Share the newsletter and podcast with your colleagues, and help change the conversation around delivering technology services.
You May Have Missed...
Law passes to require MSP Registration
From Wednesday, July 1st's episode: The Louisiana Legislature has passed Act 117, Senate Bill 273, which goes into effect on Feb 1, 2021. It was signed into law on June 9th.
The law creates a registration for managed services providers and managed security providers doing business in the state with a public body. The law is designed to “provide access for public bodies to obtain information on MSPs and MSSPs” and to require both to report cyber incidents and payment of cyber ransom or ransomware.
The bill additionally defines both MSP and MSSP, cyber incidents, cyber ransom or ransomware, managed security service, provider, and public body.
From the bill: "Public body" means any branch, department, office, agency, board, commission, district, governing authority, political subdivision, or any other instrumentality of the state, parish, or municipal government, including a public or quasi-public nonprofit corporation designated as an entity to perform a governmental or proprietary function.
The bill also defines what must be reported: Each provider that manages a public body's information technology structure, security, or end-user systems in this state shall file an application for initial registration with the secretary of state consisting of the provider's name, address, telephone number, contact person, designation of a person in this state for service of process, and provide a listing of all officers, all directors, and all owners of ten percent or more of the provider. Additionally, the provider shall file a copy of its basic organizational documents, including but not limited to articles of incorporation, articles of organization, articles of association, or partnership agreement.
Registrations are effective for two years, and can be denied or revoked.
The law also sets requirements to notify the Louisiana Fusion Center of any cyber incident within twenty-four hours, provide information on any payments, and that these requirements are to be included in future contracts.
The bill also nullifies any contract for security services that is with a non-registered provider.
Why do we care?
Here it is! Long time listeners will know that I interviewed Secretary Ardoin about his reaction to the cyber incidents happening in the state, and he previewed that this was coming. It’s as he described.
Ah, the big question.
The definition of Public Body does appear to be focused on delivering services to the state government (and thus not the whole market), but I’m no lawyer and could be broad enough to potentially have other interpretations. As with all things, be ready for the potential for other moves here.
Some providers will be immediately affected – if you’re doing business in Louisiana with a state entity, you’re in this group.
This happened to the community, not with the community, and we should have a collective shame for not being more a part of this.
This won’t be the first, however, so it’s time to start thinking about what that threat really means for the space and get yourself involved.
Start processing this new reality.
MSP Regulation is here... now who will lead?
This happened to the community, not with it. So, now what? What does regulation mean, and who will lead us?
SMB Performance Data
From Monday, June 29th's episode: TechAisle has some data I’ve been in search of. Surveying over 3600 SMBs, firms that have already committed to digital transformation are experiencing 2.1X cost reduction, have 1.9X better levels of customer intimacy, and 1.4X higher productivity levels than those who have been “selective adopters”.
For 46%, achieving cost efficiencies is the first step in “Exerting control over their businesses and ensuring viability in an uncertain market.”
Why do we care?
This timing is really good as I had a Patreon ask me to look into investment in a cloud journey for small customers – and what the results were.
Useful data for discussing with your customers – specific results for investing in technologies to transform your business. I hate the digital transformation banner, but this data is speaking to that – a technology investment in your own company results in these results.
Customer interest in cybersecurity, cloud computing and other areas could be an indicator of a business environment that is stabilizing in the wake of COVID-19, as 84% of tech firms are receiving new customer inquiries, which is up from 76% in March.
That’s also a slight improvement from April, when 83% of tech firms said they were receiving new business opportunities.
The survey, conducted earlier this month, found that the majority of tech executives (52%) were feeling optimistic, while 42% are “hanging in there” and 6% reported to be in a difficult situation.
The survey also found that 94% of companies belief their business will change for the long term
Why do we care?
I don’t think this optimism is entirely warranted. Thinking about the context set previously, we have a lot more turbulence ahead.
I covered the IT Glue research study which cited seeing impact to monthly recurring revenue already for solution providers. I think that’s just the initial impact, due to the inherent nature of selling services to other companies as tech services companies do. The business isn’t impacted immediately, and you don’t see the impacts.
I continue to advise to proceed with caution. Plan for the worst, hope for the best.
(There is a bonus episode on Friday, July 3rd digging deeper into this)