When it comes to being paid for services, the attitude of “Can’t pay? Walk away” may not be as simple as assumed. A question anyone providing any service needs to ask their customers is: “What good is it being your expert if you won’t pay me for my expertise?”
More importantly, it’s something they need to ask themselves, because it’s quite likely their customers aren’t paying them because they don’t know they’re supposed to.
Put simply, if managed service providers (MSPs), managed security service providers (MSSPs) and other service providers want to get paid for their services, they need to set out ground rules and service-level agreements (SLAs) that recognise the need to pay for the value they provide. For too long, they haven’t been doing that. Or at least not in a clear and unequivocal manner. It might also be that many customers view the value and expertise provided by MSPs and channel partners as a competitive feature that gives them an advantage over other providers, rather than something they need to pay extra for.
Speaking on this subject in October, Datto CEO Tim Weller argued that there could come a point where “if people won’t pay, it may be time to move on”. To which the obvious retort would be “easier said than done”.
Just how easy is it for MSPs or other providers to walk away with their reputation intact or enhanced? If a customer has come to expect a level of expertise for free, whether by accident or design, how can an MSP or service provider end a relationship without being accused of abandoning or disappointing the customer?
If the customer isn’t paying for the partner’s expertise, whose fault is that? If the partner “suddenly” starts to ask to be paid for something which, up until that point, the customer has been getting for free and threatens to walk away if the demand isn’t met, could that look more like blackmail rather than a legitimate request to be paid for a valuable service? Unhappy former customers could cause enormous damage by word of mouth to any MSP or service provider that they feel left them in the lurch.
Carpenters and architects
For John Pagliuca, CEO at N-able, the customer’s perception of the service provider is the basis for everything that comes after. “The most important question before you react is, ‘Are you a carpenter or an architect’? In other words, does your customer view you as a tool or a partner that’s adding strategic value to their business?” he says.
It’s an interesting question because even if you answer it correctly as you perceive it, the customer’s response may be completely different. Pagliuca admits the issue can be problematic in a digital economy where it’s easier to “shop, ghost and call it quits”. It’s also important for MSPs and service providers to ask themselves if they have clearly communicated how they are helping their customers.
He makes another significant point in terms of raising awareness of what MSPs and service providers do for their customers. A good example might be to bring them a recent cyber attack that’s in a related industry and challenge them on their operational readiness, he says.
Finally, can you convince customers of the value you provide? “Do you have the business case documented to show ROI? Educate, educate, educate,” adds Pagliuca. “Not all business is good business. If they view your service as a necessary evil or a maintenance area, they may not be the right customer for you. Be the architect, not the carpenter.”
Greg Jones, Europe, Middle East and Africa (EMEA) business development director at Datto, agrees that not all business is good business. “This is certainly the case when customers won’t pay or see the value in security services or expertise,” he says. “[It goes beyond] just talking about a revenue opportunity, this is about protecting your MSP business and the security of your customers.”
It’s one thing when a customer won’t pay or see the value of security, but should the risk be on you or your business? Absolutely not
Greg Jones, Datto
That’s a very important point. “It’s one thing when a customer won’t pay or see the value of security, but should the risk be on you or your business?” Jones asks. His response is unequivocal. “Absolutely not. When an SME is compromised, it is not only damaging to the business that is directly affected, but the reputation of the MSP that is responsible for IT services within that business.”
MSPs and service providers need to be paid for what they do and their expertise is at the heart of the service they provide. “Over the past few years, we have seen far too many MSPs fall foul of their customers refusing to pay,” Jones says. He makes no bones of the fact that MSPs and MSSPs need to take a firm position with customers and realise that sometimes it’s better to walk away and part company.
In many cases, the situation may not deteriorate as badly as that. “It’s surprising how many customers will take notice when you have an open and frank conversation. Sometimes it’s only then that they see just how serious you take security,” says Jones.
But what if it looks as if the channel partner may have to walk away from the business? “MSPs and MSSPs need to ask themselves, ‘Can I walk away from this relationship with my head held high and business intact if I have an open and honest conversation around security?’ The answer to this question is a resounding yes,” Jones says.
It needs to be approached in an appropriate manner, however. “MSPs and MSSPs need to take care that the conversation isn’t one of an ultimatum, but rather a business discussion that outlines the risks for not only the SME but also the MSP business,” he warns.
There are sound reasons for doing this. “In most cases when an SME is affected by a security breach, they are viewed as the victim, but the same cannot always be said for the IT service provider. The truth is that many times this leads to blame or comments about negligence,” says Jones.
In other words, if something goes wrong, the provider gets the blame. It seems perverse if the MSP is in a relationship where it gets the opprobrium when things go awry, but not the reward for helping customers to stay safe.
The case for communication
Perhaps it’s a case of customer ignorance. Maybe, as Pagliuca notes, it’s all about communication. How can a customer appreciate the value of a partner’s expertise if it is unaware of what the MSP is delivering.
According to Jones, MSPs need to work on this, saying that they should periodically take stock of their customers and their business. Among the questions to ask themselves is how many hours they have spent building the business over the years, and – more significantly – is it worth the risk of working with a customer that may ultimately leave them exposed?
Karl Roe, vice-president of customer success and digital transformation at Nuvias Group, agrees that MSPs and service providers need to clearly articulate their value proposition, “acknowledging the need to adapt to a changing business environment and taking the customer on this journey too”.
“Realism and honesty are of the essence. A lot of the time, it is necessary to explain the background to our decisions, but once the premise is established, it won’t be difficult for others to follow our logical conclusions,” says Roe.
Datto’s Jones argues that the likelihood of damage to a service provider’s reputation can be over-stated. “Over the past few months, we have heard of several businesses leaving an MSP over price or security only to return a few months later due to a security issue or breach,” he says.
The balance of power may not be as skewed against MSPs and service providers as some might think, he suggests. “You will never see bad press from parting company with a business that doesn’t take security seriously, especially in today’s digital age. What would they say? ‘We don’t work with them any more because they take security too seriously’?” He makes a valid point.
Jones reveals that before joining Datto, he had many of those types of conversations with SMEs and never had an issue, adding that there are ways to make sure the discussions go the right way. “I recommend that the conversation not be technical in nature, but rather focused on the business and mitigating risk,” he says. “If need be, MSPs and MSSPs should go open a book and show them that this is not about the revenue, it’s truly about security.”
He believes MSPs and MSSPs should concentrate on a handful of factors that will help to demonstrate their value to customers. If they want to ensure they are paid for their services, Jones has a list of areas they should focus on:
Clear policies and procedures around security.
A minimum security standard for customers.
A clearly defined SLA around security.
Scope of works document for all security projects that clearly identifies what is “in scope” and what is “out of scope”.
A good understanding of cyber resiliency.
According to the old adage, “you pays your money and you takes your choice”. For MSPs and service providers, the challenge is to make sure customers pay the money for their expertise and they don’t have a choice to avoid doing so. We all know what an expert is and we know how valuable his or her knowledge can be. It shouldn’t be too much to ask that customers know it too.
