We’ve created a comprehensive checklist of 13 essential questions that will help MSPs like you evaluate and strengthen the security of your clients’ IT documentation. Whether you’re looking to enhance your current security protocols or simply ensure that you’re covering all your bases, these questions will guide you to facilitate a more secure and resilient IT environment for your clients.

Why secure IT documentation matters

As an MSP, you’re entrusted with your clients’ sensitive data. Ensuring that the IT documentation is secure is fundamental to protecting this trust. A breach not only jeopardizes your clients’ information but also your reputation. Here’s a closer look at the key areas you should evaluate:

1. Is your clients’ documentation access protected by firewalls, MFA or SSO?

Access control is your first line of defense. If the IT documentation isn’t shielded by robust security measures, like firewalls, multifactor authentication (MFA) or single sign-on (SSO), you’re leaving a door wide open for potential threats. These security measures ensure that only authorized users can access the sensitive information, significantly reducing the risk of unauthorized breaches.

2. Do you have access to a backup of your IT documentation?

In case of a disaster or emergency that renders you unable to access your IT documentation solution, you need to ensure you have this information accessible elsewhere by exporting an all-encompassing backup for later access. Without a secure backup, retrieving lost or compromised data can be impossible. To ensure your clients’ businesses can continue operating smoothly, make sure the assets, passwords and knowledge you manage are still accessible in emergencies.

3. Is your documentation tool SOC 2 Type II certified?

SOC 2 Type II certification isn’t just a badge — it’s a rigorous standard that ensures your documentation tool meets high-security criteria. If your tool is certified, you can rest easy knowing it has been thoroughly vetted for data protection, giving both you and your clients peace of mind.

4. Can you control who has access to the documentation?

Not everyone needs access to all the documentation. Role-based access control lets you restrict who can view or modify specific information. This capability is crucial in minimizing insider threats and ensuring that only those who need access to certain data have it, helping to protect your clients’ most sensitive assets.

5. Are you able to block unauthorized IP addresses?

IP whitelisting is a powerful tool to block unauthorized access from external networks. By allowing only pre-approved IP addresses to access the documentation, you add a significant layer of security, keeping intruders at bay and ensuring that only trusted networks can interact with your clients’ data.

6. Does your documentation tool offer host-proof hosting?

Host-proof hosting is all about keeping the data encrypted and secure — even from the hosting provider. This feature ensures that the documentation remains inaccessible to anyone without the proper decryption keys, adding an extra shield against unauthorized access.

7. Are audit trails and activity logs enabled for documentation changes?

Keeping track of every change made to the documentation is vital for security and accountability. Audit trails and activity logs allow you to monitor who did what and when, helping you spot suspicious activity early and take corrective action before it’s too late.

8. Does your documentation platform support one-time password (OTP) generation?

An OTP generator adds an additional security layer by requiring a unique, time-sensitive password for accessing sensitive data. This makes unauthorized access even more difficult, as passwords are constantly changing, reducing the risk of breaches.

9. Can you set and enforce a password policy across all organizations?

It’s critical to have the ability to determine the type of password (complex or passphrase) and its strength, for instance, based on parameters such as length or symbols required. This will ensure every new password created is secure and follows a familiar structure. The goal is to give you more control and flexibility in creating and enforcing strong passwords that meet the highest security standards and align with your clients’ organizational policies and requirements.

10. Can you automatically rotate passwords or do it on-demand?

Password rotation is a crucial security measure, with outdated passwords posing a major security risk. However, MSPs must manage multiple clients and dozens of passwords at a time, making manual updating a very tedious and time-consuming endeavor. That’s where automated password rotation can be a game changer, ensuring passwords stay fresh and updated regularly without wasting valuable resources and time.

11. Can you safely store personal and team-shared passwords in a single secure tool?

Managing passwords can be a headache, especially when juggling both personal and team-shared credentials of multiple clients. A centralized, secure storage tool simplifies this process, allowing you to keep all passwords safe and accessible, without sacrificing security.

12. Can you securely access IT information on the go via a mobile app?

In today’s mobile world, being able to access sensitive IT information on the go is essential. However, it’s equally important that this access is secure. A mobile app that prioritizes security lets you manage the documentation from anywhere, without compromising on protection.

13. Can you access essential passwords during a disaster?

Disasters strike when you least expect them. Ensure you have access to mission-critical passwords even during emergency and unforeseen situations. This capability is crucial for maintaining operations during emergencies, ensuring that your business can continue to serve your clients without interruption.

Revolutionize your clients’ IT documentation management with IT Glue

It’s evident that strong security measures are critical for securing your clients’ sensitive information — and that’s where IT Glue excels. IT Glue is a SOC 2 Type II-compliant IT documentation management platform that consolidates all mission-critical IT information in one pane, providing easy access to information like assets, passwords, users and SOPs. Powered by its AI engine, Cooper Copilot, IT Glue not only tackles the security challenges highlighted but also delivers advanced features that elevate your clients’ IT documentation to the next level.

• Enterprise-grade security: IT Glue provides top-tier security with MFA and SSO capabilities, ensuring only authorized users access sensitive data.
• SOC 2 Type II certified: Our SOC 2 Type II certification guarantees that IT Glue meets rigorous security and privacy standards, protecting your clients’ documentation and giving you peace of mind.
• Role-based access control: With IT Glue, you can precisely manage who accesses the documentation, reducing the risk of unauthorized access with role-based permissions.
• IP access control: It adds an extra layer of security to your valuable data by allowing you to limit IT Glue access to a specified list of IP addresses or a range of IP addresses.
• Detailed audit trails: IT Glue’s audit trails and activity logs give you full visibility into every change made, helping you quickly identify any suspicious activity.
• Secure mobile access: Access the documentation securely from anywhere with IT Glue’s mobile app, providing flexibility without compromising security.
• Automated backup and recovery: With automated account backup, you will always have access to up-to-date IT Glue data all the time. In an emergency, you can easily download the backup of your entire IT Glue account.
• Efficient password management: Manage personal and team-shared passwords securely with IT Glue’s comprehensive password management portfolio that includes features like password policy enforcement, one-time passwords and automated password rotation.

Ready to see IT Glue’s powerful documentation in action? Get a demo now.

The post 13-Point Checklist for MSPs to Secure IT Documentation appeared first on IT Glue.

To understand those trends, however, you still want to get a large enough sample size of experts, diversify the opinions a bit, and that’s precisely what we did. We asked ten different industry influencers what they think about four critical issues in the MSP space. This week, we’re talking about the general industry outlook.

The Good News

Here’s the good news – everybody is positive. As Kaseya CEO Fred Voccola points out “The COVID-19 pandemic showed small and medium sized businesses just how indispensable technology is to operate their businesses safely and effectively. It became clear that technology not only helps SMBs fight the economic challenges they face today, but that it is also their best weapon against a recession.

Gary Pica, President of TruMethods, points out that even though the overall economy is likely to continue to struggle, “SMB technology spending will continue to increase. This means that MSPs will have a growing addressable market.”

So that’s the good news – even with so much unsettled regarding next year, you’re in the right business. And here’s why that matters.

A lot of businesses are growing

First, several industries are poised to do very well coming out of the recession. Nigel Moore of Tech Tribe calls out “pharma, education, health and e-commerce in particular. Paul Dippell, CEO of Service Leadership, notes that managed services can thrive in recessions because “smart businesses realize they should focus on their core expertise and not try to run their own IT in a challenging economy.” And MSP marketing expert Erick Simpson also points out that “once vaccines have been deployed and businesses return to a sense of normalcy; possibly by Q3, we should see projects that had been placed on hold begin to gain approval to commence or continue.”

Which MSPs will gain the most?

Our panel was universally bullish on the MSP space, and each member of the panel provided a strong case as to why.  In addition to the reasons above, a couple of our panel pointed out that less mature MSPs probably dropped the ball in 2020 and are going to shed customers as a result, with more mature MSPs set to pick up those gains. Those less mature MSPs could struggle, Todd Kane of Evolved Management argues, and M&A activity will accelerate as “less stable MSPs look to be acquired by stronger operators in the market.”

What this says is that while the outlook is positive for the industry as a whole, the gains are probably going to be concentrated among the MSPs that are the most mature, and the most competitive in their markets.

Next week, we’ll take a look at what our influencers think about how the pandemic has altered the MSP marketplace, a rather salient question since it looks like a lot of those changes are going to be baked into the way things are done going forward.

To get a little more perspective as to where we’ve come from, we invite you to download the 2020 IT Glue Global MSP Benchmark Report.

Download The Report Here

The post What’s Your General Outlook for the MSP Industry in 2021? appeared first on IT Glue.

Business Health

Revenue Sources Breakdown

You’re probably already looking at big metrics such as your bottom line and EBITDA margin, but what could a more granular metric uncover? Looking at each revenue source in relation to the whole presents a stark look at which of your services make substantial contributions to your total gross revenue. What’s your bread and butter? Consider which are the most consistent and the most lucrative.

Gross Profit Margin Per Revenue Source and Service

Does a revenue source entail disproportionate expenses? Are the expenses worth the revenue that’s brought in? Are there opportunities to optimize the labour and expenses that go into providing a service? Monitoring profit margins across services is essential to determine this.

Monthly Recurring Revenue Metrics

Monthly Recurring Revenue is, of course, a great metric to keep an eye on, but if you take a look at what creates the fluctuations month-to-month there are insights to be uncovered. This includes explanations for new MRR  (client acquisition, service expansion, upgrades etc.), and lost MRR (client churn, service reductions, downgrades etc.).

Customer Contribution/ Client Concentration

No one client is alike. Some are more valuable than others, and some are more trouble than others. Looking at each client’s revenue contribution as a ratio, sheds light on which clients are more or less valuable to your business.

Labor Loaded Gross Margin

Similar to Client Concentration, Labor Loaded Gross Margin highlights which clients are more valuable to your business, but adds another layer of insight. Instead of looking at gross revenue, this metric takes into account the total labor and total direct hard costs allocated to a specific client. By looking at the profit margin, you identify which clients demand disproportionate amounts of your attention and resources.

Effective Hourly Rate

Time is money, and if a client is demanding the attention of your technicians to a degree that exceeds the value of the revenue they’re bringing in, it’s time to establish a boundary. Calculating this metric requires a bit of leg work since it means tracking the total hours worked servicing a specific client, but it will be worth it. Having an accurate number on this will also help justify to a client any increases to your monthly fee.

Service Quality

Client Churn Rate

The logic is simple. If your service quality isn’t up to par, clients will look for something better. While churn is inevitable, sudden spikes or a consistent decrease can indicate whether your suite of services and delivery of service needs to be improved, or if they’re working for you.

Average Response Time

Technology has trained us to expect instant gratification, and this standard of immediateness bleeds into expectations for your MSPs IT services. An out of control Average Response Time can indicate poor management of your ticket queue, that unusually complex and demanding requests are being made by end-users, that your service desk and technicians aren’t efficiently handling tickets, or that it’s time to hire more staff.

Human Resources

Employee Churn Rate

Your people are your best asset. If turnover is high, you’re doing something wrong. Exit interviews are a good method for determining where your MSP can improve to retain your best talent.

Top Ticket Closers of the Week

A little competition never hurt anyone. The gamification of ticket closing can increase efficiency and the quality of service provided to clients. Be sure to account for tickets that are more challenging and time consuming, though.

Marketing and Investment

Conversion Rate

Is your inbound marketing strategy working for you? Conversion Rate is an essential metric to determine whether the channels you’re using, the messaging you’re putting out there, and the incentives offered are resulting in new client acquisition. Focus your dollars where the returns are, and don’t be afraid to test out a new strategy. Calculating leads is all well and good, but a lead doesn’t mean you’re seeing an increase in positive cashflow.

Return on Investment

This metric is a staple. With any investment, whether it’s a new software, fresh new web development for your online branding, or your marketing spend, you should be seeing a return.

At the end of the day, there are a ton of metrics to choose from, each useful in their own right. The bottom line is that a metric is only as good as the relevance to your business. They’re meant to create sightlines on your business blind spots, and help measure the success of a new strategy. Making changes within your MSP is all well and good, but if you’re only using qualitative, unstandardized methods for evaluating whether they made an impact, it’s a disservice to yourself. You only have a finite amount of resources, so you need to allocate these to where they’ll generate the biggest return. Using the right metrics will help. IT Glue is the world’s best documentation platform that not only saves your business time so it can be allocated to revenue-driving activities, but also helps you document all the data you need to track metrics.

IT Glue’s award-winning documentation platform allows for efficient storage and retrieval of all the documentation a managed service provider needs to increase efficiency and streamline operations. Watch a demo today!

Yes, sign me up for a demo!

The post Top Metrics for MSPs in 2020 appeared first on IT Glue.

The challenge, of course, is revealed when you consider the customer’s evaluation process. There is no room for error in cybersecurity, and a significant level of trust is placed in the service provider. As you likely know, trust is built up over time, and for an MSSP, this is established through your maturity and track record as a security services provider. This is where certifications prove their value. They not only build out your expertise and abilities, but also demonstrate to the customer that you have the expertise.

If you’re establishing cybersecurity measures for a client, you need to ensure your house is order. Experiencing a cyber breach yourself is not a good look if you’re promoting yourself as an MSSP. There are two primary gold standard certifications for having your security standards vetted. SOC2 and ISO 27001 are third-party certifications that are a key indicator of your maturity and the security standards to which you hold your business. Unfortunately, these certifications are likely unreasonable for a modestly sized MSSP to pursue. There are stringent requirements for demonstrating you meet the established standard of security, and a significant financial investment that covers the cost of third-party accreditation.

Then what certification are attainable and worth the effort?

Some countries are more advanced with regard to setting up a framework and resources for cybersecurity. For example in the UK the National Cyber Security Centre has established a web portal called Cyber Essentials that functions as a centralized hub for advice, certification options, and for determining if an organization you’re working with is certified under their framework. If you operate in a region that’s slightly further behind the UK, there are globally-recognized certifications that you may want to consider for yourself and your workforce.

Certified Information Systems Security Professional (CISSP)

This certification is offered by (ISC)2 and the comprehensive training covers vital areas of knowledge such as security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. This certification covers a lot of ground and consequently doesn’t provide the depth of knowledge that might be desired. That said, it’s a starting point, and a certification that’s recognized and perhaps necessary.

GIAC Certified Incident Handler (GCIH)

This certification goes deeper into the weeds but still, on the spectrum of technicality, is relatively base level. In broad terms, content pertains to incident handling and computer crime investigation, computer and network hacker exploits, and hacker tools (Nmap, Nessus, Metasploit and Netcat). Examinations are only available to those in the US and Canada.

There are a slew of other certifications that you can secure. To name a few:

Certified Information Security Manager (CISM) 

CompTIA Security+

Certified Information Systems Auditor (CISA)

Certified Ethical Hacker (CEH)

SANS GIAC Security Essentials (GSEC)

Offensive Security Certified Professional (OSCP)

Whether these certifications make sense for you and your organization is for you to decide. What certifications are valued in the region where you operate? What specific cybersecurity services are you going to offer? What cybersecurity measures does your existing client base need? Are your competitors marketing their security credentials or not? These are the questions you need to consider.

No matter if you’re considering whether to pursue the MSSP opportunity or not, IT Glue’s award-winning documentation platform will be there to support you. Our platform allows for the efficient storage and retrieval of all the documentation you need to help managed service providers increase efficiency. Watch a demo today!

Yes, sign me up for a demo!

The post Do You Need a Certification to be an MSSP? appeared first on IT Glue.

So how do you get your techs to not only start documenting but do it consistently? Here are 4 steps.

1) Show value

Start with the basics. It’s difficult to love something when you’ve not yet seen the value in it. Start by highlighting what documentation can do for your techs once they start making it an integral part of their job. A perfect way to do this is by addressing their pain points, and showcasing how documentation will solve each of them.

Are your techs spending too much time searching for the information they need to solve a ticket? When it’s documented in one central and secure location, they’ll save time on each and every ticket, benefiting not only them but their clients too.

Are they having to re-ask clients for information, or search through endless emails just to find something that should have been documented? One of the biggest problems facing MSPs is a lack of time. But through documentation, your techs can avoid tedious and unnecessary tasks like searching for information, and focus on other projects.

Are they struggling to onboard customers fast enough? Remind them that documentation is the tool they need to speed up their processes, and ultimately help scale the business.

2) Leaders, lead

Lead by example. You know the phrase, but are you practising it? Your techs aren’t going to get on board with documentation if you’re not on board as well. Besides, once you’re documenting consistently, you’ll be able to demonstrate all of the benefits you’ve encountered.

Go one step further, and become a documentation evangelist. Down the line you can encourage your techs to become one as well, but to start, they’re going to need you to be the one to preach the gospel of documentation.

3) Make it fun

Documentation, fun? It sure can be. One option here is to leverage gamification. Make a game out of getting your techs to document and include rewards as they continue to produce valuable documentation. In IT Glue we have an Engagement feature that helps you do exactly that, alongside an integration with CrewHu, an employee recognition software.

The options are truly endless here, so get creative. One of our partners was struggling to get their techs to document, and upon purchasing IT Glue, decided that the best solution would be to set aside an afternoon, order pizza for the team, and get them to start documenting. It worked.

4) Bake documentation into the culture

To truly master documentation, it needs to be baked into the organizational culture. This means it can’t be optional. Each and every tech regardless of their position needs to be responsible and accountable for documenting. We’d even go as far to say it needs to be written in job descriptions.

Documentation should be so ingrained in your culture that when your techs are searching for client data, SOPs, or any information at all, they should be thinking first and foremost: check the documentation. Or as our partners like to say it, “Find it in IT Glue.”

We get it, documentation can feel daunting when your techs are just starting out. But follow these 4 steps, and they’ll love documentation almost as much as we do.

To find out how IT Glue can help get your team leveraging the full power of documentation, sign up for a demo today.

Get in Touch!

IT Glue is a documentation platform that helps you to streamline your processes, record and organize information, and reduce the amount of time your techs waste looking for information. IT Glue’s partners report efficiency gains almost immediately after launching the platform. Watch the demo to find out more.

The post 4 Steps to Get Your Techs Documenting appeared first on IT Glue.