“Every year we are checking our baseline if it’s still compliant”- In conversation with Pieter de Bruijn (Féju ICT Groep)

I had the pleasure of talking to Pieter de Bruijn, Sales Manager / MT-lid bij Féju ICT Groep, about the starting point of their MSP journey and why the “security baseline” is so important to him.
Olaf: When was the point in your company’s history when you said that we were now starting our first managed services?

Pieter: We started a couple years ago, I guess, six, seven years ago with the first Managed Services. The first products were Microsoft products, Microsoft Office 365, currently Microsoft 365, also the Sophos portfolio, especially the server protection and the endpoint protection licenses and things like online backup were the first products when we started it. It’s still growing because we are in a complete transition to increase the use of MSP and CSP products.

And once you have set up these initial managed services in your company, do you have a strategy or plan for which customers you want to contact first and convince to use these new services from your website?

Well we are using our baseline and every year we are checking our baseline if it’s still compliant with the current security needs and every customer needs to follow the baseline and that’s very important to us. In some cases a customer is not following it. And then you have to might think, okay, is it the right customer? And most of customers are following it.

What was in that baseline, perhaps at the time you set up your first managed services five years ago? So it’s a combination of selling services and consulting services and integrating the first managed services into your basic structure. Right?

So in the baseline, there is monitoring, there is asset management, there is a sum of security products. So there is a strict baseline. And then you can top on with other products.

What are the key factors that are crucial for your sales managers or yourself to really convince customers to buy a managed service and pay a fixed monthly fee for your service?

What you currently see in the market is that the subscription based services, such as the MSP, CSP versions, in most cases providing more services than the termed licenses. Look like Microsoft 365 instead of Exchange on premise. So it’s also a huge difference in case of security, of course, but there’s so in some cases it’s better to use the MSP licenses instead of the termed services.

What we prefer as MSP partner is to end all those renewals. So we were quite busy with renewing all terms licenses with a renewal date and things like this. It’s a big administration load and with MSP and paying monthly or quarterly or yearly it’s better. It’s also crucial to look to the effort the team need to invest to do the renewals, to calculate which license is needed and take a quote with every vendor in the market and with MSP you’re working on a quote to increase your margin and then you can also make long-term commitments with vendors to make more margin to decrease the buyer price.

Play Video
If some customers experience a threat or something is discovered in their IT, the efforts to eliminate that threat are usually not included in the monthly fee. I assume it’s the same with Feju?

What we are currently doing is selecting for every product, which one is preferred for us. The security MSP products are the most difficult part of it, because every customer is getting a security breach once in a lifetime. And some products, things like online backup products like that, they can say, okay, it’s an all included service because we are responsible for the backup solution. And if there is a problem or not working or a customer is raising a ticket, they can solve it including in a price amount. But especially the server or endpoint security, threats or ransomware and pen testing results, things like that. It’s quite hard for us to make it all included because it’s too risky for us.

Probably you include updating and managing the existing stuff, but not the reaction to all these alerts that are maybe crucial for the customer.

Yeah, we’re looking to the Managed SOC solution that we are using. If in the night something is happening at the customer site, we are receiving a phone call of the extended Managed SOC. Well it’s four o’clock in the night, the consultant is sleeping, of course, I hope so. And if we’re receiving the phone call, till that part, everything is included. Also the phone call may raising a ticket and everything is included, but if there need to be an action, so we have to call the customer because there is a breach, or an unauthorized login or something like that, it’s not included.

When I look at your customers, you say that Feju is aimed at the mid-market segment. So you probably have customers with internal IT equipment and customers without. Does that make a difference in the delivery of managed security services?

Looking to our customers, I guess 40% of the customers is having their own IT person or persons. And there we are the second or third line in line then. About 60% of the customers is not having their own IT persons, maybe an IT responsible person, but nothing more than then, then we can notify the problems or things like that. But there is a difference, of course, because the IT persons in the company are more eager to use new products.

But sometimes they are also more difficult because they are not always willing to use the newest products because they are afraid for their own responsibility and their own position in the company.

But all products in the baseline are usable for the small companies with five people, but also for the companies with 300 or 500 people. That’s the good part. Only the larger companies are in most cases getting better prices because they are increasing the staffel and then you can provide better prices.

Last question, Peter, thank you very much for your insights. We are only a few days away from the new year. And this is primarily a period where we’re taking a fresh look at what new things we can tackle and evaluate as an MSP in this new year. So are there some security-related ideas that you have at Feju that you say we want to resell in the next year 2024?

A highlight for 2024 for us is of course security also with the term NIS2. In our customer base there are quite a lot NIS2 customers. So they need to take a critical look to their security needs.

We are doing pen testing more than ever, but pen testing as a service, we’re doing that. So we’re not providing one time pen testing, but we are doing more pen tests through the year. So that’s an important one for us.

And we are expanding our managed SOC, so the managed security services. And yeah, other highlights not security related is to discuss with customers about sustainability and AI, things like co-pilot and things like that. So a few highlights is security, sustainability and AI.