MSP veteran Paul Cissel, CEO and founder of Internet & Telephone LLC (I&T), runs a tight ship. A big part of that discipline is the use of Kaseya VSA, a next generation RMM that helps the 14 year-old company tightly manage clients – doing such a great job Cissel’s I&T now dramatically exceeds MSP KPI norms.
Kaseya recently spoke with Cissel to learn more about how he uses VSA to drive operational excellence.
(Questions from Kaseya have been bolded and italicized)
How did you come to use VSA?
Cissel: My business partner, Pete Peterson, and I founded a telecommunications CLEC to provide full services for our customers. In 2002, we called it ‘network managed services.’ ‘MSP’ had not been coined at the time. Coming out of telco, there were a host of products that were very expensive which we had used ― from Remedy on the trouble ticketing side to some computer associated products, such as Cisco and IBM/Tivoli. They were all very large, very expensive products, but also not multi-tenant. We had this hodgepodge of eight or ten different products that we used to monitor, alert and remote to our customers.
Why was that not the best way of doing things?
Cissel: It’s hard to have best practices when you have multiple tools and a lot of the tools were just monitoring tools that didn’t help enforce best practices. You needed your technicians to be trained in multiple tools; eight, ten tools and the tools didn’t integrate together. It wasn’t very scalable. So we started looking for a tool that was multi-tenant and would do ticketing, remote monitoring and maintenance, apply policies instead of just using group policy in Active Directory, as well as manage antivirus ― all from a single pane of glass. It made training our techs easier and scaling and growing easier.
We’re finding that a lot of times there’s some automation in a system or tool. But the real power is doing management by exception, really driving policy-based automation. How does this help with the efficiency and the scaling that you were referencing?
Cissel: When we started using Kaseya VSA, we would individually set up customers. We would tailor the agent individually to how we were putting up the customer. Once we got over 30 or 40 customers and had 10 people or so in our NOC, there was no consistency across the policies that we had established at each customer. They would have different backup policies, different patching policies, so the techs would become confused and give customers the wrong answer.
We’ve moved off of that to having our standard technology stack. As part of that, we have a statement of work on how we deploy VSA and the agent itself. We have three different agents that are based upon the level of security that each customer buys. It’s allowed us to standardize, have our techs give the same answer, and give some definition to distinct products as well.
The solution itself is very, very powerful. It allows an organization to pretty much go in any direction they want in managing a customer. It gives you, as an MSP, the ability to differentiate. Just because there are 10,000 customers using the same product (VSA) doesn’t mean that every MSP is servicing their customers the same way. We all have our own secret sauce and the means in which we want to provide services to our customers. We deploy a standard set of policy services for most customers; but VSA has also allowed us to come up with other offerings ― for instance security. We can deploy VSA so it provides a certain amount of security but if a customer is in an industry that has compliance like FINRA, HIPAA, FFIEC compliance, then we can further tune the product to accommodate those compliance needs.
You mentioned that VSA is the core of your business. What do you mean by that?
Cissel: It’s how we deliver services. Our foundation-level services are monitoring our customers’ networks, providing best practices in patching, backing up their systems, rolling out antivirus/anti-malware ― and VSA allows us to do that all from a single pane of glass. With 200 customers I would hate to think of us having to do all of that manually.
Can you talk a bit about ROI?
Cissel: We track probably 40 key performance indicators (KPI). One KPI my whole executive team is bonused on is revenue per tech and gross margin per tech. We are at the top of the benchmarks in that, and wouldn’t be able to do that without VSA. VSA allows us to automate processes that you could just kill with human hours. Take a look at patching. If you had to go out and individually patch every machine, it would be a daunting task. If you had to continue to download new data DEF files from an antivirus solution, it would be a daunting task. That is a clear ROI, and VSA gives us the ability to gain more gross profit revenue per technician than we have with any other tool.
It sounds like you’re able to standardize things across different customers, but also customize specific policies to fit different needs. Being able to do that and automate that through VSA obviously saves you a lot of time. On the flip side, it also makes your customers happier because they’re able to meet compliance requirements and policy needs.
Cissel: Exactly and it makes customer deployments more standard. If we wanted to with VSA, we could lock down every machine to the point that people wouldn’t be allowed to add anything to their computer. To me that would be a perfect world, but all my technicians tell me it would be a nightmare because then you have people calling in wanting to download the latest Java or Flash app, or whatever. Letting end users install whatever they like is a recipe for disaster. But instead of locking it down where you can’t add everything, you automate adding things users need like Java and Flash and such. You can go down the line with what you’re allowing to add. What happens is the life of the computer actually is longer because what gets installed is managed and controlled. Individual desktop computers aren’t like a car. If people drove their cars like they manage their computers you’d find millions of cars on the side of the road without oil and the engines blown up. People left to their own devices will add all kinds of software that could be dangerous and use the computer until it slows down to the point that it’s unusable. Then they’ll call somebody in to do all the automated maintenance and repair tasks that VSA does for us on a nightly basis.
You mentioned KPIs. Can you talk more about specifics?
Cissel: There are a couple things that most MSPs should be looking at. One of them is their service revenue per technician. A good benchmark is to have your total service department salaries be about a third of your service revenues. That means that for everything that you’re paying a technician fully loaded, that technician should be able to provide services for three times that amount of revenue.
On a monthly basis, we’re at 23 percent, so we’re between one-fourth and one-fifth. That means that we have, on average, fewer technicians managing more machines than most of our peers.
Another item is the number of trouble tickets per node. When you bring in a new customer you want to cut that down and keep measuring it. You may bring in a new customer who has one or two trouble tickets per month per node, but best in class is to have a half a trouble ticket or 0.5 tickets per node out in the field.
Really world-class is having 0.25 tickets per node out in the field. What that’s telling you is that you’re using your onboarding processes to help identify and resolve problems. You’re using the tools that you have to to manage the computers, be proactive, and take care of stuff before a problem comes up.
With VSA, we look at the type and subtypes of tickets that we have every month and then we come up with a script that allows us to lessen the amount of occurrences of that particular type or subtype. Then our tickets per node go down.
We are about 0.42 to 0.47 tickets per node.
Our service managers ― that’s one of the KPIs that they’re gauged on.
Another KPI is monthly service revenue per service person. A good benchmark is about $15,000-$16,000. That means that your service people are able to handle more revenue. Instead of one customer you want them to handle multiple customers.
We are about 50 percent north of that figure.
The AuthAnvil Story
We understand you also use Kaseya AuthAnvil for authentication and password management.
Cissel: We were doing a fair amount of work with banks and credit unions, and some HIPAA related work, and have completely bought into the multi-factor authentication approach.
In a perfect world, none of our technicians would know the passwords to any of our customers’ servers. If that technician left, you don’t want something to be compromised. AuthAnvil allows us to get to that point. Our technicians come in in the morning. They log in using AuthAnvil. They go to the password server and that’s how they get to our customer servers. It allows us to have a log of what our technicians do in our customers’ machines in case that ever comes into question.
Is that a real driver for customers, to be able to hide those passwords?
Cissel: You can tell customers until you’re blue in the face they need to use strong passwords or dual sign-on or multi-factor authentication, but until an event happens either to them or in their industry, they’re pretty deaf to it. However, we’re finding more and more people over the past year have been asking about it. We had two customers recently that are in healthcare who were like, how safe are we? What are you guys doing for us? Now with AuthAnvil we can say “this is what we can do for you.”