“Appetite to risk”- In conversation with Jason Fry (Adnitor)

Many thanks to Jason Fry, Managing Director of Adnitor, who talks to Olaf Kaiser about Managed IT Security, the importance of taking risks seriously und customer happiness.
Olaf: Please explain your statement “We know that the traditional way of supporting and managing IT has to change”.

Jason: The reason for this statement is, among other things, that we have realised that the way IT is used in a company has changed massively. In the past, a company would invest in an IT system and then let it run in maintenance mode for three, five or ten years. 

And then they had to invest a huge sum to replace the system. We find that this has changed now because they are taking advantage of cloud technologies. So a lot of the IT is no longer on-site, it’s constantly changing, and that requires a slightly different approach.

The IT service we offer in co-management or outsourcing takes into account that this is now the new norm and we have to accept this constant change.

 

Tell us a little more about the ongoing development of your managed services. Do you have predefined packages or how do you fit into your client’s setup?

For many years at the previous MSP I was involved with, and I know many other MSPs have done the same, we tried to fit clients into predefined packages or technology stacks to make it easier for us to deliver those services and meet the SLAs we have with our clients.

However, with constant change, it is more difficult to bundle all these elements together. So we have found that one size does not fit all, and two or three sizes do not fit all either. So we have to tailor our service offering to our clients a little more than we used to. There are still core offerings and prices for certain services that we offer, but we’ve had to be a little more flexible, because of course we have a different contract and a different scope of services for almost every client. But we counter that with really good internal documentation and processes and information about each client so we understand what they have and what we deliver to them.

And as things change in their world, which is regularly the case, companies have to adapt to a variety of economic, social, environmental and political pressures that affect their business.

So it’s a constant dialogue that we have with them, not just once a quarter or once a year. It is a constant conversation.

Play Video
Nowadays, many MSPs say that in terms of security, a firewall and antivirus are no longer enough. In terms of your Adnitor portfolio, do you communicate certain mandatory services to your customers?

Any company that doesn’t have a firewall or some kind of endpoint antivirus is not really taking their business seriously. So that’s been a given for some time, but those things don’t cover all the risks that are out there today.

So what has proven to be a game changer for us is managed detection and response. We work with some great vendors, one of which is Sophos. They have a very good MDR offering that we resell to our customers, because obviously trying to build a SOC or SIEM offering into our packages for our customers would have been very costly. So having a managed offering from a very well-known security vendor is a great thing for us to be able to offer to our clients very easily.

We also offer a number of other complementary services. I mean, we offer backup, replication and recovery. We also offer risk management and cyber resilience planning. We try to talk to our clients about how far they are able to deal with a cyber incident and make sure they are aware of the risks and try to help them define their risk appetite, because that way we can offer them the right technologies and services.

If you take a look at the journey with Adnitor from 2019, what are the main keys to success in this area of managed services or specifically managed security services?

Well, I think the co-managed approach is quite a new approach that a lot of customers are warming up to because they realise that they need to take some responsibility for their own IT and in particular their IT security.

The approach to IT security that has been very successful for us is to talk about the risks and not just the technologies. Because as soon as you start talking about all the technologies, customers think you are trying to sell them something or scare them into buying something.

But for us, it has worked to take a step back and try to understand their business a little more. What are the risks to the business? Is it financial risks? Is it the risk of data loss? Is it the risk of their data becoming publicly available? Would a business failure be the biggest risk to the company?

By trying to understand the maturity level of the company in terms of different aspects of cyber incident response, we show that we care about their business and offer them the right technologies and services, rather than just trying to sell them something all the time. So that was quite a success for us.

What are the biggest obstacles you have faced and what solutions have you developed for them?

I think the biggest challenge for us has been managing the different security technologies and vendors and putting them together into a solution for the client that meets their needs. The more vendors and the more technologies we use, the bigger the challenge was.

Another issue we faced was whether to build our own Security Operation Centre and staff and manage it 24/7. And that was a challenge for us to figure out whether that was cost effective for us or not. In the end, we decided not to go down that route. Fortunately, the Sophos MDR offering came along and filled a big gap for us.

The main obstacles were managing all these different security technologies and their feeds, and keeping up with all the new threats and potential threats that were emerging in the landscape.

You talked about the customer experience layer and that you’re aligning with that rather than a service level agreement. What is your approach to this XLA?

At Adnitor we have tried to really focus on customer experience and outcomes. SLAs are really important. They help us and the customer to make sure that we do what we need to do in the time required and that we respond correctly.

But we have added an extra layer, which is about experience. We use it as a kind of benchmark to make sure that we give our clients what they want and need. So an XLA is an experience level agreement. So we sit down with the client and agree on a level of happiness and satisfaction.

Our clients have certain expectations of the services we provide. And we want to make sure that we actually exceed those expectations. So the experience level is about us continuously engaging with our clients to ensure that the services and projects we deliver not only achieve the desired results, but also deliver business value to our clients.