Channel Chatter, Sept 4 - 11 2024

This newsletter is in BETA, and feedback is welcomed and encouraged.? Anyone who joins in the beta will be included in the launch offer! ?The intention is to deliver a set of actionable insights into the discussions had by the community for vendors to leverage for execution. Does this deliver???

Channel Chatter is the parsing of the listening posts that the Business of Tech podcast has around the MSP community across discussion forums and groups to bring together insights and discussions that I think are worth considering.?? In considering the needs of MSPs by listening to them for the podcast, there are insights specifically for vendors serving the space to be shared.? That is this newsletter.??

I often see MSPs post about how lawyers are the worst clients. I suspect a corollary is true — MSPs are among the worst clients for lawyers.

So in my case, I'm a one-man MSP that's still in the middle of starting up and launching my services. I'm at a point where I need to generate a Master Service Agreement, Service Level Agreement, and a Statement of Work.

What do you mean what methods? Use a lawyer, of course. That’s me…

But, I know a lot of folks here will reference examples on Tech Tribe and, of course, working with an attorney.

There is an MSA Template on TTT. Customize it and make notes first, then hire an attorney.

Public Information is Public.

MSA was created by a lawyer, with the SOW as an appendix to the MSA. Blanket statement about how anything not explicitly mentioned is billable at my hourly rate. No SLA - but best effort made in resolution of issues.

Good, just about everyone says the same thing as me. But here’s what I noted this week

This sub is full of people saying "get a lawyer take them to court" like this is a normal thing that happens; its not. Its expensive, hard, and usually doesn't have an outcome anyone is happy with. Yes there are exceptions; there are over 187k members in this sub, even 20 people posting examples of those exceptions seems like a lot; but its not. Dont find that out the hard way because you thought your copy pasted MSA had really excellent language in it.

That’s what really stood out for me. I’ve been thinking about this maturity recently. While vendors often talk of the immaturity of sales and marketing for their partners, that immaturity extends to legal departments. Like most small businesses, MSPs certainly don’t have a department or in-house counsel. At best, they have a lawyer on retainer who helped file the initial organization documents and perhaps have used them for their Master Services Agreement. They certainly have little experience in contract enforcement or in collections practices.

Why does this matter? Because the lack of experience causes a casualness of how that process works. For those with an engineering-type approach, these are problems that can be solved with instructions…. right? That’s the mentality of both business owners and engineers. And when you combine both, there is a cockiness that breeds problems.

The other issue is that the amounts are too low. An “ideal” monthly recurring revenue amount for many MSPs hovers around $1500 - $2000 a month. When balanced against four to five hundred dollars per hour of legal fees, it can take a very long time for this amount to be recovered in the legal system.

Why does this matter?

IT services providers are in the risk management business. They accept risk in exchange for cash, and one of the risks they take on without knowing it is the risk of non-payment. It’s incredibly difficult to collect at the SMB level, and potentially devastating to a business.

And it’s a risk that is rarely discussed.

Want to reach the largest MSP audience in podcasting? A Top 50 Tech News podcast? Info at https://mspradio.com/engage/

Topics of Interest

This section is a high-level summary of the major topics of discussion within the community during the time period. This gives you a sense of the questions the community is raising and what they are discussing.

1. MSA, SLA, and SoW Creation and Customization

• Summary: A one-man MSP sought advice on creating Master Service Agreements (MSAs), Service Level Agreements (SLAs), and Statements of Work (SoW). Other participants recommended using existing templates but stressed the importance of legal review and customization. Some MSPs acknowledged copying from other MSPs but emphasized the need for contracts to fit specific needs.
• Insights:

2. Challenges with Payment Processing and Vendor Lock-In

• Summary: MSPs discussed frustrations with Wise-Pay after it enforced the use of Global Pay, significantly increasing fees for ACH transactions. Many participants expressed concerns about being locked into a system with rising costs and limited flexibility.
• Insights:

3. Password Management for MSPs

• Summary: A discussion on the pros and cons of password management tools like 1Password, Keeper, and Bitwarden revealed key factors influencing MSP tool adoption. MSPs discussed ease of use, client-facing functionality, security certifications (e.g., FedRAMP), and user experience.
• Insights:

4. Future of Auto-Patching for Third-Party Applications

• Summary: Participants debated the future of auto-patching, particularly for third-party applications. Some argued that fully automated patching would be achievable within five years, while others highlighted ongoing challenges related to Windows ecosystem complexity, legal issues, and lack of centralized package management.
• Insights:

5. Vulnerability Management Tools: Simplicity vs. Complexity

• Summary: MSPs shared their experiences with various vulnerability management tools like ConnectSecure, Cyrisma, and VulScan. They discussed the trade-offs between feature-rich solutions that were difficult to use and simpler tools that didn’t provide enough actionable insights.
• Insights:

Product Gaps

This section is intended to highlight “gaps” that appear to exist in the market, where a specific weakness or need is highlighted in terms of product offerings. This can also include potential gaps in the market. If you wondered what MSPs “wish things did”, that’s this section.?

Affordable and Streamlined Third-Party Auto-Patching Solutions

• Gap: Auto-patching third-party applications is a complex, fragmented process, with tools like Intune and third-party patch managers (e.g., Chocolatey) not fully meeting MSP needs. MSPs are searching for a more automated, seamless solution for managing third-party software updates across varied environments.
• Opportunity: Develop a more comprehensive, user-friendly auto-patching platform that integrates smoothly with both Windows and non-Windows environments. The tool should address legal, technical, and ecosystem challenges while offering automation for commonly used third-party applications.
• Feature Idea: Provide granular control over patches (approve, reject, or schedule), reporting on patch status, and an intuitive dashboard that reduces the administrative overhead for smaller MSPs.

Cost-Effective Cloud Monitoring and Uptime Management Tools

• Gap: Uptime monitoring tools like Uptime Robot have seen price hikes, and while open-source alternatives like Uptime Kuma are popular, they may lack certain enterprise features. MSPs need cost-effective, customizable solutions for monitoring client infrastructure that won’t strain their budgets.
• Opportunity: Create a cloud monitoring and uptime management tool that fills the gap between feature-rich, expensive tools and minimal, open-source solutions. The product should focus on providing essential features like uptime monitoring, incident alerts, and status dashboards at an affordable price.
• Feature Idea: Include features such as detailed incident reporting, customizable alerting (webhooks, SMS, email), and easy integration with existing client-facing dashboards. Offer different pricing tiers based on the number of endpoints or clients monitored.

Security Auditing and Compliance Tools for MSPs

• Gap: MSPs are often caught between providing top-notch security services and navigating complex legal/compliance frameworks (e.g., GDPR, HIPAA). Many are unsure how to manage these responsibilities efficiently.
• Opportunity: Develop a tool that helps MSPs perform automated security audits for their clients, with built-in compliance checks for relevant regulations. This tool could simplify security assessments and ensure clients are adhering to necessary compliance standards.
• Feature Idea: Offer pre-configured templates for different industries (e.g., healthcare, finance), automate client audits with compliance scorecards, and provide documentation for regulatory audits.

Thanks for reading Channel Chatter! Subscribe for free to receive new posts and support my work.

Vendor Discussion

This section is designed to give you insights into who was “discussed” this week. These are vendors that were mentioned or commented upon, and not necessarily a specific set of complaints about the vendor. This may be a good opportunity to learn about a new name, or get a sense of who is in the zeitgeist.?It’s long. It’s intentionally long, to give you the firehose.

Atera: Mentioned for its ability to monitor websites and IPs, and a potential RMM and PSA combo for MSPs.

Avanan: Recommended for its API integration and security filtering, praised as a better alternative to tools like Microsoft Defender for 365. Positive sentiment around effectiveness in email security.

Barracuda: Discussed for email security, with mixed reviews. Criticized for slow adaptation to new phishing techniques and high false positives. Negative sentiment from some users.

Better Stack/Better Uptime: Tool used for uptime monitoring and recommended by participants.

BitTitan: Mentioned for migration processes, specifically tenant-to-tenant migration, with users expressing varying degrees of success.

Bitwarden: Discussed as an affordable password management solution. Praised for its open-source nature but criticized for being clunky and less suitable for client-facing use.

Chocolatey: Mentioned as a potential tool causing software conflicts and as a third-party manager for package updates.

ConnectBooster: Recommended for its strong integration with QuickBooks and ConnectWise, but noted for higher fees under Kaseya ownership. Positive sentiment around functionality, but concerns over pricing.

ConnectSecure: Discussed in the context of vulnerability management, criticized for bugs, complexity, and making it hard to create actionable tasks. Negative sentiment from users.

ConnectWise PitchIT: Mentioned in relation to Monjur, which focuses on automation for MSP contracts.

CrowdStrike: Mentioned in discussions about using Falcon Complete for cybersecurity within an MSP.

Cyrisma: Discussed for its clean UI and features like secure baselines, but criticized for performance issues and a price increase during trials. Negative sentiment due to bugs and poor performance.

Datto: Mixed reviews on its hardware and services. Some positive feedback on ease of use, but overall negative sentiment toward reliability and pricing.

Domotz: Mentioned for LAN monitoring, external host checks, and custom scripts for MSPs.

Empath: A coaching service discussed in the context of MSP-specific business coaching.

FlexPoint: Mentioned as an alternative payment processor for MSPs, praised for responsiveness and suitability for smaller MSPs. Positive sentiment.

Gozynta Payments: Praised for its small size and excellent customer service, discussed as an alternative to Wise-Pay for MSP payment processing. Positive sentiment.

Grafana and Prometheus with Blackbox Exporter: Mentioned as part of an existing monitoring stack used by MSPs.

Hornet Security: Discussed with overwhelmingly negative sentiment due to poor support, ineffective spam filtering, and unreliable mailbox backups.

ITGlue: Recommended for documentation and integration with password managers. Some users express hesitation due to its ownership by Kaseya. Positive sentiment around documentation features, mixed sentiment regarding ownership.

Keeper: Discussed for its FedRAMP certification and security features. Praised for ease of sharing passwords but criticized for a clunky UI. Positive sentiment regarding security features.

Kaseya: Mentioned in a negative context concerning support quality after acquiring tools like ConnectBooster and Autotask.

Mailprotector: Discussed favorably by users for its email filtering capabilities.

Microsoft: Heavily mentioned across conversations, particularly for Intune, Windows Autopatch, Defender for 365, and CSP licensing migration. Mixed sentiment—positive around existing tools, negative around complex licensing and limitations in some features.

Monjur: Mentioned for contract automation around MSP SLAs.

New Relic: Used for external monitoring, praised for infrastructure agent capabilities.

NordPass: Dropped by some users due to a significant price increase. Neutral to negative sentiment.

OneUptime: Discussed as an open-source tool for uptime monitoring, with limited adoption by participants.

Passportal: Integrated with ConnectWise, but viewed as less feature-rich than alternatives. Neutral sentiment.

Perception Point: Discussed in the context of email security for SMEs. Positive sentiment due to excellent support and 24/7 incident response.

PRTG: Mentioned as a tool with limitations, particularly for heartbeat API checks.

RoboShadow: Low-cost vulnerability scanning tool with limited features but good support. Mixed sentiment—positive around support, cautious regarding its newness and lack of features.

Sea Level Operations: Praised for MSP coaching and transitioning support to platforms like ConnectWise. Positive sentiment for expertise.

Site24x7: Highly recommended by multiple participants for uptime monitoring.

Sophos: Mentioned in relation to manageability in network hardware but criticized for support and issues with SD-WAN. Mixed sentiment.

Splashtop: Used for remote access and monitoring by some MSPs.

Statuscake: Cloud-based uptime monitoring service recommended as a replacement for Uptime Robot.

Syncro: Mentioned as an all-in-one MSP software with PSA, RMM, and remote access. Positive sentiment for strong integrations.

Tech Tribe: Referenced as a resource for MSP document templates and coaching.

Uptime Kuma: Popular open-source alternative to Uptime Robot, praised for cost efficiency and versatility.

Vonahi: Discussed positively for its automated pentesting capabilities and detailed reports.

WatchGuard, pfSense, Fortinet: Mentioned as alternatives to UniFi’s USGs for security services. Mixed sentiment due to complexity in licensing and support.

Wise-Pay: Criticized for vendor lock-in and increasing ACH fees. Negative sentiment regarding recent changes and cost increases.

Zabbix: Regarded as comprehensive but overkill for simple uptime monitoring tasks.