Many MSPs that I speak to lean toward making major technology stack decisions based on a device-centric perspective. However, times have changed, and so should your approach to tech stacks and where you put your emphasis when thinking about tooling. Devices are simply one of many “things” that people need in order to make work happen and be productive.
Stop thinking so much about managing devices and start thinking about managing access. Did I get your attention? Read on.
Recently, I’ve started to do some research on the most commonly used tech stacks for MSPs. In my research I came across a lot of content describing the best tech stacks. I also came across a lot of information about how to approach thinking about your tech stack as an MSP. This is where things caught my attention.
The Most Common (But Outdated?) Approach
Typically, thought leaders and the like, start by bucketing the various tools into a few main categories. Chief of those categories is the “per device” category, and the category dominator is remote monitoring and management (RMM). What I see missing in these conversations, in the “per user” category, is a directory, IdP (identity provider), and IAM (identity and access management).
I asked myself why these crucial tools are missing from the conversation, and I’ve come to the conclusion that it’s likely a combination of things. Some of it might be that Active Directory is such a standard that there isn’t much thought given to other tools. It might be that more modern IdPs don’t really play nicely with the SME/SMB space, and subsequently MSPs, so MSPs don’t feel like they have a partner in the space.
It’s more likely that the common thinking among MSPs is that managing and securing devices is one of their first priorities, and the conversation about tooling/tech stack starts from that perspective.
To that last point, I’d like to propose a counter approach. To be clear, I am not going to argue that securing, managing, and troubleshooting devices isn’t a critical part of the value MSPs offer to their customers. Quite the contrary. I’d like to offer a different perspective from which to approach conversations about tech stacks for MSPs.
A Different Way to Approach the Tech Stack Conversation
Since COVID-19 hit in 2020, the shift to remote and hybrid work has swept the world—shocking news, I know. With the evolution in where work happens, a lot has changed in how we actually facilitate that work.
One example on the tooling side is VPNs. OpenVPN conducted a survey in May of 2020 in which they found that 68% of businesses expanded their usage of VPNs as a direct result of the pandemic, with 29% of businesses being first-time VPN users. Another figure from the same study is that 30% of companies have implemented other remote work capabilities. As we know today, this trend of remote and hybrid work isn’t going anywhere, and as such, these tools and IT practices are also here to stay.
With the now common understanding that remote and hybrid work are sticking around — as well as a reality of a more modern, cloud-based ecosystem of tools — I believe that it is time to think about identity and access management as the primary responsibility of all IT professionals, and especially MSPs. This includes securing and managing the identities themselves, as well as their secure access to all resources, including devices.
When you take a step back and think slightly more abstractly about the resources that employees use to get work done, a device is simply one of those resources. Again, this isn’t to say that devices aren’t highly complex, unique resources. Of course they are. They are also one of the only tools, in a modern, cloud-based, SaaS ecosystem, that are owned by the business. As such, the objective remains the same: enable secure, frictionless, continuous, and safe access to the resource.
If MSPs start thinking in this way, then answering the question “what is the best way for me to manage identities and access?” moves up significantly in the list of priorities when thinking about tooling and the tech stack. However, the answer to this question depends on your current stack, your customers’ needs, and many other factors.
Here are a few questions to think about when evaluating IAM platforms:
What resources can I manage access to with this tool?
What other tools become redundant by using this one, and can I save costs?
Maybe I’m too harsh. Maybe I’m not paying enough respect to the history of device management and its important role in enabling the growth of the MSP business. Until the mid-2000s, when remote management of devices became truly possible and cost-effective, the MSP industry was a completely different thing.
However, regardless of how you choose to view the points made in the article, remember that the world has evolved. The days of the domain controlled, on-prem infrastructure are quickly becoming a relic of the past. Work is happening anywhere and everywhere. Critical business tools, data, and applications are spread across a network as wide as the internet itself. Maybe it’s time to evolve the approach to tech stacks as well. Just a thought.