SlideShare a Scribd company logo
1 of 11
Download to read offline
Page 1 of 11
Internal Use Only
For UK MSP, optimizing customer
experience is key to successful
security posture and productivity
Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new
heights, even as its users move increasingly to hybrid IT models.
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender.
Dana Gardner: Welcome to the next edition of the BriefingsDirect podcast series. I’m Dana
Gardner, Principal Analyst at Interarbor Solutions, your host and moderator.
For managed service providers (MSPs), making the IT infrastructure as invisible as possible
isn’t just a “nice-to-have" — it's also elemental to delivering the best customer experience.
Securing IT for these tech services and support users is no different. The less complexity and
interference with productivity from the underlying security apparatus — the better.
Today’s BriefingsDirect security innovations discussion examines how Scottish MSP Grant
McGregor Ltd. has taken the customer experience imperative to new heights — even as its
users move increasingly to hybrid IT models.
Here to share their story of better managing the security
experience as a means of enhancing the overall IT services
value are our guests, David Lawrence, Co-Founder and
Director of IT Support Services and Advice at Grant McGregor
in Edinburgh. Welcome, David.
David Lawrence: Thank you for having us.
Gardner: We are also joined by Paul Sinclair, Head of IT
Service at Grant McGregor. Welcome, Paul.
Paul Sinclair: Hi, Dana. Many thanks for allowing us to have
this opportunity to share our story.
Gardner: David, what are some of the top trends driving the need for MSPs like yourselves to
provide risk management solutions that go beyond just endpoint security?
Lawrence: We typically talk about the threat landscape in the context of the threat actor. What
we’ve seen over the last couple of years -- with the need for hybrid working – is really focusing
now on keeping the honest, honest -- and the right, right. That’s the knowledge worker, the poor
person in the organization who’s trying to do the best they can in a challenging environment.
We see organizations doubling down and asking for our advice on helping them stay right, and
that’s through conditional-access policies to protect the organization while away from the central
network and with security-awareness training that helps educate those people on best practices.
Lawrence
Page 2 of 11
Internal Use Only
With cloud protection and cloud backup, a lot of organizations have made further grounds into
the cloud landscape on how they can best protect their organizational data. Critically, people are
more aware now of managed detection and response (MDR) and extended detection and
response (XDR) services. They feel that they want a security [blanket] on their organization
wherever those people might be working.
Gardner: Tell us about Grant McGregor. What distinguishes you in your mind from other
MSPs? How do you enhance your customer experience in particular?
Work safely with the right tech support
Lawrence: With 20 years of experience in delivering world-class people support and
technology services, we’ve now grown to 21 people who deliver support and advice to more
than 1,500 customers and their endpoints.
We want our customers to thrive by creating better and safer places for them to work. And that’s
critical. People want to be productive. They want to feel that they have an MSP like us watching
out for them. Our service desk team delivers people-centric support, protecting the people
themselves and their endpoints. We provide proactive support and administration -- just like an
outsourced IT department would.
Our professional services team delivers what we consider a standard practice, but I’m amazed
that sometimes it’s not. That’s the quarterly business reviews. Those are really important for
providing the advice and guidance for our customers as they make and continue the journey to
Microsoft Azure cloud – with security as a service (SECaaS), cloud as a service (CaaS). I think
our strength is triage with all their other partners in that sort of technology ecosystem.
Gardner: Paul, how are your needs for securely delivering IT services and support different
from three years ago? What are some of the trends driving your ability to adjust and improve to
deliver the best possible experience for your customers?
Sinclair: Well, as you know, the world is a much different
place than it was three years ago. We’ve had to adjust our
own practices. We’ve had a pandemic; we have other crises
in the world at the moment as well.
So, we’ve had to adjust as a business and learn how to
work remotely, work in a hybrid model, but at the same time
deliver that high-end, 100 percent world-class service that
we too strive to do. Not only that, but we’ve also had to
support our own client base and our client users with their
hybrid and remote working needs by identifying and
delivering the right security products that keep our
customers safe – and their customers safe, as well.
Lawrence: It takes a layered approach. For example, only
yesterday we had a threat actor maliciously trying to sneak through. So it requires a number of
Sinclair
Page 3 of 11
Internal Use Only
protection measures in place -- from email protection, to education, to security awareness
training, and filtering, as well as using Bitdefender’s Managed Detection and Response (MDR).
And it was only at the last minute through the human firewall, of clicking on the link to remove
that email, using Bitdefender, in this case, and the MDR service. It had our back and blocked it.
So, again, we’re very focused on educating our customer base. No one size fits all. What we
need is a layered approach to security.
Gardner: Because you’re servicing different regions of the UK and you’re servicing different-
sized organizations, you need to readily scale up and scale down. How difficult is it to serve the
biggest and smallest of your customers?
The future is partnerships and co-management
Lawrence: There are some challenges. Our sweet spot is probably the 20- to 70-seat-sized
organizations. And we’ve strategically made our people-centric services agile enough for those
numbers.
The criticality of that is that we want strong partners
and strong solutions. We need to know how those
solutions work to gain the best out of them. Then all
of our people can know what they’re meant to be
doing. That’s always been a bit of a journey.
Where we are now is we’re very confident that in using providers like Bitdefender, Proofpoint,
and N-Able that we are using leading-edge solutions. But critically, there needs to be a
partnership, and that needs to come from our providers.
Our next growth is through co-managed IT services. That’s a really great place to be over the
next couple of years. That’s because we can take what we’ve learned, the tool sets we have,
and our partnerships – such as we have with Bitdefender -- and deliver and scale those co-
managed security services to help our customers’ stressed and time-strapped IT departments.
Gardner: What do those co-managed services typically consist of?
Lawrence: You’ve seen the data. It’s incredible in this day and age that a lot of organizations --
even still in the UK -- are not patching the way they should. You would think that would be the
number-one priority for these IT departments, to patch with the latest Windows updates, and on
the applications, too. But that still isn’t the case. We’re cyber essentials assessors, and we see
that for our non-support customers.
So, we want to help them and allow them to focus on the strategic side of their organizations.
We have the tool sets to enable them to patch their endpoint devices effectively and attain that
very minimal first-level knowledge that they’re secure. And then we can work with them on the
SECaaS value. That’s where we can add real value from the experiences we’ve learned from
and from the partnerships that we have.
Gardner: Paul, how do you overcome the challenges your customers have with integrating
security tools? So often security consists of many different tools, many different underlying
technologies. How do you go about that making that all invisible to them?
We want strong partners and
strong solutions. We need to
know how those solutions work
to gain the best out of them.
Page 4 of 11
Internal Use Only
Sinclair: When David and I first started out many years ago, you needed different applications
from different vendors to secure all the threats that were out there. But it was a lot of work and
took a lot of time and effort using different products. Over the years, Bitdefender has given us
the capability to have a security suite of web protection, a firewall, endpoint protection, USB
control, and other security options.
Having this one product as a cloud-based solution -- and that has the integration options with
our professional services automation (PSA) and remote monitoring and management (RMM)
system as well -- allows us to deploy basically one RMM agent that allows several different
security controls to be deployed to any PC at any company very, very quickly. It makes the
technical support of that extremely easy. It also makes the deployment and the onboarding of
new customers very efficient.
Gardner: Yes, as more of us are more remote across organizations, that has hastened the
movement to a remote control agent approach to security. Do you agree, Paul?
Sinclair: Absolutely, yes. It certainly makes it easier than back in the old days of running around
to different PCs and asking users to give up their time during the day to allow us to do that. Now
we can do that remotely, silently, and very effectively.
Lawrence: We have seen in our MSP peer group in Scotland, and in the UK, that they are
cementing their processes and procedures around one or two key products, and in some cases
the customer solution. I’m sure this is the same in the United States among mature MSPs. You
can only support what you know. You can only train and certify on one key product and in one
key area to be the master of one, but not necessarily the master of many.
With Bitdefender, and the other security partners we have, this allows us to focus -- but also put
that known stack in place for customers, knowing that we have their backs. And sometimes
there are awkward questions from the customers, saying, “Well, you know, I kind of prefer to do
it this way” … or “Can I keep this or that security solution?”
Well, we learned from maturity and having the right security
posture that the answer needs to be, “No, the answer is no.
We’re putting our security stack in to best protect you. And
you can hold us accountable, but it needs to be our
technology, provided by our partners.”
Gardner: Even as so many organizations are moving to the cloud model, so much of security
issues comes back to email. Especially in smaller organizations, email remains the source of a
lot of security hiccups.
How important is picking the right email partner and tools in your overall security posture? What
have you found as the right approach to a steady path of productivity given the inherent risks of
email?
Lawrence: So, as recently as six years ago, we were probably spending about 60 percent of
our day managing email security. You know, the false positives, the stuff that shouldn’t be
getting through, and all of the headaches that come from malware and ransomware. It was
causing us real pain points.
[Customers] can hold us
accountable, but it needs
to be our technology,
provided by our partners.
Page 5 of 11
Internal Use Only
Manage email messages and educate end users
Sinclair: There are global threats and new sophisticated ways that we’re seeing daily through
which criminals are trying to harvest your data. You need the right email security solution that
keeps up with the times. Those providers can figure out for you what the new threats are on the
back end. Also, we’re no longer having to log on to the systems daily or weekly and tweaking
the settings here and there like we used to.
One point I would emphasize as well is email security
training for the end users. It’s a big must now, and we’re
promoting that to our clients. It only takes one lapse in
concentration when some of these busy workers remove
a dodgy email from quarantine. Then, before you know it,
you can be in some real serious bother. So, I’m a big
champion of email security training as well as being on
top of your security solution updates.
Gardner: Right. Even using the best technology, being successful at security reverts back to
behavior. It’s an intangible aspect to all of this. Also, as providers of the best customer
experience, you want to embed security measures, make them invisible. That means you need
to have the instant visibility into what’s going on in order to react.
So, how well do your tools provide the insights needed to fully exploit the security technology?
Lawrence: There are two sides of the coin when it comes to visibility. One is the proactive
nature of being able to look at the data in real time and to make assessments, and the other is
to then feed that back to the client.
The reactive nature of the security tools is probably most important because you want to jump
on that quickly and effectively to remove threats and then to communicate that to the customer -
- what’s happening real time -- and how we’re helping them to quickly get back to a safe place.
We’re choosing solutions that are mature, are a good fit for us, and that also integrate into our
PSA and RMM systems. And, you know, Bitdefender, Proofpoint, and other solutions that we
use all have APIs (Application Programming Interfaces) that allow us then to interconnect
services whereby we can build automation and remove the noise.
A lot of the time now, the artificial intelligence (AI) solves problems for us. Other times, we still
need the technology support officers in our organization to see the threats and react quickly.
Again, only yesterday we had an incident. Thankfully, the third layer of security jumped in -- and
that was Bitdefender. We were all over it very quickly, and we could jump into the ConnectWise
and other systems and say, “Yeah, we know exactly how that threat transpired and where it
came from.”
The first gate was closed, but the user opened it. The second gate was closed, but the user
decided to open that one, too. And lastly, the third gate was definitely shut and was definitely
not opening. And that was Bitdefender MDR.
It only takes one lapse in
concentration when some of
these busy workers remove a
dodgy email from quarantine.
Then … you can be in some
real serious bother.
Page 6 of 11
Internal Use Only
Everything in the world is so quick now, much quicker that it was 10 or 20 years ago. Everybody
wants to be able to report data and jump on things quickly. So, yeah, it’s just the right tool set
that integrates into our solutions.
Gardner: Paul, what do you look for when it comes to consoles and a management overview?
Or even taking the next step to provide compliance and auditing requirements? How do those fit
into your customer experience needs when it comes to visibility?
A single pane of transparent glass
Sinclair: We use a reporting service that hooks into our PSA and different security solutions.
We send these reports automatically and directly from the product set to the clients on a
monthly basis. It shows the non-human tickets, but it also demonstrates the trust in the security
services because it shows items that have technically been blocked, deleted, or quarantined. As
part of the AI process that David was talking about, these tickets are logged, the product has
done the job, and then the ticket is closed.
For us, we’re showing the added value that the security solutions are providing for the client. So
then, they have transparency of the tickets that we are doing -- and the security solutions that
we’ve put in place as well. That’s automated so we are not using the time on the person’s
device to do fault finding. And, for us, we found that is really valuable, these reports, and the
clients certainly do as well. They look forward each month to receiving them, and we get
feedback on them every month. It’s a great service and tool that we’ve built for that.
Gardner: David, you mentioned Bitdefender and the tools you’re using from them. Give us an
overview of what you’re using and how they fit together to meet your needs as an MSP. I’m also
wondering if you’re relying on the Bitdefender Security Operations Center (SOC).
Lawrence: We’ve been with Bitdefender for a number of years now. The irony is we were using
malware solutions in the past that had a Bitdefender engine. The irony was the vendor just
wasn’t just cutting it for us. So, we went to work with Bitdefender directly. We have the
confidence that it’s a grown-up solution.
They have been around for many years, and they’re always at the forefront of the technology.
The way Bitdefender works for us is we use Bitdefender GravityZone, so every one of our
customers will have that standard stack. And then, on top of that, we use Bitdefender EDR and
advanced threat technology to secure the endpoints. So, for us, that’s just a given. It’s got that
great layer of protection.
I think of those horrible words in our industry, the “single pane of glass” expression, but that’s
what it provides. The Bitdefender GravityZone always evolves, changes, and develops. And, for
us, that single pane of glass is a very good system to go in there and see what’s going on in that
environment. Last year, we adopted the MDR service from Bitdefender and dipped our toes in
that with a couple of our professional services customers.
The solution doesn’t just reactively address threats. They
do threat hunting for us. We give them a lot of information
on the customer. They look at domain names, their threat
landscape, and provide that in a security center so that
The solution doesn’t just
reactively address threats.
They do threat hunting for us.
Page 7 of 11
Internal Use Only
we can resell that to our customers. We were open to our customers about who ultimately was
providing that, and we would work with that partner to have our customers’ back.
There’s been so many occasions this year that Bitdefender has jumped on to alerts and
challenges with endpoints. And then ultimately we’ve worked together, even saying, that’s fine,
let’s exclude that, or as was the case yesterday, they blocked that threat -- and that’s what we
want. Sometimes when you hear technology providers say, “Here’s the service,” and they
describe it, you think it’s too good to be true. And actually, that’s not been the case for
Bitdefender. It really has worked, and they really have delivered on the MDR service.
Gardner: Paul, anything you’d like to add to your use of Bitdefender, and then also the SOC
opportunity?
Sinclair: In terms of the SOC, once we are able to give the right information to Bitdefender, do
you know what that allows us to do? It gives us the confidence that the user habits on the PCs
are being monitored, and anything that’s unusual is being picked up on.
One of the first things I remember saying to David, once
we started seeing the results coming through, was, “Do
you know what? I can go to bed at night now and have
that good night’s sleep that we never used to get.” You
know, you had something niggling in the background.
But now I go to bed at night – or on the weekends –
with that confidence that user habits are being
monitored and looked at and picked up on. And that’s
whether that user is in the office, working late, or it’s
irrelevant of whatever location in the world they’re in. We know it’s being monitored. For that,
and what we did, it’s just second to none.
Gardner: A lot of the benefit that large, sophisticated enterprises had when it came to
monitoring behavior and analyzing it didn’t translate down to the smaller organizations, of say
40 to 50 seats. But now with SOC-as-a-service, if you will, the very best of analysis and
behavior tracking can be brought to just about anyone.
Sinclair: Absolutely, because when you go to smaller clients than that of 10, 20, or 25, where
the user behavior is not necessarily at a company level, they’re still being monitored -- and
they’re able to work elsewhere.
We had an example not long ago where an end user decided that they were going to go on
holiday and still work, but not let the organization know that they were away. They couldn’t do
anything because Bitdefender realized the PC was out of the country and was trying to connect
through unsecured networks -- at hotels, restaurants, and things like that. It just blocked them
from being able to do anything. So, we were approached by that user, and we were able to then
pass that information back on to the client organization ourselves. We acted as the eyes and
ears for them.
Lawrence: When we integrated our organization using the Bitdefender MDR service, they had
the goal of securing and providing us a SOC capability to the smaller businesses.
I can go to bed at night now
and have that good night’s
sleep that we never used to
get. … Now I [have] that
confidence that user habits
are being monitored and
looked at and picked up on.
Page 8 of 11
Internal Use Only
Before that, a couple of years ago, there was a manual process between us and the team in the
States. We were filling in a spreadsheet, giving them as much customer information -- with the
customers’ support -- to understand their organization and ultimately the threat landscape.
Fast-forward a couple of years, and Bitdefender has given us the maturity and MDR foundation
so that the process for us as an MSP is a lot easier to get our customers on board with that
SOC service. Now we don’t need to spin up a spreadsheet and fill it in. We can jump into the
single pane of glass that Bitdefender provides and put up that service straight away and provide
them all the information to get those customers secure and enjoying that SOC center.
Gardner: I’d like to quantify some of what we’ve talked about. So, I’m looking for metrics of
success. What ways do you measure the overall impact on your customers and their
experience? How do you know you’re doing it right and whether your suppliers like Bitdefender
are getting the job done?
For healthy, happy customers, take their temperature
Lawrence: As an organization, we’re really focused on customer experience, and we have a
customer improvement board in our ConnectWise system. We’re consciously seeking that and
adjusting feedback from our customers accordingly.
And what’s great with the right tool set in place is it’s so different from the noise that we were
describing earlier, about having the wrong security product years ago, and all the wrong
malware and ransomware protection in place. It really caused us headaches.
Now, when we review our customer happiness
factor, we use Customer Thermometer. And years
ago, our customer happiness was probably around
94 percent. But over the last 12 months, we’ve had
a customer happiness score of 97.8 percent. That’s
telling us weekly, monthly, quarterly, and annually
that we’re doing as good a job as we can.
We also survey the key contacts, our key client IT partners within the organization, every six
months on the net promoter score (NPS). Again, that’s very positive compared to where it had
been. We’re at 69 now, which I think is world class, and 75 percent of promoters. So again,
we’re very happy.
And that’s not all just down to selecting the right security tools. That’s having all people that can
communicate in English and set the right expectations. But again, so much of our frustrations --
and probably the industry’s frustrations -- come from the wrong tool set. We need the right tools
to do our job. That’s critical.
Gardner: Paul, any favorite indicators that assure you of that good night sleep?
Sinclair: Absolutely. Looking at the numbers, we’re seeing a 47 percent decrease in malware
infections between our clients from last year to this year. That’s a massive number in a single
year.
[We have] a customer happiness
score of 97.8 percent. That tells
us weekly, monthly, quarterly,
and annually that we’re doing as
good a job as we can.
Page 9 of 11
Internal Use Only
And that’s not just malware numbers. That has knock-on numbers in terms of technical
administration cost savings by using Bitdefender and effectively creating and closing tickets on
our PSA system. That’s a 23 percent improvement so far from last year.
What it shows us is we are evolving, and Bitdefender and that technology is evolving with us in
the right direction. As long as we see these numbers constantly where they need to be, then
yeah, that’s amazing.
Lawrence: The old frustrations were sticking an antivirus malware protection tool on the
machines and having the opposite effect for productivity. The wrong malware protection was
dragging the poor machines down. I think Paul told me earlier that it was a 10 percent
performance gain that we’ve had since using Bitdefender.
Sinclair: Just having that smaller footprint is a big
improvement, isn’t it? That smaller footprint from three,
four, or five different security products now wrapped down
into one. Between the two of us, David and I have been
working in this industry for 60 years. We’ve reviewed our
security products so often over our 21 years at Grant McGregor from the start and across
different technologies. But if the tools weren’t working for the customer, they won’t work for us.
So far with Bitdefender, we have confidence year after year. We’re no longer sitting down and
reviewing the Bitdefender technology and stack. We just recommend them as our first product
whenever we onboard a new client or user. Bitdefender is the first product that’s recommended
and it’s the first product that goes in. Not one client ever has said no.
Gardner: Those are very impressive numbers, and I commend you for them. But, of course, we
can’t rest on our laurels. We have to look for where we go next. For security, it’s never good
enough, right?
So, what comes next for Grant McGregor? You mentioned co-managed services, for example.
What solutions do you look to next, and how can your providers help you get there?
Keep the honest, honest, and work smarter
Lawrence: We’re in exciting times with exciting new technology. Without the distractions of
what’s happening for us in Britain and in Europe, I think there are two trends.
As an organization, we’re focused on helping the end user stay right and honest -- and that
means helping put in the right tool set. Those will be focused on data loss protection, enforcing
policies for the endpoint, and education systems for security awareness.
Rather than focus – as the industry often does – on external threats, we want to keep the
honest, honest. That’s, first off, an easier sell. Second of all, that means living up to our values.
We are supporting the end users and the organization to navigate all the threats out there, but
from internally and then outward.
If the tools weren’t
working for the customer,
they won’t work for us.
Page 10 of 11
Internal Use Only
The co-managed space is going to be huge. As an MSP – and there are a lot of us out there –
maybe not all of us are doing the right things, but we’re all competing and trying to grab each
other’s customers.
The natural direction is to the co-managed space, where we can pass on those years of
experience with using the right tool sets. Unfortunately, soon in the UK, that will be to the cash-
strapped IT department and the time-poor departments. They are going to need and want our
expertise and advice so they can get on with doing the strategic work that they want to focus on.
We’ll be providing to them the patching-as-a-service, the co-managed IT support-as-a-service
(SaaS), the email-as-a-service (EaaS), and the backup-as-a-service (BaaS).
We’re already making traction in that space, and we’re excited about that. So, those two growth
spots are there for us.
Gardner: David mentioned the unfortunate predictions across the globe for difficult economic
times ahead. Doing more with less becomes the imperative across the board. So, that usually
means higher productivity -- and that usually means working smarter, not necessarily harder.
What do you see in the next stages in terms of how you can help your customers do more with
less from the MSP perspective?
Sinclair: It is all about being smarter, isn’t it? For us with the technology that David has touched
on, I think we need to look a bit further into the future. And where does that take us? It takes us
down that AI route and getting the users to try and help themselves along that route while we
keep ourselves up to date with the latest technologies. It means watching for the new threats --
because they are constant. I see us soon taking on more AI and use more of that intelligence to
keep the productivity levels where they need to be.
Lawrence: Digital transformation is a big
space for customers to get their heads
around -- and productivity is absolutely a
must as they move to cloud services and
platforms. Again, only recently Microsoft
released more products and services. And,
again, it’s our job as a technology provider to help educate our customers on that new
landscape and to use tools such as business intelligence and to get the best from the Microsoft
applications.
There’s a lot of new automation there that the customers can build upon, and I think their fear is
just how they can get their heads around it. For us, it’s about partnering with the right people to
pass on those skill sets to the smaller businesses.
Gardner: I’m afraid we’ll have to leave it there. You’ve been listening to a sponsored
BriefingsDirect discussion on making the security infrastructure as invisible as possible as an
essential ingredient to delivering the best overall IT customer experience.
We’ve learned how Scottish MSP Grant McGregor has taken the end users’ productivity and
satisfaction to new heights, even as these customers increasingly move to hybrid IT models and
face new forms of security risks.
Digital transformation is a big space for
customers to get their heads around – and
productivity is absolutely a must as they
move to cloud services and platforms.
Page 11 of 11
Internal Use Only
So please join me in thanking our guests, David Lawrence, Co-founder and Director of IT
Support Services and Advice at Grant McGregor. Thank you so much, David.
Lawrence: Thank you very much.
Gardner: And a big thank you to Paul Sinclair, Head of IT Service at Grant McGregor. Thank
you, sir.
Sinclair: Thank you, Dana, it’s been an absolute pleasure.
Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions. Your host and moderator
for this ongoing series of BriefingsDirect discussions. A big thank you as well to our sponsor,
Bitdefender, for supporting these presentations.
I extend a thank you as well to our audience for joining. Please pass this on to your IT and
security communities, and do come back next time.
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender.
Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new
heights, even as its users move increasingly to hybrid IT models. Copyright Interarbor Solutions, LLC, 2005-2023. All
rights reserved.
You may also be interested in:
• How an MSP brings comprehensive security services to diverse clients
• Better IT security comes with ease in overhead for rural Virginia county government
• SambaSafety’s mission to reduce risk begins in its own datacenter security partnerships
• How MSP StoredTech brings comprehensive security services to diverse clients using
Bitdefender
• For a UK borough, solving security issues leads to operational improvements and cost-
savings across its IT infrastructure
• How an Architectural Firm Retains Long-Term Security Confidence Across a Fully Virtualized
and Distributed Desktop Environment
• Regional dental firm Great Expressions protects distributed data with lower complexity thanks
to amalgam of Nutanix HCI and Bitdefender security
• How MSPs Leverage Bitdefender’s Layered Approach to Security for Comprehensive Client
Protection
• Kansas Development Finance Authority gains peace of mind, end-points virtual shield using
Hypervisor-level security

More Related Content

Similar to For UK MSP, optimizing customer experience is key to successful security posture and productivity

MTB_REPORT_WIPRO_0406
MTB_REPORT_WIPRO_0406MTB_REPORT_WIPRO_0406
MTB_REPORT_WIPRO_0406
Elliot Tally
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
sarah kabirat
 
Inside Networks Article May 2013
Inside Networks Article May 2013Inside Networks Article May 2013
Inside Networks Article May 2013
Ian Moyse ☁
 

Similar to For UK MSP, optimizing customer experience is key to successful security posture and productivity (20)

Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let It
 
Optiv Security Award Write Up
Optiv Security Award Write UpOptiv Security Award Write Up
Optiv Security Award Write Up
 
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
How Unisys and Dell EMC Together Head Off Backup Storage Cyber Security Vulne...
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
Identity and Access Management as a Service Gets Boost with SailPoint's Ident...
 
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
 
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdfCrucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdf
 
Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint Security
 
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
Growing Threats Make Application Security a Pervasive Necessity, Rather than ...
 
What MSPs Can and Cant Do For You in 2022 Whitepaper by Protected Harbor
What MSPs Can and Cant Do For You in 2022 Whitepaper by Protected HarborWhat MSPs Can and Cant Do For You in 2022 Whitepaper by Protected Harbor
What MSPs Can and Cant Do For You in 2022 Whitepaper by Protected Harbor
 
Clearswift | Leading Provider of Advanced Content Threat Protection
Clearswift | Leading Provider of Advanced Content Threat ProtectionClearswift | Leading Provider of Advanced Content Threat Protection
Clearswift | Leading Provider of Advanced Content Threat Protection
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBook
 
Untitled document.otd
Untitled document.otdUntitled document.otd
Untitled document.otd
 
Redcentric Uses Advanced Configuration Database to Bring into Focus Massive M...
Redcentric Uses Advanced Configuration Database to Bring into Focus Massive M...Redcentric Uses Advanced Configuration Database to Bring into Focus Massive M...
Redcentric Uses Advanced Configuration Database to Bring into Focus Massive M...
 
MTB_REPORT_WIPRO_0406
MTB_REPORT_WIPRO_0406MTB_REPORT_WIPRO_0406
MTB_REPORT_WIPRO_0406
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Scr Tims
Scr TimsScr Tims
Scr Tims
 
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
 
Inside Networks Article May 2013
Inside Networks Article May 2013Inside Networks Article May 2013
Inside Networks Article May 2013
 
4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global4 Key Benefits of Managed IT Security Services – Devlabs Global
4 Key Benefits of Managed IT Security Services – Devlabs Global
 

Recently uploaded

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 

Recently uploaded (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization -  The evolution of API governanceAPI Governance and Monetization -  The evolution of API governance
API Governance and Monetization - The evolution of API governance
 

For UK MSP, optimizing customer experience is key to successful security posture and productivity

  • 1. Page 1 of 11 Internal Use Only For UK MSP, optimizing customer experience is key to successful security posture and productivity Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new heights, even as its users move increasingly to hybrid IT models. Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender. Dana Gardner: Welcome to the next edition of the BriefingsDirect podcast series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator. For managed service providers (MSPs), making the IT infrastructure as invisible as possible isn’t just a “nice-to-have" — it's also elemental to delivering the best customer experience. Securing IT for these tech services and support users is no different. The less complexity and interference with productivity from the underlying security apparatus — the better. Today’s BriefingsDirect security innovations discussion examines how Scottish MSP Grant McGregor Ltd. has taken the customer experience imperative to new heights — even as its users move increasingly to hybrid IT models. Here to share their story of better managing the security experience as a means of enhancing the overall IT services value are our guests, David Lawrence, Co-Founder and Director of IT Support Services and Advice at Grant McGregor in Edinburgh. Welcome, David. David Lawrence: Thank you for having us. Gardner: We are also joined by Paul Sinclair, Head of IT Service at Grant McGregor. Welcome, Paul. Paul Sinclair: Hi, Dana. Many thanks for allowing us to have this opportunity to share our story. Gardner: David, what are some of the top trends driving the need for MSPs like yourselves to provide risk management solutions that go beyond just endpoint security? Lawrence: We typically talk about the threat landscape in the context of the threat actor. What we’ve seen over the last couple of years -- with the need for hybrid working – is really focusing now on keeping the honest, honest -- and the right, right. That’s the knowledge worker, the poor person in the organization who’s trying to do the best they can in a challenging environment. We see organizations doubling down and asking for our advice on helping them stay right, and that’s through conditional-access policies to protect the organization while away from the central network and with security-awareness training that helps educate those people on best practices. Lawrence
  • 2. Page 2 of 11 Internal Use Only With cloud protection and cloud backup, a lot of organizations have made further grounds into the cloud landscape on how they can best protect their organizational data. Critically, people are more aware now of managed detection and response (MDR) and extended detection and response (XDR) services. They feel that they want a security [blanket] on their organization wherever those people might be working. Gardner: Tell us about Grant McGregor. What distinguishes you in your mind from other MSPs? How do you enhance your customer experience in particular? Work safely with the right tech support Lawrence: With 20 years of experience in delivering world-class people support and technology services, we’ve now grown to 21 people who deliver support and advice to more than 1,500 customers and their endpoints. We want our customers to thrive by creating better and safer places for them to work. And that’s critical. People want to be productive. They want to feel that they have an MSP like us watching out for them. Our service desk team delivers people-centric support, protecting the people themselves and their endpoints. We provide proactive support and administration -- just like an outsourced IT department would. Our professional services team delivers what we consider a standard practice, but I’m amazed that sometimes it’s not. That’s the quarterly business reviews. Those are really important for providing the advice and guidance for our customers as they make and continue the journey to Microsoft Azure cloud – with security as a service (SECaaS), cloud as a service (CaaS). I think our strength is triage with all their other partners in that sort of technology ecosystem. Gardner: Paul, how are your needs for securely delivering IT services and support different from three years ago? What are some of the trends driving your ability to adjust and improve to deliver the best possible experience for your customers? Sinclair: Well, as you know, the world is a much different place than it was three years ago. We’ve had to adjust our own practices. We’ve had a pandemic; we have other crises in the world at the moment as well. So, we’ve had to adjust as a business and learn how to work remotely, work in a hybrid model, but at the same time deliver that high-end, 100 percent world-class service that we too strive to do. Not only that, but we’ve also had to support our own client base and our client users with their hybrid and remote working needs by identifying and delivering the right security products that keep our customers safe – and their customers safe, as well. Lawrence: It takes a layered approach. For example, only yesterday we had a threat actor maliciously trying to sneak through. So it requires a number of Sinclair
  • 3. Page 3 of 11 Internal Use Only protection measures in place -- from email protection, to education, to security awareness training, and filtering, as well as using Bitdefender’s Managed Detection and Response (MDR). And it was only at the last minute through the human firewall, of clicking on the link to remove that email, using Bitdefender, in this case, and the MDR service. It had our back and blocked it. So, again, we’re very focused on educating our customer base. No one size fits all. What we need is a layered approach to security. Gardner: Because you’re servicing different regions of the UK and you’re servicing different- sized organizations, you need to readily scale up and scale down. How difficult is it to serve the biggest and smallest of your customers? The future is partnerships and co-management Lawrence: There are some challenges. Our sweet spot is probably the 20- to 70-seat-sized organizations. And we’ve strategically made our people-centric services agile enough for those numbers. The criticality of that is that we want strong partners and strong solutions. We need to know how those solutions work to gain the best out of them. Then all of our people can know what they’re meant to be doing. That’s always been a bit of a journey. Where we are now is we’re very confident that in using providers like Bitdefender, Proofpoint, and N-Able that we are using leading-edge solutions. But critically, there needs to be a partnership, and that needs to come from our providers. Our next growth is through co-managed IT services. That’s a really great place to be over the next couple of years. That’s because we can take what we’ve learned, the tool sets we have, and our partnerships – such as we have with Bitdefender -- and deliver and scale those co- managed security services to help our customers’ stressed and time-strapped IT departments. Gardner: What do those co-managed services typically consist of? Lawrence: You’ve seen the data. It’s incredible in this day and age that a lot of organizations -- even still in the UK -- are not patching the way they should. You would think that would be the number-one priority for these IT departments, to patch with the latest Windows updates, and on the applications, too. But that still isn’t the case. We’re cyber essentials assessors, and we see that for our non-support customers. So, we want to help them and allow them to focus on the strategic side of their organizations. We have the tool sets to enable them to patch their endpoint devices effectively and attain that very minimal first-level knowledge that they’re secure. And then we can work with them on the SECaaS value. That’s where we can add real value from the experiences we’ve learned from and from the partnerships that we have. Gardner: Paul, how do you overcome the challenges your customers have with integrating security tools? So often security consists of many different tools, many different underlying technologies. How do you go about that making that all invisible to them? We want strong partners and strong solutions. We need to know how those solutions work to gain the best out of them.
  • 4. Page 4 of 11 Internal Use Only Sinclair: When David and I first started out many years ago, you needed different applications from different vendors to secure all the threats that were out there. But it was a lot of work and took a lot of time and effort using different products. Over the years, Bitdefender has given us the capability to have a security suite of web protection, a firewall, endpoint protection, USB control, and other security options. Having this one product as a cloud-based solution -- and that has the integration options with our professional services automation (PSA) and remote monitoring and management (RMM) system as well -- allows us to deploy basically one RMM agent that allows several different security controls to be deployed to any PC at any company very, very quickly. It makes the technical support of that extremely easy. It also makes the deployment and the onboarding of new customers very efficient. Gardner: Yes, as more of us are more remote across organizations, that has hastened the movement to a remote control agent approach to security. Do you agree, Paul? Sinclair: Absolutely, yes. It certainly makes it easier than back in the old days of running around to different PCs and asking users to give up their time during the day to allow us to do that. Now we can do that remotely, silently, and very effectively. Lawrence: We have seen in our MSP peer group in Scotland, and in the UK, that they are cementing their processes and procedures around one or two key products, and in some cases the customer solution. I’m sure this is the same in the United States among mature MSPs. You can only support what you know. You can only train and certify on one key product and in one key area to be the master of one, but not necessarily the master of many. With Bitdefender, and the other security partners we have, this allows us to focus -- but also put that known stack in place for customers, knowing that we have their backs. And sometimes there are awkward questions from the customers, saying, “Well, you know, I kind of prefer to do it this way” … or “Can I keep this or that security solution?” Well, we learned from maturity and having the right security posture that the answer needs to be, “No, the answer is no. We’re putting our security stack in to best protect you. And you can hold us accountable, but it needs to be our technology, provided by our partners.” Gardner: Even as so many organizations are moving to the cloud model, so much of security issues comes back to email. Especially in smaller organizations, email remains the source of a lot of security hiccups. How important is picking the right email partner and tools in your overall security posture? What have you found as the right approach to a steady path of productivity given the inherent risks of email? Lawrence: So, as recently as six years ago, we were probably spending about 60 percent of our day managing email security. You know, the false positives, the stuff that shouldn’t be getting through, and all of the headaches that come from malware and ransomware. It was causing us real pain points. [Customers] can hold us accountable, but it needs to be our technology, provided by our partners.
  • 5. Page 5 of 11 Internal Use Only Manage email messages and educate end users Sinclair: There are global threats and new sophisticated ways that we’re seeing daily through which criminals are trying to harvest your data. You need the right email security solution that keeps up with the times. Those providers can figure out for you what the new threats are on the back end. Also, we’re no longer having to log on to the systems daily or weekly and tweaking the settings here and there like we used to. One point I would emphasize as well is email security training for the end users. It’s a big must now, and we’re promoting that to our clients. It only takes one lapse in concentration when some of these busy workers remove a dodgy email from quarantine. Then, before you know it, you can be in some real serious bother. So, I’m a big champion of email security training as well as being on top of your security solution updates. Gardner: Right. Even using the best technology, being successful at security reverts back to behavior. It’s an intangible aspect to all of this. Also, as providers of the best customer experience, you want to embed security measures, make them invisible. That means you need to have the instant visibility into what’s going on in order to react. So, how well do your tools provide the insights needed to fully exploit the security technology? Lawrence: There are two sides of the coin when it comes to visibility. One is the proactive nature of being able to look at the data in real time and to make assessments, and the other is to then feed that back to the client. The reactive nature of the security tools is probably most important because you want to jump on that quickly and effectively to remove threats and then to communicate that to the customer - - what’s happening real time -- and how we’re helping them to quickly get back to a safe place. We’re choosing solutions that are mature, are a good fit for us, and that also integrate into our PSA and RMM systems. And, you know, Bitdefender, Proofpoint, and other solutions that we use all have APIs (Application Programming Interfaces) that allow us then to interconnect services whereby we can build automation and remove the noise. A lot of the time now, the artificial intelligence (AI) solves problems for us. Other times, we still need the technology support officers in our organization to see the threats and react quickly. Again, only yesterday we had an incident. Thankfully, the third layer of security jumped in -- and that was Bitdefender. We were all over it very quickly, and we could jump into the ConnectWise and other systems and say, “Yeah, we know exactly how that threat transpired and where it came from.” The first gate was closed, but the user opened it. The second gate was closed, but the user decided to open that one, too. And lastly, the third gate was definitely shut and was definitely not opening. And that was Bitdefender MDR. It only takes one lapse in concentration when some of these busy workers remove a dodgy email from quarantine. Then … you can be in some real serious bother.
  • 6. Page 6 of 11 Internal Use Only Everything in the world is so quick now, much quicker that it was 10 or 20 years ago. Everybody wants to be able to report data and jump on things quickly. So, yeah, it’s just the right tool set that integrates into our solutions. Gardner: Paul, what do you look for when it comes to consoles and a management overview? Or even taking the next step to provide compliance and auditing requirements? How do those fit into your customer experience needs when it comes to visibility? A single pane of transparent glass Sinclair: We use a reporting service that hooks into our PSA and different security solutions. We send these reports automatically and directly from the product set to the clients on a monthly basis. It shows the non-human tickets, but it also demonstrates the trust in the security services because it shows items that have technically been blocked, deleted, or quarantined. As part of the AI process that David was talking about, these tickets are logged, the product has done the job, and then the ticket is closed. For us, we’re showing the added value that the security solutions are providing for the client. So then, they have transparency of the tickets that we are doing -- and the security solutions that we’ve put in place as well. That’s automated so we are not using the time on the person’s device to do fault finding. And, for us, we found that is really valuable, these reports, and the clients certainly do as well. They look forward each month to receiving them, and we get feedback on them every month. It’s a great service and tool that we’ve built for that. Gardner: David, you mentioned Bitdefender and the tools you’re using from them. Give us an overview of what you’re using and how they fit together to meet your needs as an MSP. I’m also wondering if you’re relying on the Bitdefender Security Operations Center (SOC). Lawrence: We’ve been with Bitdefender for a number of years now. The irony is we were using malware solutions in the past that had a Bitdefender engine. The irony was the vendor just wasn’t just cutting it for us. So, we went to work with Bitdefender directly. We have the confidence that it’s a grown-up solution. They have been around for many years, and they’re always at the forefront of the technology. The way Bitdefender works for us is we use Bitdefender GravityZone, so every one of our customers will have that standard stack. And then, on top of that, we use Bitdefender EDR and advanced threat technology to secure the endpoints. So, for us, that’s just a given. It’s got that great layer of protection. I think of those horrible words in our industry, the “single pane of glass” expression, but that’s what it provides. The Bitdefender GravityZone always evolves, changes, and develops. And, for us, that single pane of glass is a very good system to go in there and see what’s going on in that environment. Last year, we adopted the MDR service from Bitdefender and dipped our toes in that with a couple of our professional services customers. The solution doesn’t just reactively address threats. They do threat hunting for us. We give them a lot of information on the customer. They look at domain names, their threat landscape, and provide that in a security center so that The solution doesn’t just reactively address threats. They do threat hunting for us.
  • 7. Page 7 of 11 Internal Use Only we can resell that to our customers. We were open to our customers about who ultimately was providing that, and we would work with that partner to have our customers’ back. There’s been so many occasions this year that Bitdefender has jumped on to alerts and challenges with endpoints. And then ultimately we’ve worked together, even saying, that’s fine, let’s exclude that, or as was the case yesterday, they blocked that threat -- and that’s what we want. Sometimes when you hear technology providers say, “Here’s the service,” and they describe it, you think it’s too good to be true. And actually, that’s not been the case for Bitdefender. It really has worked, and they really have delivered on the MDR service. Gardner: Paul, anything you’d like to add to your use of Bitdefender, and then also the SOC opportunity? Sinclair: In terms of the SOC, once we are able to give the right information to Bitdefender, do you know what that allows us to do? It gives us the confidence that the user habits on the PCs are being monitored, and anything that’s unusual is being picked up on. One of the first things I remember saying to David, once we started seeing the results coming through, was, “Do you know what? I can go to bed at night now and have that good night’s sleep that we never used to get.” You know, you had something niggling in the background. But now I go to bed at night – or on the weekends – with that confidence that user habits are being monitored and looked at and picked up on. And that’s whether that user is in the office, working late, or it’s irrelevant of whatever location in the world they’re in. We know it’s being monitored. For that, and what we did, it’s just second to none. Gardner: A lot of the benefit that large, sophisticated enterprises had when it came to monitoring behavior and analyzing it didn’t translate down to the smaller organizations, of say 40 to 50 seats. But now with SOC-as-a-service, if you will, the very best of analysis and behavior tracking can be brought to just about anyone. Sinclair: Absolutely, because when you go to smaller clients than that of 10, 20, or 25, where the user behavior is not necessarily at a company level, they’re still being monitored -- and they’re able to work elsewhere. We had an example not long ago where an end user decided that they were going to go on holiday and still work, but not let the organization know that they were away. They couldn’t do anything because Bitdefender realized the PC was out of the country and was trying to connect through unsecured networks -- at hotels, restaurants, and things like that. It just blocked them from being able to do anything. So, we were approached by that user, and we were able to then pass that information back on to the client organization ourselves. We acted as the eyes and ears for them. Lawrence: When we integrated our organization using the Bitdefender MDR service, they had the goal of securing and providing us a SOC capability to the smaller businesses. I can go to bed at night now and have that good night’s sleep that we never used to get. … Now I [have] that confidence that user habits are being monitored and looked at and picked up on.
  • 8. Page 8 of 11 Internal Use Only Before that, a couple of years ago, there was a manual process between us and the team in the States. We were filling in a spreadsheet, giving them as much customer information -- with the customers’ support -- to understand their organization and ultimately the threat landscape. Fast-forward a couple of years, and Bitdefender has given us the maturity and MDR foundation so that the process for us as an MSP is a lot easier to get our customers on board with that SOC service. Now we don’t need to spin up a spreadsheet and fill it in. We can jump into the single pane of glass that Bitdefender provides and put up that service straight away and provide them all the information to get those customers secure and enjoying that SOC center. Gardner: I’d like to quantify some of what we’ve talked about. So, I’m looking for metrics of success. What ways do you measure the overall impact on your customers and their experience? How do you know you’re doing it right and whether your suppliers like Bitdefender are getting the job done? For healthy, happy customers, take their temperature Lawrence: As an organization, we’re really focused on customer experience, and we have a customer improvement board in our ConnectWise system. We’re consciously seeking that and adjusting feedback from our customers accordingly. And what’s great with the right tool set in place is it’s so different from the noise that we were describing earlier, about having the wrong security product years ago, and all the wrong malware and ransomware protection in place. It really caused us headaches. Now, when we review our customer happiness factor, we use Customer Thermometer. And years ago, our customer happiness was probably around 94 percent. But over the last 12 months, we’ve had a customer happiness score of 97.8 percent. That’s telling us weekly, monthly, quarterly, and annually that we’re doing as good a job as we can. We also survey the key contacts, our key client IT partners within the organization, every six months on the net promoter score (NPS). Again, that’s very positive compared to where it had been. We’re at 69 now, which I think is world class, and 75 percent of promoters. So again, we’re very happy. And that’s not all just down to selecting the right security tools. That’s having all people that can communicate in English and set the right expectations. But again, so much of our frustrations -- and probably the industry’s frustrations -- come from the wrong tool set. We need the right tools to do our job. That’s critical. Gardner: Paul, any favorite indicators that assure you of that good night sleep? Sinclair: Absolutely. Looking at the numbers, we’re seeing a 47 percent decrease in malware infections between our clients from last year to this year. That’s a massive number in a single year. [We have] a customer happiness score of 97.8 percent. That tells us weekly, monthly, quarterly, and annually that we’re doing as good a job as we can.
  • 9. Page 9 of 11 Internal Use Only And that’s not just malware numbers. That has knock-on numbers in terms of technical administration cost savings by using Bitdefender and effectively creating and closing tickets on our PSA system. That’s a 23 percent improvement so far from last year. What it shows us is we are evolving, and Bitdefender and that technology is evolving with us in the right direction. As long as we see these numbers constantly where they need to be, then yeah, that’s amazing. Lawrence: The old frustrations were sticking an antivirus malware protection tool on the machines and having the opposite effect for productivity. The wrong malware protection was dragging the poor machines down. I think Paul told me earlier that it was a 10 percent performance gain that we’ve had since using Bitdefender. Sinclair: Just having that smaller footprint is a big improvement, isn’t it? That smaller footprint from three, four, or five different security products now wrapped down into one. Between the two of us, David and I have been working in this industry for 60 years. We’ve reviewed our security products so often over our 21 years at Grant McGregor from the start and across different technologies. But if the tools weren’t working for the customer, they won’t work for us. So far with Bitdefender, we have confidence year after year. We’re no longer sitting down and reviewing the Bitdefender technology and stack. We just recommend them as our first product whenever we onboard a new client or user. Bitdefender is the first product that’s recommended and it’s the first product that goes in. Not one client ever has said no. Gardner: Those are very impressive numbers, and I commend you for them. But, of course, we can’t rest on our laurels. We have to look for where we go next. For security, it’s never good enough, right? So, what comes next for Grant McGregor? You mentioned co-managed services, for example. What solutions do you look to next, and how can your providers help you get there? Keep the honest, honest, and work smarter Lawrence: We’re in exciting times with exciting new technology. Without the distractions of what’s happening for us in Britain and in Europe, I think there are two trends. As an organization, we’re focused on helping the end user stay right and honest -- and that means helping put in the right tool set. Those will be focused on data loss protection, enforcing policies for the endpoint, and education systems for security awareness. Rather than focus – as the industry often does – on external threats, we want to keep the honest, honest. That’s, first off, an easier sell. Second of all, that means living up to our values. We are supporting the end users and the organization to navigate all the threats out there, but from internally and then outward. If the tools weren’t working for the customer, they won’t work for us.
  • 10. Page 10 of 11 Internal Use Only The co-managed space is going to be huge. As an MSP – and there are a lot of us out there – maybe not all of us are doing the right things, but we’re all competing and trying to grab each other’s customers. The natural direction is to the co-managed space, where we can pass on those years of experience with using the right tool sets. Unfortunately, soon in the UK, that will be to the cash- strapped IT department and the time-poor departments. They are going to need and want our expertise and advice so they can get on with doing the strategic work that they want to focus on. We’ll be providing to them the patching-as-a-service, the co-managed IT support-as-a-service (SaaS), the email-as-a-service (EaaS), and the backup-as-a-service (BaaS). We’re already making traction in that space, and we’re excited about that. So, those two growth spots are there for us. Gardner: David mentioned the unfortunate predictions across the globe for difficult economic times ahead. Doing more with less becomes the imperative across the board. So, that usually means higher productivity -- and that usually means working smarter, not necessarily harder. What do you see in the next stages in terms of how you can help your customers do more with less from the MSP perspective? Sinclair: It is all about being smarter, isn’t it? For us with the technology that David has touched on, I think we need to look a bit further into the future. And where does that take us? It takes us down that AI route and getting the users to try and help themselves along that route while we keep ourselves up to date with the latest technologies. It means watching for the new threats -- because they are constant. I see us soon taking on more AI and use more of that intelligence to keep the productivity levels where they need to be. Lawrence: Digital transformation is a big space for customers to get their heads around -- and productivity is absolutely a must as they move to cloud services and platforms. Again, only recently Microsoft released more products and services. And, again, it’s our job as a technology provider to help educate our customers on that new landscape and to use tools such as business intelligence and to get the best from the Microsoft applications. There’s a lot of new automation there that the customers can build upon, and I think their fear is just how they can get their heads around it. For us, it’s about partnering with the right people to pass on those skill sets to the smaller businesses. Gardner: I’m afraid we’ll have to leave it there. You’ve been listening to a sponsored BriefingsDirect discussion on making the security infrastructure as invisible as possible as an essential ingredient to delivering the best overall IT customer experience. We’ve learned how Scottish MSP Grant McGregor has taken the end users’ productivity and satisfaction to new heights, even as these customers increasingly move to hybrid IT models and face new forms of security risks. Digital transformation is a big space for customers to get their heads around – and productivity is absolutely a must as they move to cloud services and platforms.
  • 11. Page 11 of 11 Internal Use Only So please join me in thanking our guests, David Lawrence, Co-founder and Director of IT Support Services and Advice at Grant McGregor. Thank you so much, David. Lawrence: Thank you very much. Gardner: And a big thank you to Paul Sinclair, Head of IT Service at Grant McGregor. Thank you, sir. Sinclair: Thank you, Dana, it’s been an absolute pleasure. Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions. Your host and moderator for this ongoing series of BriefingsDirect discussions. A big thank you as well to our sponsor, Bitdefender, for supporting these presentations. I extend a thank you as well to our audience for joining. Please pass this on to your IT and security communities, and do come back next time. Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender. Transcript of a discussion on how Scottish MSP Grant McGregor takes the customer experience imperative to new heights, even as its users move increasingly to hybrid IT models. Copyright Interarbor Solutions, LLC, 2005-2023. All rights reserved. You may also be interested in: • How an MSP brings comprehensive security services to diverse clients • Better IT security comes with ease in overhead for rural Virginia county government • SambaSafety’s mission to reduce risk begins in its own datacenter security partnerships • How MSP StoredTech brings comprehensive security services to diverse clients using Bitdefender • For a UK borough, solving security issues leads to operational improvements and cost- savings across its IT infrastructure • How an Architectural Firm Retains Long-Term Security Confidence Across a Fully Virtualized and Distributed Desktop Environment • Regional dental firm Great Expressions protects distributed data with lower complexity thanks to amalgam of Nutanix HCI and Bitdefender security • How MSPs Leverage Bitdefender’s Layered Approach to Security for Comprehensive Client Protection • Kansas Development Finance Authority gains peace of mind, end-points virtual shield using Hypervisor-level security