One-man-show managed IT providers sometimes consider big clients to be milk cows for their business. Indeed, the bigger the customer, the bigger the MRR you get, which allows you to enhance processes, hire people and, in the long run, prosper. However, bigger clients typically have complex needs. They will demand stricter SLAs, more thought-through operations, and higher-end services.
In this article, we will discuss the services that are valued by medium and enterprise-level businesses that MSPs need to focus on.
When we talk about bigger organizations, we are thinking of a larger group of people working together, more sites, more complex infrastructure, or all of the above, mixed together.
How do you manage current needs (supply and maintenance)? What technology should be used in the future? Will investment in IT enhance profits and, if so, where exactly should these investments go?
At the same time, the bigger the business, the bigger the budget -- but the more problematic it is working with this budget. There are more management personnel and you need to talk to them on the same level. This is what the vCIO is about – a C-level technical advisor who helps to define the IT strategy of the company in order to meet its short- and long-term goals.
Creating a vCIO offer
A virtual CIO, ideally, is an unbiased advisor who only cares about the strategic and operational success of the business he oversees. Thus, while defining this service, you need to stress to your client that the person in question, the vCIO, is not a regular technical support team member and won't provide maintenance or other managed services to the customer. Here are some of the definitive characteristics of the virtual CIO’s work:
- Formulates IT strategy. First of all, the vCIO is a high-level auditor who defines the IT-related pain points and growth possibilities of the company, shows them to the other executives, and forms short- and long-term strategies to focus on these pain points. These include defining the expectations of the customer, current infrastructure audit, investment and budget planning, and having an overview of market best practices, including competitive analysis.
- C-level communications. The virtual CIO should either take part in or schedule, if these do not exist in the company, the quarterly business review (QBR) meetings for the company he works for. These meetings should overview the strategic and operational results of the company and correct the course of action, if needed.
- Based on metrics. Both the presumptions of the vCIO and the results of his work should be based on metrics and analytics. Any decision, advice or result should be backed up with data.
- vCIO communication skills. People who have worked in corporate IT know that, in many cases, it is extremely hard to persuade the management to budget for the needs of the company. The virtual CIO should have excellent interpersonal skills, and sufficient experience in business and technology to be able to negotiate the needs of the business, and budget the necessary changes.
- What the vCIO should not be. Some managed IT providers interpret the vCIO role as an insider with the power to upsell more services to the customer. Over time, this practice will become obvious to the client and the MSP will likely be fired.
Further reading The vCIO Process: What MSPs Should Know
DRaaS for Bigger Customers Done Right
Nowadays, managed IT providers tend to call just about any data recovery case a ”disaster recovery”, which, from the sales-pitching perspective, is a good thing. Indeed, if your MSP is capable of Disaster Recovery as a Service, the client will be impressed; but what do you really include in your DRaaS services?
At a higher level, disaster recovery means the ability to recover the company from just about any disaster and return its workloads to the production state fast. A disaster recovery plan, the cornerstone of any DRaaS offering, should include not only data recovery but also considerations of how to recover infrastructure, including hardware and networking, and even the exact plan of how to recover a company that has lost its on-premises facility entirely.
Developing more complex DR plans
The following is a list of the key characteristics of a proper disaster recovery proposition.
- Infrastructure audit and planning. First of all, you need to be able to plan the appropriate disaster recovery for the client. The plan is typically built around different disaster scenarios on the basis of how mission-critical the workload is. You should be able to perform risk assessment, understand any regulatory compliance your client might fall under, and create an achievable plan that will be budgeted for by your client's management. The main planning metrics are the recovery time and recovery point objectives -- RTO and RPO.
- Instant recovery and replication. Big companies know how much profit is lost during a server failure, so they are less tolerant of downtime. That means that you will need to come up with solutions that will ensure near-instant recovery or full-on replication of the critical workloads. These solutions are expensive and need constant maintenance and support.
- Support of an advanced environment. Your client might have a complex environment with different operating systems, virtual infrastructure, and complex networking. Your software and hardware stack should be advanced enough to be able to support the backup and recovery of all the possible structures.
- Disaster recovery testing. DRaaS is not a ”set it and forget it” service. You will need to schedule tests and report their results to the client's C-level, and update and enhance the disaster recovery plan according to the needs of the company and the novelties of the market. You will need a more flexible list of solutions in order to tailor them to customers’ unique needs -- customizable solutions in terms of regulatory requirements, compliance, risk assessment, etc.
- Strict SLA and 24/7 support. The recovery metrics should be added to your service level agreement, so the customer understands what level of support to expect. The other expected service in the case of a full-on disaster recovery service is 24/7 support coverage.
Big fish are always tastier prey for cybercriminals. At the same time, complex and interconnected infrastructure may have more security holes: unpatched systems, open RDP ports, and negligent employees. To top it off, there are different compliances that bigger customers might not necessarily fall under but, if they do, it becomes a serious game changer for the whole IT process.
You may provide the standard cybersecurity offering for bigger companies but, in order to create more interest, think of a managed security services pack.
A managed security services provider (MSSP) is a provider of complex security services, including:
- Identity and access management
- Security operations audit
- Penetration testing
- Vulnerability management
- Compliance management
- Endpoint security, malware protection, etc.
An MSP cannot simply ”add” security to their offering and call themselves an MSSP. Mastering security services typically takes decades, and such services should be provided by professionals. A single mistake may not only lead to the loss of the client but also land an inexperienced MSSP in court. Thus, if you want to add an MSSP offering to your stack, you should either have experienced staff aboard or think about partnering with already-established IT providers who are focused on security services.
Further reading MSSP Is a Hard Nut. Think About the Alliance
Conclusion: Managed IT for Bigger Clients
Above, we have highlighted the most popular and, at the same time, demanding services (from the MSP perspective) that your customers might need.
However, that does not mean that all big companies will need them. Sometimes a client that is significantly bigger than your typical one just needs IT support and maintenance. The most important and demanding part of the MSP job here would be onboarding, when all the client’s infrastructure should be revised, all services and software installed, updates done, etc. After that, you likely won’t experience anything that differs from your daily routine.
However, since bigger customers still mean bigger infrastructure, remember that you might need a dedicated on-site support staff member to maintain their infrastructure. If there are several sites, several staff members may be needed.
Another good idea would be to create a stock of the spare parts and peripherals most used by that customer, in order to be able to change the broken bits quickly.