The founder of the UK’s “first” live evidence trustmark for MSPs says he is on a mission to “help the good MSPs win”.
Having sold his MSP Netstar to Air IT in 2020, Mit Patel is back as founder and CEO of Assurix.
Launching today, it is targeting 100 MSP members in year one and 1,500 over five years.
Talking to IT Channel Oxygen, Patel said it is “really weird and odd” that the MSP sector “doesn’t really have any standards that people have to adhere to”.
“Being a hairdresser, you need to have more qualifications than someone who runs an IT support company and gives cyber advice,” he said.
Assurix is Patel’s attempt to address this by introducing a trustmark for MSPs designed to prove they are secure, mature and resilient.
Unlike self-declared badges or once-a-year audits, it verifies controls in real time through integrations with the tools MSPs already use, including Microsoft 365, PSA, RMM and backup.
Giving MSPs “the carrot”
Assurix will attempt to convert MSPs to its cause using the “carrot” of what the trustmark will bring them, rather than the “stick” of incoming regulation, Patel said.
Although the UK Cyber Security & Resilience Bill will soon mandate higher standards for MSPs, it will initially cover just the largest players and may take two years to filter down to smaller ones, he acknowledged.
“What we’re trying to do is give MSPs the carrot,” Patel said.
“And the carrot for an MSP is that they should be able to win more clients, because for the first time they can actually prove they’re doing all these things live.”
With partnerships with insurers such as Beazley already in place, Assurix will also lower MSPs’ insurance premiums, Patel promised.
“The last real benefit is that by complying with our framework from a security and operational standpoint, they’ll be building value in their business. Whenever the time may come, they should get a higher valuation for their business,” he added.
“We’re educating SMEs on how to choose an MSP”
Assurix’s trustmark is aligned to the National Cyber Security Centre’s Cyber Assessment Framework (CAF) 4.0.
This means MSPs must comply with 40 CAF 4.0 controls, which Patel said Assurix has made more practical and prescriptive for MSPs. Some of this will be done automatically, he indicated.
MSPs must additionally work through 28 operational maturity measures, including ones relating to SLA and client patch adherence.
MSPs out of compliance for more than 30 days will be automatically suspended.
Assurix’s marketing strategy will include tarting SMEs via adverts on Sky TV, Patel said.
“Part of what we’re going to be doing is educating SMEs on actually how to choose an MSP provider. If they have an existing MSP provider, what questions or what things should they be looking for to reassure themselves that they’re going to give you a good outcome?” he explained.
Out of the circa 13,000 MSPs in the UK, around 6,500 have more than 2-3 staff, Patel claimed.
“Our addressable market is probably around 3,000 – 4,000 MSPs,” he said.
Netstar was the first MSP to sell up to Air IT at the start of the Nottingham-based buy-and-build’s roll-up journey.
“I grew my MSP to about £8m recurring revenue, and have seen most of the pains, problems and issues that are faced on an MSP owner’s journey,” Patel said.
“I wish that we had had something like this out there.”
Doug Woodburn is editor of IT Channel Oxygen
