What's Going On at CompTIA Now?

In March on this blog, I asked, "What's Going On at CompTIA?" I ended by saying, "I'm hoping some of the heroes who serve on the board will reply to this and tell me just how wrong I am."

To his credit, CompTIA Chief Community Officer M.J. Shoer did take the time to reach out to me and we discussed my concerns at length. He pointed out that the results of one of CompTIA's recent surveys found that 85 percent of its members refer to themselves as an "MSP."

To which I asked, "How many of them are lying?"

It wasn't an idle question. I think many of you will agree that there are many former resellers now calling themselves "MSP" without doing anything to transform their business. In fact, they may currently represent the majority of companies calling themselves "MSP." This gives rise to federal agencies and major news outlets warning people to steer clear of anyone calling themselves an "MSP." Not good.

All Heck Breaks Loose
Several years ago, I privately commented to a friend that CompTIA's training and certification business was so successful that it would have to be sold off as a for-profit entity someday.

I didn't foresee that last month's sale of CompTIA's brand and services to Thoma Bravo would result in the creation of an enormous endowment that would fund the operation of the member association side of the organization basically forever. That could be a great outcome, or it could not.

Nor did I foresee that such a sale would raise such a furor. I suspect the ruckus was driven by the quality of the initial announcements, which left plenty of room for speculation and imagination.

What's Next?
There have already been several articles asking who should be the next leader of the new (as yet not renamed) association formerly known as CompTIA. I won't wander into that fray, but I do have some thoughts on what is needed more than who.

First, shedding CompTIA is a good thing for a premier channel association. Our channel is not simply about "computers" anymore and we are quickly morphing from being an "industry" to being a profession -- at least, those who really invested in truly becoming MSPs are. The renamed resellers are just squalling.

In his explanation of the announcement, Shoer pointed out that what is left will be the "trade association" of the computer industry. This is where we diverge. The truly professional service providers I know in this industry are not concerned with "trade." They're concerned with providing excellent services in return for a reasonable fee. What is left of the association formerly known as CompTIA still seems fixated on the products that our professionals integrate into the solutions they provide to customers.

It's like saying that the medical industry consists of doctors who sell pharmaceuticals and prosthetics. They certainly use those items in their practices, but they're not the point. The services are.

Right now, MSP "organizations" are springing up like weeds all over social media, and the fact that our community members are banding together bodes well for everyone. But armed with this wonderful endowment, what was CompTIA should now become the premier professional association for IT practitioners who want to partner together on projects, learn from each other, and grow a powerful profession from our channel.

The new leader of that organization should be someone who knows IT services, perhaps someone who has already built one or more IT service practices successfully in the past. Someone who appreciates the challenges MSPs face, having faced them him or herself.

For my part, I hope it is someone who truly understands and appreciates the sacred heart of partnering. The best success strategy for IT service providers going forward will be to specialize, to focus on one thing they do really well and partner for the rest. We've seen it work in medicine. It will work for our profession, as well.

Witness the Success of Women in Tech
For insight into where the association formerly known as CompTIA should go, we need only to look at the dozens of large organizations that serve the needs of women in technology. Some have tens of thousands of members. Even the smaller ones enjoy the love and loyalty of their members for the value they convey.

I have spent considerable time and effort encouraging the leaders of many of the Women in Technology groups to band together to increase their overall membership numbers so they can speak with an even louder voice. I must report that I have been, so far, quite unsuccessful. My impression, though there is no testosterone involved, is that leadership competitiveness in young organizations has prevented that amalgamation from occurring as yet. I strongly believe that ultimately it will.

Whoever is leading the charge to identify new leadership and create new structure for the newly independent organization should consult with these brilliant leaders and involve them in the selection process. Our profession needs as much leadership as it can find to take it through the intensive growth motions we must perform, like increased education, accreditation, professional licensing and more.

It could end up that the acquisition endowed more than just a fund. It could endow a thriving new profession.

Posted by Howard M. Cohen on December 19, 20240 comments


It's Time for a Better Way To Do P2P

Those who believe that the goal of every MSP is to become an MSSP are completely missing the mark. Those who believe partners are not to be trusted do not know how to partner properly. And those who believe they need to be all things to all people are out of their minds, and doomed to failure.

Partner-to-partner (P2P) partnering has been a major element of the Microsoft partner ecosystem since time immemorial. In 2009, Microsoft all but forced partners to declare their specialties or hire a whole lot more people to continue to qualify for more of them. Partners saw the sense in partnering with other teams whose expertise was not the same as their own.

Several years ago, the demand for data and network security services became undeniably clear. Soon, some MSPs began to refer to themselves as MSSPs, managed security service providers. Industry publications seized upon this and began delivering publications specifically devoted to MSSPs.

As with so many things in the channel, MSSP became the latest rage. Everybody wanted to become an MSSP. Well, not everyone. There were many MSPs who had long ago specialized on what they did best, and were uninterested in distracting themselves from that.

Some providers of security products observed this and offered a better solution: Encouraging their MSP partners to partner more enthusiastically with MSSPs who had proven their expertise in the security space. This is great advice. While it seems attractive to "go with the flow" and dive headlong into the security space, it may not fit your existing business model. It may distract you from the investments you need to make to grow your business. On the other hand, a well-evaluated, trustworthy partner can deliver services while you enjoy a slightly diminished profit margin that's offset by the absence of additional costs.

This same logic can be applied to any technology service you don't provide. There are recognized channel experts in storage, servers, datacenter management, ERP and other major software, and any other discipline you can think of. Joining the many associations that serve our community may help you find excellent partners. Also, many consultants are presenting themselves as "partnering experts" or coaches. Check them out.

The New Vendor-Partner Challenge
If you're reading this column, you are likely a partner that has bet the ranch on Microsoft. With other vendors, though, certainty has become elusive.

In the past, you partnered with a vendor because you were confident you could sell a large quantity of their products. You took their training, earned their certifications, and if indeed you did sell large quantities, they showered attention upon you.

As margins evaporated due to competitive discounting, you shifted toward dependence on your own services to generate your profits. In some cases, you outsourced product procurement, preferring to not extend credit to customers or encumber credit from suppliers, and you realized that any slight profit that might remain would be consumed by operating and logistic costs. As your volume of sales disappeared, so did many of your vendor reps who now needed to focus on those few resellers who were still actively and proactively pushing their products out to customers.

Today, when you look at a potential vendor-partner, you no longer look to them to produce any margin for you. That's become a fantasy. So, what do you look for?

Look for vendor-partners who recognize the value you bring in pulling sales of their products through with the projects and programs customers engage you for. This is not new. Way back, many vendors paid "influencer rewards" to the partner who actually sold the project, even if the customer bought the product elsewhere. Now, their buying elsewhere is a given, so you want vendor-partners who recognize and appreciate you as the driver of projects that pull through their products.

Hint: I sold my first Microsoft product in 1981. They have always focused on partners whose services and expertise pull sales through. That's one of the reasons you partner with them so enthusiastically. There are others.

Posted by Howard M. Cohen on September 25, 20240 comments


Welcome To the Post-Verticalization Era for Partners

The recent CrowdStrike/Microsoft outage raises an issue that all technology service providers should consider carefully: Are we doing enough for our clients?

Blend into that thought the dark, underlying vulnerability lurking beneath the wave of AI: the issue of copyright infringement.

As technology continues to become an even greater proportion of how we all go to business, it will invariably also become a larger component of our legal exposure. The question we must ask ourselves is what role we play in this development and its consequences.

You Can't Be All Things to All People
The age of the generalist MSP is fading fast. It's simply too difficult and too costly to maintain technical supremacy in too many disciplines. As with medicine, the "primary care physicians" are being outnumbered by all manner of specialists. Storage specialists, server specialists, network specialists, DevOps, agile and other methodologies.

Back in 2009, Microsoft made a bold statement when it introduced the "exclusivity rule" in the then-new Microsoft Partner Network (MPN). Previously, a Microsoft partner could have the same four people take all the tests for as many competencies as it wanted. In the MPN era, however, to achieve a Gold competency, four unique individuals must take and pass the required tests. Those four cannot be used to qualify for any other competencies. Back then, I was working in a company of 17 people, and we held all 30 competencies. To continue that in the MPN, we would need 120 employees.

The most important impact of this was it forced us to partner with other Microsoft partners to deliver larger projects requiring multiple competencies. The end result? You couldn't be all things to all people, but you could provide all things through partnering.

Now You Need to Provide More
When I launched my first Substack, I titled it, "The Business Technologist's Journal." I have long seen the role that partners play evolving into the "business technologist," the person who applies IT products, services and techniques to solve business challenges. I truly feel this title best describes the role we play.

Here in "The Evolving MSP" (and its predecessor, "The Changing Channel"), we have long discussed the "technology" dimension of that role. Now, however, I believe the next evolution we must go through exists far more on the "business" side.

Anyone who has pursued any vertical market will find what I'm saying here familiar and resonant. Vertical market success requires more than just technological acumen; it requires a deeper understanding and appreciation of the business and operation requirements of that vertical. If you're selling into healthcare, you must know what healthcare organizations are facing in their business. You must be able to appreciate and discuss the operational requirements in a hospital or other medical practice. Same with legal, financial or any other vertical market you choose.

Now, with technology playing a more pronounced role, service providers are realizing they need to be able to provide valid legal advice to their clients regarding the consequences of an outage such as that caused by CrowdStrike, as well as the legal ramifications of building large language models (LLMs) that include potentially copyrighted materials.

It's most important to remember that you are not a lawyer (unless you are). Fortunately, you are well-versed in proactive partnering, which should make it easier for you to research, vet and form a partnership with a well-qualified licensed attorney who can provide legal advice to your clients. It is likely you have already founded such a relationship with accountants and other professionals to whom you refer your clients when necessary.

Basically, you must now expand your project management function to include more disciplines, some beyond technology, to fully serve your clients.

The New P2P
Microsoft partners are very familiar with the acronym "P2P," which promotes very active "partner-to-partner" partnering.

To fully serve today's client, we must now change that acronym to mean "professional-to-professional" partnering. Beyond the ability to more fully serve clients, this strategy brings additional potential.

In the past, some chapters of the International Association of Microsoft Channel Partners (IAMCP) created small partner groups. One chapter called them the "Fantastic Fives." These groups contained members holding various different and complementary competencies. Beyond partnering on projects, these groups went to market together, sharing customers with each other and helping grow each other's businesses.

Such a group today, in the age of "professional-to-professional" partnering, might include you and your technology expertise, a law firm, an accounting firm, an engineering firm, an architectural firm and perhaps even a marketing firm, all working together to share opportunities, share clients and grow each other's businesses even further.

Evolving
This next stage of evolution will find you developing a greater ability to provide a full spectrum of business services. While you remain focused on applying technologies to customers' operational and other challenges, your community of colleagues will be available for you to refer in as needed. More and more, you will be seen on par with these professionals.

As your breadth expands, you may want to invest some time considering how you regard your own practice, and how you refer to it. More and more of us are shifting from MSP, which becomes more limiting, to a more specific acronym, or even the much broader, more generic "information technology service provider" (ITSP).

More important than what you call yourself is how you think about yourself and your practice. Professional is as professional does. Look at your own processes, especially client-facing ones. Do you consider them to be as professional as you want people to see them as?

Please also consider responding to this article and share with everyone what you think makes you a professional. Not only are we evolving, but our entire industry is.

Posted by Howard M. Cohen on August 27, 20240 comments


Coping with Copilot

Earlier today, I received an e-mail from Microsoft Copilot. What grabbed me about the e-mail was not who it was from, but its subject line: "Built to do the impossible." When I opened the e-mail, the headline that jumped out at me was similarly bold: "A new AI era begins."

Wanting to learn more, I started surveying everything Microsoft has put online recently about Copilot. I was intrigued to find still more audacious claims, including:

  • "A new era of innovation!"
  • "A whole new way of working!"
  • "It will unleash creativity, unlock productivity, and uplevel skills."
  • "70% of people would delegate as much as possible to AI to lessen their workloads!"

Are your expectations set high enough yet?

The Promises Stage
Those of us who have been around long enough remember earlier Microsoft "big bets" -- Azure, Lync, SharePoint, BPOS, Dynamics and even "The Cloud" -- know that, eventually, Microsoft will spend enough to make sure that this particular bet lands well. We are now at what I like to refer to as "the promises stage." Microsoft is promising the sun, the moon and the stars -- and many, many others are joining in the chorus.

When you read more closely, it seems like the primary applications for Copilot are "search on steroids," plagiarism, e-mails written for you, and photos of you that are so nicely enhanced you might consider posting them on dating sites. You can also create illustrations of wild imaginings, or frighteningly real "deep fakes" showing people doing things they would never actually do.

Making matters worse, Microsoft finds itself besieged by an enormous early adopter user base that just wants more and more. Mobile phones took 16 years from introduction to get to 100 million users, plenty of time to figure out how best to use these new devices. The Internet took only seven years (thought exactly when the clock for this particular technology started is debatable), Facebook 4.5 years and generative AI...three months.

Three months, barely the blink of an eye in tech terms. People had plenty of time to figure out all those other advances, but for generative AI, they just went straight to liftoff.

What the World Needs Now: Practicality
The fact is that we in the channel all learned long ago what is required for the successful launch of any new technology: practical applications. What will the new thing do for us? How do we wrest value out of it? How will it improve our user experience, our employee experience, our customer experience?

The first thing I think the world needs to do right now is to chill out. Everybody from Bill Gates to Elon Musk to my barber is talking about how AI will eventually become superintelligent, and then it's, "Watch out, human race."

My response is really simple, and something we all learned long ago. Computers can do many things, but one thing they cannot do is generate a truly random number. By extension, it seems to me they won't be capable of random thoughts, either, or anything resembling true creativity that isn't sourced from something somebody else did that resembles what they've been asked to do. For AI, everything truly is derivative.

The other really great news is that there are some deep-thinking people out there who are actually producing valuable, practical applications for generative AI. Last summer, we presented a case study here in The Evolving MSP about CrushBank and how it leveraged its own 40 years in the IT channel, combined it with its extensive study of generative AI and IBM watsonx, and produced a technical assistant that could reduce the time it takes to resolve an IT problem by rapidly finding documentation, instructions and whatever else a tech needed to effect repairs. The company also devised a virtual help desk agent that answers user calls and provides useful advice. Practical on all fronts!

Educators are finding wonderful ways to apply generative AI to curriculum and materials development, lesson planning and even interactive activities. Doctors are receiving help from robotic assistants that can quickly retrieve patient details, display previous scans and more. Even the folks in sales and marketing are saving time and accelerating sales using recommender engines that compare their company's social media-augmented database of insights and information about their customers with a highly detailed database of all their product and services offerings. The AI figures out which products or services would be most desirable to each customer and sends them the appropriate marketing material. It then informs the appropriate salesperson for each customer about what was sent, enabling them to quickly follow up.

Of Adoption and Acceptance
Every software development project is best measured by its rate and degree of adoption. Three months to 100 million users is a definite vote in favor of the "success" of AI. By engaging in such massive, overt hyperbole, Microsoft is challenging its own customers to take it seriously in its approach to Copilot. It would be all too easy for this "big bet" to fall flat on its face, which could indeed be an existential event.

For comfort, let's close with the wisdom of Geoffrey Hinton, the "godfather of AI," who said, "In science, you can say things that seem crazy, but in the long run, they can turn out to be right. We can get really good evidence, and in the end, the community will come around."

(It's worth noting, though, that Hinton also quoted the Rev. Martin Luther King Jr., who said, "Our scientific power has outrun our spiritual power. We have guided missiles and misguided men.")

Posted by Howard M. Cohen on June 20, 20240 comments


The Evolution of Channel Citizenship

Regular readers may remember that this column was called "The Changing Channel" until 2017 when it became apparent, at least to me, that the channel had changed, and many things would need to be redefined as the new generation of managed service providers (MSP) began to evolve.

One of those changes was in how MSPs would need to market themselves and their practices similarly to other professionals -- lawyers, accountants, architects, etc. After all, their businesses are now all about marketing and selling their own services to their customers rather than leading with the products as they had when they were resellers. Postcards, posts, fax blasts and highly-designed e-mails were all becoming things of the past. Networking, professional referrals, speaking engagements and other professional promotion processes will prevail.

The Role of Channel Citizens
For the 40-plus years that I've been a proud citizen of the channel, I've observed that everyone who operates or works at a channel company has chosen a specific level of participation -- i.e., the degree of citizenship they are comfortable with. At one end of the spectrum are those who don't pay any attention to the existence of any "channel." They run their business in isolation and fend for themselves. At the other end are those who show up at every industry show and post endlessly on social media.

I have also proudly served on the boards and steering committees of many of the associations that serve our community. Given the impossibility of mentioning all of them, I will mention none of them here. Suffice it to say, with full transparency, that I respect all of them for their desire to be of service to their communities.

This particular post is primarily addressed to those who may not have yet experienced the value of being a participating citizen of the channel. It's about what there is to gain by giving of yourself to your community and being a truly participant channel citizen.

First and Foremost: Friends
As a channel executive for over 30 years and as a writer for and about the channel for the past 15, my most valuable asset, my greatest resource and the most rewarding value of my long channel citizenship has been my large community of friends. They're wonderful people -- smart, insightful, caring, passionate about their work. It is truly my greatest joy to know and speak with them regularly. I continue to learn so much from them, and I owe all of them any measure of success I have achieved here.

And it is those friendships that are the source of literally everything else, from opportunities to work on amazing projects, to access to extraordinary technologies and intriguing customers, and so much more. They are sources for deeper learning about not only technologies, but also human interactions, marketing and selling strategies, and human-machine and machine-machine relationships.

There has not been a moment in the past 44 years that I haven't felt myself learning and growing. Nothing I can think of beats that.

Living a Life of Service to Others
Anyone who enters any service industry acknowledges their own desire to live a life of service to others, most of all their customers.

But there is also an unbelievable return from serving the channel community that has raised and nurtured me for all my career. Every moment I have invested in serving on councils, participating in programs, attending events, presenting, writing, teaching, consulting and advising my colleagues has paid back incredible dividends to me, including opportunities, recognition and the sincere appreciation of those I have helped along the way.

This is why I live by the credo that appears on all my marketing materials and e-mails: "The more good you do for more people, the more good finds its way back around to you."

If you have not availed yourself of the partnership, allyship and allegiance of the channel community yet, I strongly encourage you to seek out channel organizations that feel right for you and join them. Give to your channel and watch it give back in ways you never dreamed of.

Posted by Howard M. Cohen on April 25, 20240 comments


What's Going On at CompTIA?

Longtime readers of The Evolving MSP will remember that I spent considerable time (and love, blood, sweat and tears) with the International Association of Microsoft Channel Partners (IAMCP). The IAMCP's biggest challenge was the fact that it's an all-volunteer organization; everybody there also had a full-time job in a company in our very, very busy channel.

CompTIA was a different story. I also have history with CompTIA, first joining in the Dark Ages when it was still called the Association of Better Computer Dealers (yes, the ABCD). While I turned my attention to IAMCP, ABCD grew up and became the CompTIA, hired an executive director and built a staff that, over the years, became larger and larger. CompTIA delivered extraordinary value to the channel in the form of curricula and training syllabi used to certify our technicians and engineers -- so extraordinary that organizations like the U.S. Department of Defense require the CompTIA Network+ certification of anyone applying for work there.

As the Channel Evolved, Did CompTIA?
In 2017, we changed the name of this column from "The Changing Channel" to "The Evolving MSP." By then, the channel had gotten far enough along in its transition that we could accurately say that it had changed. In fact, I've suggested that there's now a new "techchannel" that no longer describes a process that moves products from manufacturer to distribution to reseller to customer, but rather a services community that delivers high-value technology services to customers. Products have become an enabler and their manufacturers a support resource.

A high-ranking executive at CompTIA once explained to me that CompTIA is a "trade association." This spoke volumes to me regarding its priorities. Read: vendors.

As a result, to this day, CompTIA continues to provide a platform for vendors to gain access to its members. It also provides validation, resources and funding. As such, I maintain that CompTIA is an association of resellers, not necessarily service providers -- and managed service providers (MSPs), the tip of the spear of our industry, are underserved by it.

But Wait! There's Less
In July 2023, CompTIA added a chief revenue officer. This struck me as odd: How does a nonprofit association require a chief revenue officer? The job boards didn't have many associations seeking CROs, but I thought, "Well, the revenue has certainly helped grow the association, so it's probably a good thing."

Word on the street, however, was that several senior-ranking vice presidents have suddenly been terminated at CompTIA, all of whom were central to CompTIA's core purpose of bringing quality and value to the industry. While none could be characterized as being directly revenue-producing, all produced the kind of value that attracts more members to the association. And members bring strength, a louder voice in industry and more revenue.

Even the staff people I talk with at CompTIA seem different. Where once they seemed inspired and mission-driven, today they are fulfilling a function. Doing a job.

My impression is that the sudden reduction in force will reduce the value CompTIA brings to growing the community, erode the support for those who wish to enter it, more thoroughly mute the voice of the channel community and continue the march of CompTIA becoming more of a business and less of an association.

My 'Guessessment'
What follows is not based on any direct knowledge nor on input from any of the directors or executives at CompTIA. Rather, it's based on an evaluation of the currently available facts.

When does an organization increase focus on revenue generation and cut payroll from the top down? When it's looking to sell the organization. Personally, I have no idea how a nonprofit corporation can be sold to a for-profit one, and I have no idea what happens to the members, nor who actually makes money when and if this happens. However, I do know there are people who know these things, and I suspect they have a plan.

As someone who highly values the communities that serve our channel, it saddens me to think that CompTIA will never evolve into the organization I saw it becoming -- one that truly supports the fine, professional service providers our community members have evolved into. Certainly, CompTIA has created assets that are highly valuable and will continue to benefit all of us for years to come -- no matter what. We've also recently seen the growth of the ASCII Group, the absolutely explosive growth of organizations that support the growth of the role of women in technology, and new groups focused on the professional service providers we keep spawning, like the National Association of IT Service Providers (NSITSP). Clearly, there are many who recognize exactly what our community needs and are striving to provide it. But it looks like the long wait for CompTIA to move more purposefully in that direction will ultimately be for naught.

My guess is that some large learning center company will benefit most from acquiring the extensive educational assets and processes of CompTIA. Keep your eyes peeled. If we see CompTIA somehow working to shed members, it will quickly become apparent what is actually happening there.

I'm hoping some of the heroes who serve on the board will reply to this and tell me just how wrong I am.

Posted by Howard M. Cohen on March 25, 20240 comments


The Most Important Document for Partners To Read Now: CSF 2.0

Ask your customers this question: "What do you think it means that the National Institute for Standards & Technology (NIST) just expanded the scope of its Cybersecurity Framework (CSF) to go beyond 'critical infrastructure' to instead apply to all companies and organizations?"

Last month, the NIST announced the first upgrade to the CSF since its release 10 years ago. In a blog post, Kevin Stine, chief of the NIST Applied Security Division's Information Technology Laboratory (ITL), noted that the CSF was born out of the 2013 signing of Executive Order (EO)13636, which required the development of a cybersecurity framework to protect "critical infrastructure," such as oil and gas pipelines, rail, aviation and water supplies.

In fact, the original version of the CSF was titled, "Framework for Improving Critical Infrastructure Cybersecurity."

Notably, CSF 2.0 doesn't make the distinction between critical and non-critical infrastructure. One interpretation of that might be that NIST now considers all infrastructure to be critical. The abstract for the CSF 2.0 emphasizes the important expansion of the scope of the document and defines its purpose:

Abstract
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization -- regardless of its size, sector, or maturity -- to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used. 

Another Key Expansion
In its original 2014 version, the five pillars of the CSF were:

  • Identify: The organization's current cybersecurity risks are understood.
  • Protect: Safeguards to manage the organization's cybersecurity risks are used.
  • Detect: Possible cybersecurity attacks and compromises are found and analyzed.
  • Respond: Actions regarding a detected cybersecurity incident are taken.
  • Recover: Assets and operations affected by a cybersecurity incident are restored.

In the new CSF 2.0, a sixth pillar has been added at the top of the model:

  • Govern: The organization's cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored.

This important new pillar helps organizations determine what they may do to achieve and prioritize the outcomes of the other five and, as such, serves as a defining mechanism.

The CSF Promotes Superior MSSP Methodologies
Perhaps the most profound evolution we've seen among MSPs has been the elevation from managed services provider to managed security services provider (MSSP). Many of our colleagues have seen the need and the opportunity presented by data and network security services.

For anyone who has already achieved MSSP status, and especially for those working to escalate their MSP practice to MSSP, the NIST CSF 2.0 is a must-read -- and soon.

CSF 2.0 represents tour de force guidance for those who seek to own responsibility for the data and network security of their own company, or that of others. The stated audience resides mainly in the "buy side," of corporations, government agencies, educational institutions and other organizations.

You can be guaranteed that your competition is already reading CSF 2.0 and has already begun planning based on it. The resources made available by this remarkable work are mammoth and will take time to get through, but at the end of that, MSSPs will be able to do something that will grow their profits substantially.

Customers respect methodology. In fact, their investment decisions are in large part influenced by the methodologies of the technology professionals they engage. In essence, they buy methodology. Reading CSF 2.0 and all the related materials will, without fail, dramatically improve your methodologies and impress your customers. It will also increase your profitability by enabling your people to perform related tasks far more efficiently and far more quickly.

This Is the Most Important Announcement You'll Read This Year
You are constantly reading about how this or that security software provider has improved their software, or about the new functions available in this or that security platform.

The CSF 2.0 announcement is all about how you improve you. How you improve the services you provide to your customers. How you earn increased levels of customer satisfaction from them. How you and your tech practice become more valuable. The guidance provided in CSF 2.0 is invaluable, as are all the resources it will lead you to.

So put down this article, pick up CSF 2.0, and start reading.

Posted by Howard M. Cohen on March 04, 20240 comments


Post-$3 Trillion Market Cap, Where Do Partners Stand with Microsoft Now?

Change is the only constant. That quote is commonly attributed to the Greek philosopher Heraclitus of Ephesus, but nowhere does it apply more completely than Microsoft. In the 43 years I've been involved with Microsoft, change has been nonstop -- sometimes blinding, often confounding, deeply frustrating and always challenging. But one thing has remained constant.

Jon Shirley, who assumed the mantle of Microsoft president in 1983 after being at Tandy for 25 years, was the first Microsoft executive -- but certainly not the last -- who ever said to me, "The most important thing to us is that you get the most out of your Microsoft relationship." Since then, I have had the same sentiment expressed to me by Steve Ballmer, Sam Jadallah, Allison Watson, Phil Sorgen, David Willis, Margo Day, Chris Capossela, Eric Martorano, Pam Salzer, Kati Quigley, Pattie Grimm, Gavriella Schuster, Rodney Clark and a host of Microsoft Partner Account Managers (PAMs). It is the one and only thing -- and perhaps the most important thing -- I can think of that has been constant throughout the past 40 years.

Quotas Reveal the Underlying Intent
Many years ago, I found myself at a quarterly partner briefing in Microsoft's New York office listening to one of the PAMs, Andy Pavarini, make some announcements. At one point, Pavarini suddenly stopped and drew a deep breath, as if his next announcement was going to be difficult. The entire room quieted.

"I now have to announce that, for the first time, Microsoft has a quota for you," he said measuredly. Everyone stopped breathing.

Pavarini continued, "Starting this quarter, Microsoft wants to see you earn $250,000 per quarter in revenue for your services related to Microsoft products."

It took a moment for everyone to unpack that statement (and I'm sure there were several in that room who never did). Being an analytics geek, I immediately realized there was no way for Microsoft to measure that. We didn't report our services revenue to them. At that time, they didn't even have a deal registration system in place.

Pavarini's point was simple. Microsoft knew that if we were inspiring, selling and winning projects that involved Microsoft products, those products would get sold. Perhaps not by us directly, but customers would end up buying them somewhere. This was the very beginning of what is today referred to as "transacting" versus "non-transacting" partners.

It had always been my experience that my Microsoft partners were anxious to help me close on projects that would have my team implementing Microsoft products. Pavarini was telling us that we should expect even more enthusiasm from them.

At around the same time, then-channel chief Phil Sorgen was telling me, "Microsoft has only one job, and that is to provide partners with the best possible platform to run their solutions on." This pre-supposed that partners of that era had solutions of their own. If you asked many of them what their solution was, their response would have a lot to do with adding more infrastructure. But then-Senior Director of Dynamics CRM Bill Patterson added that we should expect to see "an evolution of solution!"

That was then, and this is now. Much of the infrastructure has been supplanted by cloud services, which has caused Microsoft partners to completely redefine their "solutions." Patterson was right.

Making the Most
Today, many Microsoft partners have clearly defined the services they offer that complement Microsoft technologies. Many are managed services providers (MSPs), cloud service providers (CSPs) and other kinds of IT service providers (ITSPs). Others create their own intellectual property, often in the form of application software, that they sell to and through the ITSPs. Both groups recognize that customers can always enjoy superior pricing on software and hardware products, so they no longer depend on those for most of their profits; instead, they depend on the revenue they generate themselves from their services and/or their software.

Microsoft enthusiastically assures them that those whose solutions involve their own services should expect to see $7.63 of services revenue for every $1 of Microsoft licensing they sell. Those whose solutions are software can expect $10.11 for every $1 of Microsoft.

For me, this defines how today's Microsoft partner can make the most of their Microsoft relationship: Leverage the reputation and quality of Microsoft products as the foundation underneath the services and software solutions you produce, and look to your own generated revenue to produce far more than any product margin. This should come as a surprise to nobody.

Where Do We Go from Here?
Many people, including occasionally myself, can imagine a time when Microsoft phases out the partner program altogether. Two headlines have changed my thinking significantly: "Microsoft tops Apple as world's most valuable public company" from last month, and "Microsoft confirms more job cuts on top of 10,000 in January" from last year.

It's hard to determine what to think when looking at these two headlines in the context of each other. One could suggest that reducing the workforce by 20 percent (by some estimates) helped Microsoft achieve its lofty new market cap. Or one could see the transactional business model for Microsoft shifting.

Many of Microsoft's products and services can be purchased or subscribed to online, and Microsoft partners continue to drive the majority of their sales. Also, there's now a large community of advisors, consultants and other resources, many of them former Microsoft employees, who help partners improve their Microsoft relationships tremendously. Perhaps this has reduced the need for such a large community of Microsoft employees and contractors.

I'll close this entry by adding my voice to the many who are encouraging you to focus on getting the most out of your Microsoft relationship. There are many resources out there to help you, both inside and outside Microsoft. Look inward to determine what it's going to take for you to get the most out of your Microsoft relationship.

Posted by Howard M. Cohen on February 08, 20240 comments


Partners, AI and Plagiarism

We have all been here before. When we first saw "VisiCalc -- The Visible Calculator," it was revolutionary: a ledger page on the computer screen. However, most early users weren't exactly sure what it could be used for. When Intel introduced its "TeamStation," we were introduced to the amazing ability to see and speak with each other from our computers. Amazing, but, again, what would we use it for?

Fast-forward to when Microsoft announced it was "all-in" on the cloud. Many customers could share one remote server -- totally revolutionary. However, early adopters feared security breaches. Non-adopters refused to let their data reside anywhere other than "inside our own four walls."

This past year, partners have been inundated with news about, and a mandate to adopt, generative AI and machine learning. The word of the year was ChatGPT. We've seen early adopters generate e-mails, letters, even whole reports and other documents using it. It's been made to create music, images, an endless "Seinfeld" episode. We've even read about how an AI "came on to" a reporter, encouraging them to leave their spouse and enter into a romantic relationship with itself.

But who really needs any of that? Once again, we are confronted with a revolutionary technology in search of practical application. Experience has taught us that those applications will eventually reveal themselves to us. In the weeks and months to come, much of this blog will examine how MSPs can leverage these new cognitive technologies to provide useful and valuable applications for their clients. There's plenty of technical information about the underlying magic, but we're going to focus on how MSPs, CSPs, SIs and other information technology service providers (ITSPs) can turn that magic into customer value.

Addressing AI Plagiarism in Your Role as Trusted Technology Advisor
To my recollection, it was HP that first used the phrase "trusted technology advisor" to describe to its partners what they should become. An online search returns literally millions of people who consider themselves to be "trusted technology advisors." I bring this up because of a fairly major wart that has grown on the surface of generative AI: plagiarism.

Actors and writers recently went on an extended strike over, in part, concern about generative AI. Actors were concerned that a GPT could be built based on a few brief recordings of them that could then generate whole performances. Writers were concerned that the models used to "train" machine learning engines were scraping their content from the Internet. In other words, it was plagiarizing them -- or at least paraphrasing them to a great extent. It was also feared that it might be impossible to tie the generated text back to the original.

These fears are well-founded. The University of Mississippi's Ole Miss newsletter published an article in February 2023 titled "Can Artificial Intelligence Plagiarize" that synthesizes much of the available reporting. In the article, writer Erin Garrett lists three separate criteria that researchers commonly use to test for plagiarism: "direct copying of content, paraphrasing and copying ideas from text without proper attribution." According to Garrett, "[Researchers] found evidence of all three types of plagiarism in the language models they tested. Their paper explains that GPT-2 can 'exploit and reuse words, sentences and even core ideas in the generated texts.'"

Your customers will be learning more and more about these plagiarism issues. The writer and actor strikes were very public and covered extensively in the news. The more generative AI technologies are explained to customers, the more concerned they will become. As you begin to propose pragmatic applications of generative AI, customers will very likely question how they can protect themselves from being sued for misusing copyrighted content.

You have two options. The first is to recommend that they consult their legal counsel (the last thing you want to do is dispense any legal advice that you're not qualified to provide). The second is to carefully track the emergence of the many anti-plagiarism tools that will inevitably be developed for just this purpose. There are, in fact, many already on the market. Just as you sell and implement data and network security systems, you will be building more business around protecting generative AI applications against committing plagiarism.

As you study the emerging AI engines, be sure to also survey the anti-plagiarism and other content-protection tools, utilities and systems as they become available. Your customers will thank you and your bottom line will grow with assured protection against legal entanglement.

Posted by Howard M. Cohen on January 12, 20240 comments


MSP Marching Orders for 2024: Realize It's All About You

Have you read the recent article about how many billionaires the channel has created? It's a perfect distillation of the core skill that channel analysts, pundits and journalists use to remain in business: misdirection. Get people to look one way while the real action is happening in another. Properly practiced, it's an amazing skill. Items disappear and reappear elsewhere. Things that were torn to pieces are suddenly whole again.

But apply it to your MSP business and it doesn't help you much. In fact, it can easily direct your attention and your focus away from where it really needs to be.

Many channel publications we've all known for years -- RCPmag.com, of course, being an exception -- are now gone. Some have been acquired and absorbed by others. Some are sourcing their content from overseas at little or no cost or value. Many make more of their money producing excellent events. What I'm concerned about is what is not showing up in these publications: you, the partner.

Why Do You Invest Your Scarce, Precious Time in Reading What You Read?
For the 35 years I spent running MSP and SI channel companies, 80-hour weeks were considered "part-time." I didn't have any "free" time, much less time to read. If I did read something, I read it because it held the promise of helping me build a bigger, better business. Back then, our business depended less and less every year on the profit realized from the sale of products, and more and more on sales of our own services. (I'm told that is still the case.)

Reading about which companies were acquiring others was not on my menu; I would hear about it in the course of conversation each day, anyway. The details weren't important to me until they were. When I entered leadership in a channel association, I started asking my peers what they read and what they wanted to see in our association newsletter. The answers were consistent: best practices, things that were working for my colleagues in the channel, strategies they were embracing that were really paying off, case studies that described how they overcame customer challenges to deliver excellent solutions.

What they were most interested in weren't stories about billionaires, but in stories about those who were just like them.

More Than Ever Before, It's All About You
As we look ahead into 2024, it has never been more important to fully embrace and appreciate what our customers are buying today. They can buy the same products anywhere and, even if they buy them from you, that doesn't mean much to your bottom line. Our own channel colleagues continue to discount so severely that product profit is, more often than not, basis points.

What customers buy from you is you. They buy into your expertise, your knowledge, your experience, your methodology and your professionalism. They buy from you instead of your competitors because they are impressed by the way you present yourself and the services you are proposing to provide. Assuming your services are superior, the more you invest in improving the way your people present those services, the more customers will choose you and the more customers you will add to your portfolio. Isn't that what you're in business to do?

Professionalism
It's a powerful word, one that we all want to apply to ourselves. Those who recognize the need to earn the right to call themselves professionals make the investments, put in the work and constantly strive to be recognized for their professionalism. In pursuit of that, they look to the industry publications they read to contribute to their efforts.

So, what can you do in 2024 to contribute to the effort to help the channel earn its reputation for being a community of professionals? Focus on your team. Evaluate how you present your practice and your offerings. Evaluate the quality of your collateral and promotional materials. Evaluate the content of your customer contact strategies.

How do you follow up on prospective customers? How do you follow up on project progress and completion? Are you building extraordinary customer experiences? Are your employees enjoying extraordinary experiences working on the team? Are you participating in activities that improve your professionalism and profitability? Are you consuming content that helps you improve?

Participation
One thing that has consistently contributed to my professional growth has been my participation in many of the great organizations, associations, societies and other groups that support the channel. I've learned much from members I've met in many of them. I've been proud to contribute my time, energy and talent to help grow some of them. Every investment has returned many times over.

"Marching Orders" was a series we published yearly back when this column was called "The Changing Channel." When the channel had changed completely enough, we shifted the focus to where it now belongs, to you the MSP. But this annual tradition hasn't changed. So, my "marching orders" for this year are simpler than ever before.

Focus on you. Your work must be totally focused on delivering value to your customer, but your ability to earn that business totally comes from you. Promote you. Show up at local and regional events to share your insights. Write for local publications to share your insight and let potential customers see it. Be very clear and specific about who you are, what you offer and why customers should choose you to help solve their IT challenges. You've carefully built your preferred stack of technologies that you include in your projects. When the makers of those products offer to co-market or co-sell with you, be sure there's as much emphasis on you and your services as there is on their products. It's all about what you do with those products, so make sure the messaging reflects that.

Learn more about the organizations that are out there to help and support you. Choose the ones that contribute most to your resolve to elevate your professionalism and your customers' perception of that professionalism.

Two things I'll ask you to do to get started. The first is to carefully and thoughtfully evaluate your own professional posture. Does your practice show up as professionally as you want it to? The second is to share your thoughts about this with me. I want to hear from you about how you're amping up your professional presence. What do you think about what I've said here. Let's launch a dialogue and get ready for an amazing new year.

Posted by Howard M. Cohen on January 09, 20240 comments


How Does Your Partner Practice Grow?

One of the most memorable quotes from legendary sales motivator Zig Ziglar is, "If you're doing what you've always done, you're probably getting what you've always gotten." But that's no longer true. Many channel resellers who continued to depend on product resale proved that to themselves very painfully. Each year, they were doing more than they had ever done and sold more products to more customers, but each year they actually got less than they had always gotten.

The current state of our channel now is better captured by Lewis Carroll in "Through the Looking-Glass," in which the Red Queen intones, "It takes all the running you can do to keep in the same place." This is mainly because customers are now asking the same question posed by fabled philosopher Janet Jackson: "What have you done for me lately?"

To Do and Earn More, You Need To Learn More
When the arrival of cloud computing totally disrupted the product sales opportunity for channel partners, many made the wise decision to become managed service providers (MSPs). No longer were their earning opportunities controlled by pricing competition; instead, they now could distinguish themselves through the quality of the services they delivered and the trust they earned from their customers by being true professionals.

However, some resellers started calling themselves MSPs but didn't really change their business practices much. As a result, the services they delivered were substandard and, in many cases, damaging to their customers. To know how bad the results of such behavior could be, you only need to look back as recently as January 2022, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued an alert titled, "CISA Insights on Risk Considerations for Managed Service Provider Customers." Just the first paragraph is chilling to every member of our community:

Overview
To aid organizations in making informed Information Technology (IT) service decisions, the National Risk Management Center (NRMC) at the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) developed this set of risk considerations for Managed Service Provider customers. This framework compiles information from CISA and IT and Communications Sector partners to provide organizations with a resource to make risk-informed decisions as they determine the best solution for their unique needs. Specifically, the framework provides organizations with considerations to incorporate into their IT management planning and best practices as well as tools to reduce overall risk.

The bolded text at the end is emphasis CISA's, not mine.

This damaging report was the direct result of a sizeable proportion of our channel colleagues deciding to "fake it" instead of "making it." Customers paid the price, and then the other proportion of our community suffered, too. (How many times have you heard a prospective customer say, "Oh, you're an MSP? No, thank you. We've been burned before by an MSP.")

Where Do We Go from Here?
I closed the very first post in this blog series by asking, "How are you growing your MSP practice?" I plan to keep asking that question over and over, always suggesting possibilities and hoping to hear from you about how you're growing your MSP business.

One thing is for sure: The practices that are succeeding today have specialized. These partners have differentiated themselves by focusing on specific technologies and their corresponding specific business needs. Many have chosen to become managed security service providers (MSSPs), which makes tremendous sense since most customers need secure data and networks. There's plenty of opportunity there.

Microsoft, in particular, has encouraged many to become cloud solution providers (CSPs), mainly because Microsoft has truly gone "all-in" on the cloud, as former CEO Steve Ballmer loved to expound upon. In fact, a few years ago in this blog, I suggested some possible growth paths for today's MSPs to specialize and grow in. Check out what was at the top of my list:

  • The Cloud Services Provider (CSP)
  • The Data Scientist Service Provider (DSSP)
  • The Software-Defined Services Provider (SDSP)
  • The Automation Services Provider (AuSP)
  • The Artificial Intelligence Services Provider (AISP)
  • The Internet of Things Service Provider (IoTSP)
  • The Universal Communications Service Provider (UCSP)
  • The Vertical Services Provider (VSP) -- many flavors!

I'd be willing to bet that there are those of you out there now who are working on many of the others on this list. Some of us have started using the catch-all acronym ITSP to refer to all kinds of Information Technology Service Providers. The more we can grow the need for such a collective acronym, the more mature our industry becomes.

Have I missed any? Are you developing a specialty that I haven't mentioned in this list? We would all love to hear from you about it. You can always reach me directly at hmc@howardmcohen.com.

Posted by Howard M. Cohen on November 28, 20230 comments


Across Microsoft's Various Partner Program Changes, Nothing New Under the Sun

The first anniversary of the introduction of the Microsoft Cloud Partner Program (MCPP) replacing the Microsoft Partner Network (MPN) will be on Oct. 3, 2023. This occasion brought me back to the first year of the introduction of the Microsoft Partner Network, which replaced the Microsoft Partner Program (MSPP) in 2009.

Many things happened in 2009 that weren't readily apparent to partners. For one, Channel Chief Allison Watson and BMO VP Jon Roskill were each given the other's job, and both were congratulated on their promotion. That this all happened just before the Worldwide Partner Conference (WPC), the former name for the "Inspire" conference, hinted that major change was about to occur.

That something was the new MPN, which was presented as "something you're part of instead of something you just sign up for" or something markety like that. It was introduced with all the expected "landing gear" and "air cover," leaving some of us with the uneasy feeling there was another shoe waiting to drop.

We nicknamed the other shoe as "The Exclusivity Rule" and, though it sounded almost innocuous, it was anything but.

Let me preface by saying that, at the time, I was working for the No. 1 partner in the Partner Locator website, which was sorted by how many competencies a partner held. We held 30 of the 31 then-available competencies. The only exception was "white-box," which we simply didn't do. The remarkable thing is that we were, at that time, a company of only 17 people.

The Exclusivity Rule
To read it, the change seemed minor. Every competency was earned based on four technical people from a partner's organization taking training and passing tests for each of several topics. Now, in the new MPN, if you wanted to earn a Gold Competency, those four people had to be unique. You couldn't have the same people pass multiple tests. In other words, for each Gold Competency you wanted to earn, you had to have four more employees.

This meant that, under the new MPN, the little partner I worked for would have to grow from 17 employees to 120 to keep all of our competencies. As you can imagine, this was not well received.

What followed were negotiations. At that time, I served on the board of the International Association of Microsoft Channel Partners (IAMCP) and we quickly met with Roskill, who was still trying to "get into the saddle" of his new channel chief position. At first, Roskill asked us to be patient with him as he learned the new terrain. But by the end of the first meeting, it was Roskill who was listing off a variety of possible solutions.

In the end, we came to an agreement that enforcement of the exclusivity rule would be delayed by a year. This gave all partners the opportunity to determine which competencies they really wanted, or to drive themselves out of business by hiring too many new people at once. For many, it was that serious.

Remarkably, by the end of the first year of MPN, the dust had settled. Microsoft had demonstrated how serious they were about having all partners really declare their true expertise, and partners had actually come to understand the value of that to themselves. A new generation of proactive partner-to-partner (P2P) partnering began.

Back to the Future
Which brings us to today, a year after the introduction of MCPP.

It would seem that the big change Microsoft's marketing gremlins have snuck into the MCPP is that they now refer to it as the Microsoft AI Cloud Partner Program. No surprise there. A decade ago, everything got the label "cloud" slapped on it because it was cool and current; now everything is AI. In March 2022, during his brief tenure as Channel Chief, Rodney Clark posted a blog pre-announcing the impending change from MPN to MCPP. In it, he led by describing Microsoft's three major commitment areas:

  • Strengthening our digital capability
  • Deepening partner technical capabilities
  • Streamlining engagement between Microsoft and our partners

Just for perspective, I sold my very first Microsoft software license in 1981, years before there was any formal partner program. Those three priorities are identical to the priorities Microsoft had then.

They also re-spun the competencies as "capacities," and Clark talks about the new program focusing on proficiency in six solution areas:

  • Data & AI (Azure)
  • Infrastructure (Azure)
  • Digital & App Innovation (Azure)
  • Business Applications
  • Modern Work
  • Security

That said, Clark announces the new "partner capability score," which reminded me of the days of Kevin Turner and the wonderful "stack ranking" our Microsoft friends endured. Now it's the partners' turn.

Reading the Tea Leaves
It isn't popular, but my calculation -- based on all the conversations I have had with people throughout the Microsoft partner ecosystem -- is that the introduction of the Microsoft AI Cloud Partner Program is another round of rearranging the deck chairs. Beyond the nomenclature and some program processes, nothing much has really changed.

That said, I will repeat advice I have given previously in this column. Microsoft produces some wonderful services. Some of their specifications and controls start to resemble the complexity of the ancient days of mainframe operations, but that actually provides some additional justification for the role of partners.

As the programs age and rotate names, my advice has devolved into one simple suggestion: Treat Microsoft's partner programs with the same level of benign neglect that they treat you with. Focus more of your energy on banding together with other trustworthy, reliable Microsoft partners and others who can augment your offerings with their own and expand your available market. Find partner associations that serve your needs rather than Microsoft's. They're out there!

Most important, focus on your own sustainable competitive differentiators. What proprietary intellectual property can you offer to customers? How much better are your services than your competitors', and why? You supply the leadership and let Microsoft supply the content. If you look deeper into what they do and ignore what they say, you'll see that they really want you to evolve this way, too. Just for different reasons.

Posted by Howard M. Cohen on September 25, 20230 comments