Many of my MSP colleagues may not want to hear it, but there’s a great reckoning coming to our industry, a great commodification. Does your client view you as simply selling a list of tools? Well, the market’s shifting such that there will always be another provider ready to come in and deliver those tools better or cheaper. MSPs that allow their services to be viewed as commodities will face ever-shrinking margins and a race to the bottom on price that, mark my words, will have a bad ending.
To avoid this fate, MSPs need to figure out what end results actually drive customers to seek out their services, and they absolutely need to control the conversation when it comes to the value they deliver.
If your discussions with clients are about why you’re using each of the technologies you provide rather than cheaper ones they’ve heard about, you’re already screwed. However, if you frame the conversation around delivering effective services that the client wants and/or needs, clients are far less likely to concern themselves with pricing out elements of the technology stack involved. At the end of the day, customers don’t care about the technology an MSP uses. They care about results.
In our case, HIPAA compliance is our core offering as a business solution provider. For businesses covered by HIPAA, compliance isn’t optional. Fines for HIPAA non-compliance can easily reach into the five-figures – more than enough to put many small and medium-sized businesses out of business. HIPAA violations can also carry personal criminal liability, resulting in fines and even prison time.
And the hit to a business’s reputation following a data breach incident due to HIPAA non-compliance may be the most damaging penalty of all: such businesses are listed on HHS.gov’s “Wall of Shame”, where any potential future client can look them up and read all about their failure to protect patients’ personal health information. It’s not great branding.
As far as our clients are concerned, we offer Compliance-as-a-Solution at a set price point – they hire us decidedly not for the implementation and management of a particular suite of security products, but for HIPAA compliance itself. Under the hood, our offering uses a toolset from Compliancy Group that enables us to provide clients with HIPAA risk assessment, employee training, compliance coaching and support during audits, and compliance verification, alongside other vendor solutions. In fact, discovering the tools that currently power our Compliance-as-a-Solution offering quickly shifted our business from a general focus on network security to operating specifically as a healthcare business solution provider, driven by the ability to fulfill customers’ demand for HIPAA compliance.
The focus on delivering positive HIPAA compliance outcomes then allows us to fully control the conversation when a potential client questions our technology choices from a commodity/cost perspective. For example, when a client begins asking us to remove something from our offering so they can have it at a cheaper price, I’ll say, “Sure, where do you want the hole in your house?” I explain that I’m building them comprehensive HIPAA-compliant security the same way you’d build a house to withstand the elements. They can have it at a cheaper price, but would they like to be missing a wall, or the roof?