At times, it is easy to forget what the actuality of being an MSP is. The provision of one or more services as described in the contract is apparent – and this should be conducted in a way that makes the ‘dirty’ work behind the scenes invisible to users.
However, that ‘managed’ aspect of the MSP should not be so hidden as it is an essential aspect of the service.
To a customer, there is a lot of value in knowing how things are managed. Not at a highly technical and detailed level, but enough to understand that they are not only saving money by not having to do it themselves but also that they remain ahead of the curve when it comes to the need to manage resources and security.
At the resources level, this includes being able to report on how an MSP flexes resources to meet the customer’s demand. How quickly this is carried out shows how reactive an MSP is in responding to the customer’s needs. Being able to do this while remaining within the customer’s agreed contractual levels shows how such flexing does not cost the customer anything extra.
However, providing reports on customer resource usage that show how their resource usage is creeping upward can also ensure that the customer is not caught off guard when an MSP has to renegotiate the contract with them and move them up a level due to excess resource usage. Such reports can also help work with the customer to bring resource usage levels back within limits. This ensures that extra costs are not involved, for example, by removing ‘zombie’ (unused) accounts or identifying high resource usage workloads that may not be optimized.
Where the value of the ‘M’ comes into play
When it comes to security, this is where reporting can come into its own in helping the customer truly understand how the ‘M’ in MSP is so valuable to them.
Reports around security, by their very nature, will be more technical than ones around resource usage and other areas. Still, they can be easily bucketed to provide headline reporting suitable for business managers to understand.
Examples here would be reporting on the number of viruses identified and stopped, the number of emails classified positively as containing malicious payloads or phishing links, the number of DDoS attacks identified and mitigated, and the number of malicious intrusion attempts identified and blocked.
Behind these headlines, greater detail can be provided to the customer. Here, breaking down, e.g., viruses into existing, known, and zero-day ones, can show how well an MSP’s heuristic defenses are working. DDoS attacks can be broken down into targeted and general attacks, with targeted ones being more defined in the details provided, such as any known source IP addresses, regional point of initiation, etc. This then starts to move reporting from just a static report into both an advisory and a means for the customer to conduct forensic work if required. Where there is a required forensic investigation, the MSP then has a starting point but can also drill further down across its total platform as required to identify any other similar instances. Indeed, MSPs must not forget that they have a massive amount of available data that can be accessed anonymously – something that any single customer, whether working across their platform or using an MSP, cannot do.
Reporting drives optimization
This can be taken further. Reporting on workflows and usage can help to identify areas where the customer – with the MSP’s help – can begin to optimize how it carries out its business. Areas of low productivity and poor business outcomes can be easier to identify when the facts are laid out in a simple and easy-to-understand manner.
For the MSP, reporting can also help identify where a customer may require additional services. These may be in place of existing services or in addition to them. Either way, acting on the reported data in conjunction with the customer creates a much better relationship, making the customer-MSP bond stronger and more challenging to break when contract review comes around.
I would advise that MSPs look at two types of reports: historical and real-time. Real-time is more useful to the IT function within the customer where actual happenings are of interest. To the lines of business, such reports have less interest and value. Instead, more static reports covering a period of time, such as weekly, monthly, and quarterly, allow the reader to gain a better understanding of trends to act upon.
Dynamic, real-time reports should be provided via online portals, preferably with the capability for the user to define timescales, parameters, and depth of detail as they need. Static reports should be provided in electronic pdf format, with links connecting to more dynamic, in-depth environments for readers that require more depth.
Overall, MSPs should attempt to leverage what they are already doing and monetize it. Reporting runs through the veins of an MSP: it is a basic requirement generally carried out in depth. To only use this internally without making the customer aware of the breadth and depth of work being carried out on their behalf is crazy. If nothing else, allowing the customer to see greater detail makes them better understand what you do for them. When well leveraged by the MSP, it can turn into a valuable tool to increase revenues and create a consultancy-style relationship with the customer – rather than a basic supplier-customer one.
Photo: Gorodenkoff / Shutterstock
