One of the more commonly repeated tropes you will encounter as an MSP is the need to standardize your “stack,” that is, your offerings and the tools you use to deliver them. Like many of these aphorisms, there is some real wisdom here, but things are never as simple as thought leaders would have you believe. With that in mind, we can look at this admonition in a bit more detail to see why it is worth the effort to achieve.
Expertise
There is nothing more important than developing the mastery of your tools. Whether that is your Hypervisor of choice, the firewall you prefer, or any other arrow in your quiver, the best-case scenario is to pick one and truly master it. There is almost no end of reasons that this makes sense, from delivering more secure solutions to having fewer SOPs to master. And for those of us with just a few on staff, there is no practical way to develop the depth of knowledge you need to deliver more complicated solutions securely across various vendor offerings.
Relationships
Just as we want to “sell-through” into our clients, our vendors want to do the same with us. All the major firewall vendors, for example, also offer SSLVPN, WiFi, endpoint protection software, maybe even switches, and other options. They pitch these as a secure, centrally manageable ecosystem, and they will lean on you to broaden your expertise across their product lines. One of the ongoing challenges of running an MSP is being able to decide where to draw the line between best of breed and sole sourcing. Another factor to consider is the value that deepened relationship may offer you and how much weight that may carry.
Scaling
There is nothing harder than supporting a panoply of providers. That holds even more true for smaller providers. While you may be able to take your three or four-person operation close to $1M, you will not do that by supporting three Hypervisors, four firewall lines, and half a dozen WiFi providers. There is just no practical way to become truly adept with two different RMM/PSA toolsets, two EDR solutions, or two security hardware lineups, at least not until you have already scaled considerably. And if you are hoping to find better pricing from your vendors, the more sites, the more seats, and the fewer vendors, the better.
Challenges
We all acquire new business and engage new clients. Often, we inherit equipment that is either inferior or just not our cup of tea. How many times have you had to work through the challenges of managing a site that runs the “wrong” hypervisor or firewall? We migrate new sites to our preferred solutions within a year of onboarding or when the existing commitments expire, whichever comes first.
Sometimes, we address issues like this faster using hardware as a service (HAAS) contracts for items such as firewalls, access points, or servers, or we do equipment buy-outs. This is a great reason to forge relationships with other providers that run different stacks than yours, as they can provide expertise and perhaps take some equipment off your hands. But no matter how well you standardize, there will be exceptions, even if briefly.
Perhaps the biggest such challenge of all is when an MSP buys out or merges with another that has a different stack. Think migrating one site from Fortinet to Sonicwall sounds like a challenge? What about doing 30 of them? Of course, this is one of the many details that should be considered early on in any such potential deal. Sometimes the deal includes staff and expertise of the acquired business, but it still retards standardization.
Risks
Monocultures are the most fragile ecosystems, as any botanist can tell you. The risk of putting all your eggs in one basket is the security of those baskets. Whether it is a shared remote access tool that gets compromised, an EDR product that fails to detect a particular attack or the newest zero-day attack on the firewall vendor of your choice, it is scary to consider the other side of the coin when it comes to standardizing all your offerings. You should also consider the risk of working with a single vendor for most of your business process tools as well. In an M&A happy world, eventually, all vendors will be Taco Bell.
Summary
There are many great reasons to standardize your service offerings and your service stack, from expertise to vendor relationships to ease of scaling. The challenges of maintaining these standards in the face of new client acquisition, or even a potential vendor acquisition, can be daunting. But in the end, this level of standardization makes nearly everything about service delivery and business growth easier and more secure.
Joshua Liberman is President and founder (in 1996) of Net Sciences, Inc, New Mexico’s most security-focused MSP. Joshua is a former rock and ice climber, martial artist, and lifelong photographer. He has traveled worldwide and speaks five languages. Heidi, his wife, calls him the most interesting geek in the world.
