a specific market niche. Certainly, there are plenty of niches to be claimed: offering an “IT department on demand” service for small and medium-sized businesses; focusing on managed hosting for banks and financial services firms, healthcare organizations, or oil and gas; or specializing in specific applications or professional services. These are all valid niches.

Understanding the compute needs of a chosen niche is the key to a consultative relationship. Rather than simply providing servers and storage, the MSP should sit down with the customer and plan out resource needs through busy and slack times.

For example, if we look at banks and think about how they’re going to be using their capacity, every night a bit of FinTech software needs to do a lot of processing – so compute resources should be increased during overnight hours. If we look at healthcare, the winter months have higher capacity requirements due to higher incidents of illness, meaning more patient records need accessing. E-commerce businesses get much busier around Black Friday, Cyber Monday, Boxing Day, and other big sales days, and they need higher capacity to handle huge spikes in traffic.

Customer-driven provisioning challenges

By anticipating these service requirements and provisioning for them automatically, an MSP can keep customers very happy. In order to do that, MSPs need the ability to provide compute and storage resources on demand. They shouldn’t force their customers to request a different level of service and sign a new contract. Rather, they should enable flexible, customer-driven provisioning (by the customer) with contract language that specifies a standard level of service and a “burst” level of service for a specific added charge.

How can MSPs provide this? There are several key challenges.

Simplifying management – it’s difficult to enable customer-driven provisioning without an orchestration layer or a cloud management solution in place. Without such a solution in place, the process becomes quite manual – the IT managers must physically check on available resources in various places throughout the data center, and that takes time, much like a physical stock check in a supermarket. But, if the MSP is using a cloud management platform, it can provide a service where the customer can see what’s available in terms of compute resources and consume more themselves.

Avoiding over-provisioning – an MSP that wants to be ready for anything has to maintain a large supply of idle resources that can be turned into capacity as customers need it. This requires a large up-front investment. To avoid over-provisioning, the MSP needs to sit down and consult with its customers to create an action plan for capacity scaling on demand, and making sure that infrastructure is in place for customers’ future needs. A cloud management platform helps by revealing exactly how much compute, storage and networking power is available at any given time.

Moving away from fixed contracts – rather than having a fixed contract for a standard level of services, the MSP should be flexible and offer resource bursting. The customers pay for a minimum commitment of resources and have an overage charge for bursting capacity. This gives them the freedom to expand quickly without going back to the MSP, and gives the MSP the security of extra resources being measured and chargeable.

Requirements for Success

What infrastructure attributes make it possible to rapidly and cost-effectively become a consultative MSP? There are several key requirements.


To deliver the responsiveness and flexibility that keeps customers happy, MSPs need a centralized management infrastructure that allows resource planning and allocation through a unified interface. Rather than having different systems tracking for compute or storage or network supply, the management tool could allow central control over the entire infrastructure. This is essential for understanding and assigning resources.


With flexible, automated resource management, the MSP can rapidly adapt to its customers’ unique needs. That might mean enabling deployments in multiple locations across a region, or flexibility when it comes to contracts and billing. For example, the infrastructure management platform could handle scaling automatically – it could watch to see that if a customer’s usage reaches, let’s say, 90 percent of capacity for a certain period of time and automatically provision more resources. When the customer’s usage drops below, say, 30 percent, excess capacity is removed. The MSP saves time and money by not having to manually adjust resources, and the customer wins because they only pay for what’s being used at any given time.

Where the workload fits best

Multi-hypervisor support is also essential. The MSP should help the customer place each workload with the right technology. With a cloud management platform that supports multiple hypervisors, an MSP doesn’t have to be all KVM or VMware anymore; it can use the best tool at the right cost for the job.

The Benefits of a Cloud Management Platform

For a consultative provider, having a cloud management platform delivers the agility needed to respond quickly to customer requests along with the automation needed to control staff expenditures. There are several specific benefits to be gained.

Provisioning efficiency: Cloud provisioning is software-driven; it requires minimal amounts of staff to perform the operation. Rather than racking new servers as customer needs change, an MSP can carve out new resources from existing infrastructure and provision them on the fly. To offer services, MSPs need a cloud platform with the ability to orchestrate across a range of hypervisors – and to achieve peak efficiency, they also need to be able to manage these centrally. By being able to see all physical servers, firewalls, storage and virtual servers in one place, it’s easier to react to customer needs and issues as they arise.

Administration efficiency: A cloud management platform should minimize manual effort at every point in the customer lifecycle. With the right platform, properly-trained personnel, and some consulting from the chosen vendor, technicians should be able to provision a new customer in hours rather than weeks.

Vital to this is the need to be able to create permission-based user roles and user groups so that, once the service is in production, clients can self-serve resources within a secure framework – access control gives the customer only what they should be able to access. The cloud management platform should also leverage customer needs and profile these into ‘templates.’ Once a template is created for one style of deployment, it can be easily modified to onboard a second customer with similar needs, and so on. Having a central template repository makes provisioning easier and faster for administrators and also reduces provisioning errors.

Billing efficiency: Leveraging a solution that also intricately calculates resources for billing by customer is another element that will save hours of manual work, and improve margins quickly. Getting this right is crucial for rapid growth.

Resource efficiency: With the ability to treat the entire compute, network, and storage infrastructure as a flexible pool of resources, MSPs can easily assign specific resources to specific clients and bill for them accordingly, eliminating custom racking and stacking for individual clients. What’s more, the MSP can replicate one customer’s setup for the next customer, and simply tweak the resource allocations or service mix to suit the new customer.

MSPs can thrive if they offer a consultative service to customers, specialize in a particular market, and enable customers to quickly and cost-effectively meet their service needs. A cloud management platform simplifies resource provisioning, billing, and infrastructure management so MSPs can successfully serve their customers without breaking the bank.

Bio: Caroline Paine is director of MSP sales at OnApp. She brings together solutions to overcome the challenges that MSPs, telcos and other service providers face. She joined OnApp as a start-up in 2010, and has since helped thousands of MSPs, telcos and datacenter operators create new revenue opportunities, and stay profitable and competitive in a fast-changing market.

Small Businesses Need Dark Web Monitoring for Today’s Cybersecurity Risk

By Kevin Lancaster, CEO at ID Agent

According to a comprehensive analysis of security breaches conducted by Gemalto, last year saw almost 1.4 billion data records lost or stolen. Juniper Research has the global cost of data breaches reaching $2.1 trillion by 2019. The numbers are alarming, and while 2017 statistics are still unfolding, we already know there is great cause for concern. With modern malware, new-age ransomware and the Bitcoin process, the IT market has advanced in complexity with more sophisticated cybersecurity threats which are increasing in both frequency and scale.

The NotPetya ransomware campaign cost pharmaceutical giant Merck more than $300 million in Q3 2017, and sources suggest that Merck will be hit with that amount again in Q4. Mondelez International, maker of Oreo cookies and Cadbury chocolates, estimates the Petya malware attack shaved three percentage points from their Q2 sales growth, due to interruptions in shipping and invoicing.

The magnitude of some of these attacks is astounding, but many large corporations have the resources to survive the disruptions experienced at the hands of these criminal activities. It is small businesses, however, that are feeling the impact the hardest when a cyberattack occurs due to lack of preparedness, resources and confidence in the ability to stop an attack. Some estimates say that as many as one third of small-to-medium-sized businesses were hit by ransomware in 2016, forcing many of them to halt operations completely.

Cybercriminals have learned that smaller attacks can be replicated easily and carried out against multiple companies – including small and medium sized businesses – for greater revenue. It only takes a small number of successful attacks to yield substantial revenue – and incentive.

With the evolution of today’s attacks, companies of all sizes need to be vigilant and place a higher priority on protecting their employees and their corporate networks and systems. And small businesses are relying on their MSPs. Are you offering the latest protective services that your clients need to protect their networks and systems? Are you prepared for a client cyberattack?

Not long ago, selling cybersecurity services to clients meant offering simple monitoring and patching services. The significant ransomware threat and Bitcoin was not even around a few years ago when you may have signed some contracts with clients. The market has changed substantially – so your services as well as what you are charging – need to change as well.

Don’t be afraid to talk about increased pricing. As an MSP, you are protecting your clients’ most valuable assets, assuming much risk in securing networks and systems, and you need to be compensated. There is substantial value in these services – more value today than ever before. MSPs are providing more services – user awareness training, active endpoint protection and more. In fact, if you aren’t charging enough for protective services, your clients may question why and look to others who may be offering seemingly better services.

Fundamental cybersecurity best practices include backing up data regularly, keeping software up-to-date and staying on top of the common tactics used to spread ransomware. Today’s MSPs should also be providing Dark Web monitoring services – solutions that scour millions of sources including botnets, criminal chat rooms, peer-to-peer networks, malicious websites and blogs, bulletin boards, illegal black market sites and other private and public forums – to identify and monitor for an organization’s compromised or stolen employee and customer data. Dark Web monitoring services are allowing IT service providers, MSPs and MSSPs to educate their clients about the high risk of the Dark Web and protect them from the dramatic rise in credential-based exploits.

The Dark Web, the large portion of the Internet that is hidden from conventional search engines, holding a wealth of stolen data and illegal activity, must not be overlooked in an up-to-date security plan. As well, delivering affordable, add-on services with 24/7/365 alerting and monitoring for signs of compromised credentials, allows MSPs to quickly and cost-effectively increase monthly recurring revenue, customer stickiness, dependence and satisfaction as well as attract and retain new customers.

Personally identifiable information (PII) – names, email addresses, passwords, dates of birth and IP addresses – are being stolen at alarming rates. Hackers, including nation states, organized crime, hacktivists, malicious insiders and motivated individuals, are using our PII to successfully access and steal our money in a variety of ways. While cyber breaches are no secret, many don’t realize that organizations and individuals are highly vulnerable to exposure of PII on the Dark Web, lending high vulnerability to corporate systems.

Most small and medium sized businesses don’t have the knowledge or resources to protect themselves against the sophisticated attacks looming today. As the MSP, ensure your clients are protected against today’s inevitable threats and be prepared when they strike by offering the latest, most comprehensive, protective security services, including Dark Web monitoring.

7 Key Problems Must Be Addressed For The Sharing Economy To Thrive

David Thomas, CEO of Evident ID

Consumers embrace the sharing economy for the freedom of choice it offers; using a digital platform means consumers are no longer tied into big conglomerations, but instead deal directly with peer-providers. The sharing economy also gives consumers power by allowing them to participate in a rating system that influences providers’ reputation ratings. Coupled with this additional freedom and control is an inherent level of risk. While digital platforms have taken some measures to alleviate that risk, the most effective risk-mitigation factor would be the requirement of a verifiable online identity for participants in the sharing economy. However, before verifiable online identity can truly take hold in the sharing economy landscape, there are barriers that must be addressed:

Online identity verification creates friction. The sharing economy’s appeal lies in its ability to camouflage itself into daily life. To be effective, a good online identity system needs to be invisible. Lengthy or intrusive onboarding will stop a would-be participant experience in its tracks.[1] Seamless onboarding, on the other hand, drives home real, quantifiable results: “companies that focus on providing a superior and low effort experience across their customer journeys . . .realized positive business results, including a 10-15 percent increase in revenue growth and a 20 percent increase in customer satisfaction.”[2] As verifiable online identity finds its place in the sharing economy, it must be driven by a seamless, consumer-friendly onboarding process. Otherwise, the process will simply lead to abandonment during the onboarding process, which is counterproductive for platforms, providers, and consumers.

  1. No single definition of online identity verification exists.

Most people’s comfort level extends to offering their identification at banks or airports as a security measure.[3] The same does not hold true for online environments. While traditional identity verification is a relatively standard process, online identity verification is definitely not. Users currently don’t know what information is necessary for verification purposes or how that information enhances their online security.

Currently, the onus falls on each sharing economy platform to decide what components to include in the identity verification process; they then are faced with determining which components need to be outsourced and which can be developed internally, weighing the risks to find the appropriate cost versus performance balance.

  1. Identity verification processes change by the moment.

In the dynamic sharing economy, fresh players and segments continue to appear almost daily. Identity credentials constantly change. The challenge becomes creating practices and guidelines that remain current and protect against increasingly sophisticated ways to forge identity. In this dynamic environment, the refrain becomes “is this the most up-to-date data?” Trying to stay on top of these changing processes can drain resources—employee and financial.

  1. Online identity requires a tremendous amount of personal data.

Personal data often includes a person’s full name, Social Security Number or credit information, as well as a secondary source like date and place of birth or mother’s maiden name. Currently, to many consumers’ dismay, online identity verification measures require a good deal of personal data. Companies collecting data face a host of unnecessary risks and potential liabilities. Although security measures are evolving, securing personal data against hacking—which could cause serious damage to the consumer and to the company’s reputation—remains a significant concern.

  1. Identity verification actually reveals very little about a person’s qualifications.

Information currently collected to establish identity doesn’t tell the consumer anything about the provider’s qualifications—like professional licensure or certificates. Currently, review based scores serve to establish peer-to-peer trust. But those scores can be easy to manipulate. For the identity verification process to be truly useful, it needs to be differentiated based on the sensitivity of the service being offered. For instance, accepting a ride from a Lyft driver requires one level of identity verification—is the driver who she says she is and does she have a clean driving record? Scheduling an appointment with an online health professional requires another level of identity verification entirely. Now the user needs to be able to easily ascertain not only the provider’s identity but also that they are a licensed, credentialed medical professional.

  1. Online identity verification is complex and requires constant re-verification.

Companies working to grow a vibrant user base must constantly show proof of verification of identity for an ever-shifting user and consumer base. Unfortunately, verifying identity isn’t a one-time process. Identity verification must be established and re-established on recurring basis. These efforts often require large amounts of time and financial resources and leave companies vulnerable to events that could seriously damage their brand-reputation.

  1. With the sharing economy positioned to double in size every year, online security and privacy regulations are becoming more complex and thorough, particularly in industries that require large amounts of personal data.[4]

Fundamentals like full name, date of birth, and home address must already be verified. Beyond the fundamentals exists a wide variance in the number and type of data sources engaged to confirm someone’s identity.[5] The rapid growth of digital marketplaces means that companies must be up to date with a wide range of security and privacy regulations, including legal compliance with HIPAA, FCRA, CIP, and the Patriot Act . The constant push to obtain personal data for verification unnerves even the most web savvy customers and providers. Nagging questions about who is storing the data, how it will be used, and—ultimately—by whom make users skittish. Additionally, the constant ask for personal data produces friction in what should be a seamless process. Friction pulls users out of the instantaneous experience that they seek on a digital platform. And friction causes drop-off. Meanwhile, companies managing sharing economy platforms must wrangle with crucial decisions about collecting, maintain, and verifying online identity for their users. These decisions could well impact the viability of their company—and the security of thousands of their users.

  1. Current personal data practices create an environment that breeds internal threats.

Companies can, and do, invest billions of dollars in keeping personal data safe. However, even the best technology cannot eradicate the threat that stems from employees having access to users’ sensitive personal data. Employees assigned to process background information for users and providers have open access to personal data. The best encryption system doesn’t block against the employees who have access to personal data as part of normal course of business. Currently, organizations simply must trust that these employees won’t be swayed by bad-actors who offer monetary reward for the distribution of personal data. Even intelligence agencies haven’t been able to solve this issue—as evidenced by multiple major releases of information by insiders.

Although challenging, these seven key problems are certainly not insurmountable. What is required is a fresh perspective on managing personal identity, so that the sharing economy can realize its full potential.

[1] Key Trend in Online Identity Verification Econsultancy, May 2016

[2] Want A Powerful Customer Experience? Make It Easy For The Customer B. Morgan, January 2015

[3] The Challenges of Non-Face-to-Face Identity Verification Trulioo, June 2016

[4] Sharing is the New Buying Crowd Companies, 2014

[5] The Challenges of Non-Face-to-Face Identity Verification Trulioo, June 2016

Bio: David Thomas is the CEO at Evident. He is an accomplished cybersecurity entrepreneur, having held key leadership roles at market pioneers Motorola, AirDefense, VeriSign, and SecureIT. He has a history of introducing innovative technologies, establishing them in the market, and driving growth – with each early-stage company emerging as the market leader.