698 User Verification with MSP Process

[Uncle Marv]
Hello friends, Uncle Marv here with another episode of the IT Business Podcast, powered by NetAlly, the show for managed service providers and IT professionals where we help you run your business better, smarter, and faster. Today, we have another vendor profile for the IT Nation Pitch It competition that is going on, and today we are looking at MSP Process, a nice comprehensive all-in-one stop platform designed to help you pretty much improve security, communication, and efficiency for you and your clients, and helping us learn about that today is Chris Reid, Vice President of Product Management. Chris, how are you?

[Chris Reid]
Good, thank you, Marvin.

[Uncle Marv]
Thank you very much for having me on the show. All right. So, one-stop platform, basically, I guess, the mechanical engineering of communication and efficiency.

Explain that to us a little bit more. What is the MSP Process?

[Chris Reid]
Yeah. So, the MSP Process platform helps MSPs. It's a platform purpose-built for the managed services market, and it helps MSPs verify their end-users.

And so, if they're getting a call into their help desk and somebody is asking for something like a password reset or some other fairly sensitive action to be performed, they can use our platform to verify that that end-user is, in fact, who they say they are before they go ahead and make that change. And the goal here is to give MSPs a tool they can use that'll help them prevent losses against things like AI voice phishing attacks. We're also the only company in the market that does technician verification.

There's actually a lot of malicious actors out there who not just pretend to be your end-user and call into you as an MSP trying to get you to make a change or give them access to your environment. They'll actually go out and call your end-users pretending to work for you as an MSP. They'll pretend to work for MB Systems, for example.

We're the only platform in the market that lets your end-users verify your technician's identity.

[Uncle Marv]
All right. So, it works both sides, both for the end-user and the technician? Absolutely.

Now, this is going to sound horrible, but it just happened. Is this something that would have helped CrowdStrike, who am I though, know before when they hired that?

[Chris Reid]
So, it actually worked in two different scenarios. If you recall last year, the MGM Grand Casino in Las Vegas got hacked. Our end-user verification would have stopped that issue dead in its tracks.

More recently though, just earlier in the month, there was that CDK ransomware attack that happened. CDK being a platform that a lot of automotive dealerships use, and it got compromised. Our technician verification feature would have actually stopped that particular attack in its tracks.

So, it is something that isn't just a case of happening in isolated incidents. It's not something that's happening in other industries, but not with MSPs. These kind of incidents are things that IP professionals are having to deal with, and it's a really timely availability of our platform here that it's available now.

And, even better, is that our base plan for getting into the platform is free. It includes limited verification methods, but it's free, because we really strongly believe that this is a problem every MSP needs to be able to solve, and so we're offering the basic capabilities of the platform for free with additional features and capabilities layered on top of that.

[Uncle Marv]
All right. So, when you say additional features and stuff like that, one of the things I looked at was this secure data sharing. So, being able to send temporary passwords and such.

How does that work with the product?

[Chris Reid]
Yeah. So, at the heart of our platform is a really deep integration with your PSA solution. We realize that MSPs don't want yet another UI they have to go into, yet another vendor they have to manage.

And so, our goal was to build something that was embedded right in the PSA, right when the tech is looking at, let's say, a ticket that he's working, and our capabilities are available right there inside of it. We support all major vendors in the space, so Halo, Autotask, ConnectWise, including some of the other players, too, like Synchro, Zendesk, Super Ops, Kaseya. We've got integrations with all of them, and the goal is, from right there, you can do things like end-user verification or technician verification, like I mentioned, but we also offer add-on features like you said, securely sending text, like passwords or maybe license keys, other sensitive data that you want to send across, we will encrypt it for you and give it to your customers as a one-time clickable link. We also, just this past week, introduced the ability not just to send text, but also to send files. And so, if you have to send the customer an installer or a spreadsheet or an invoice PDF file that you're sending them, you can send those through our tool, right in your ticket, so your technicians never need to leave their PSA to do that job.

And everything that they do gets logged as a note against the ticket, so you have a lot of good logging for auditing purposes in case you ever need to go back and understand what was done.

[Uncle Marv]
Interesting. So, are the documents themselves or files, are they encrypted or is it just the communication that is verified during that time?

[Chris Reid]
That's a great point. You're touching on phrases like encryption at rest and encryption in transit, and we cover both things for sure. Obviously, all of our communications in transit are encrypted, they're using HTTPS, they're using the right levels of ciphers.

More importantly, though, or equally importantly, is that at rest, we're using Azure's platform to store these files. It's stored in an encrypted format, it's utilizing Azure best practices for how to encrypt and store that data, so it's really, really secure.

[Uncle Marv]
Nice. So, let me shift here because as much as I love what we're talking about and as much as we need what we're talking about, one of the things that we're always looking at is, you know, the cost benefit. How can we make money from this?

This doesn't sound like it's one of those things where it's really about the money, it's more about the protection. So let me flip the switch and ask, when an MSP comes to you and says, hey, how can I make money with this? What's the reply?

[Chris Reid]
Yeah. It's two things. One is, from a security perspective, your customer experiencing a ransomware breach because of AI voice spoofing or because of somebody pretending to be a technician working for you and then them getting access to your end user, that could be a business ending event for your customer.

That would certainly be a really negative event for you as an MSP. It would affect your reputation. You may be dealing with lawsuits or other legal fallout from that sort of action happening.

There's a huge cost to that and having us there with our platform, so it prevents those issues from happening, is an extremely high ROI piece of tooling to have in place. But the other piece is, like you mentioned, there's other pieces like being able to securely send files or text back and forth. There's the ability to talk to your customers where they live, which is on their phone that we also offer as well.

And those speak not to saving costs because you're not going to get hit by some sort of a ransomware attack or some other malicious actor. Those speak to technician efficiency and being able to improve your customer service by meeting your customers where they want to be talked to on their phone. Those speak to making your technicians more efficient and being able to handle more tickets because they have fewer products to manage because we're all in their PSAs UI.

There's a couple different facets to it that depending on what the MSP is looking for, we tend to talk about in more detail.

[Uncle Marv]
Interesting. All right. So now let me go back to the question that is probably the number one for everybody this year, is what type of AI is built into MSP process?

[Chris Reid]
Well, that's a good question. We're actually doing a lot of really neat things with AI right now in our labs. While I can't get into the details exactly, I can tell you from a communications perspective, we see a lot of details, a lot of details, a lot of opportunities around AI and what it could offer to the MSP space.

[Uncle Marv]
OK. And from the MSP perspective now, so we bring this in, you know, into our stack, we pitch this out to our clients. Is it brandable per client?

[Chris Reid]
Oh, good question. Everything that we do is brandable. A lot of the emails that we send, the phone number that we send, the text messages from for end user verification.

If we're doing something like you're using our advanced Microsoft Authenticator module, that also shows your name on it. It's all branded as the MSP because this is a tool that MSPs are using when they're talking with their end users. It's all about branding for the MSP, not branding for the MSP's customer.

[Uncle Marv]
OK. All right. I had a question that I wanted to rephrase here because when you talk about the pricing, so it's price per technician and for a situation where a company is either using subcontractors or co-managed IT, how do those technicians get, you know, brought into the fold?

[Chris Reid]
Yeah, great question. It is price per technician, so it's per tech who needs to use the capabilities of the platform, depending on what their role is. Maybe they're a senior tech who's not actively handling incoming calls from customers.

Maybe they don't necessarily need the capabilities that we offer. But for every tech that needs to verify end users, needs to have end users verify them or use secure data send or text messaging, that would consume a license. In the case of something like co-managed IT or any other situation where you've got maybe different crews of technicians coming in and out, depending on shift or depending on the use case, you would end up having to just provision them a user account.

And when they finish using the product, they would either remove the user account or just log out and come back to it whenever they're back on shift again.

[Uncle Marv]
When you say log out, so is it concurrent licensing?

[Chris Reid]
Yes, yeah, it's for example, the minimum the minimum price plan is five technician licenses, and so it's five concurrent logins.

[Uncle Marv]
OK, all right. That makes it a little better for some, I think. All right.

So, of course, normally I would ask what makes your product unique, but I already assume that this is unique in our space. So let me ask this. Am I right in saying that you are unique or what else would make it more unique compared to any others?

[Chris Reid]
Yeah, great question. There are other tools out there that do bits and pieces of this. They will do things like generate passwords for you, which we do, or they'll do things like let you text with your customer or they'll do things like send a verification request out.

But a lot of them are not made specifically for the MSP market, which means they're not embedded in your PSA right where you live, right in front of you. So it's easy to use. There's also no platform that offers this breadth of capability that solves these problems, that plugs these different holes in one platform.

And a lot of the fatigue I'm hearing from the market today is around I don't want to talk to yet another vendor, another relationship I have to manage, another bill I have to worry about and have to pay. They're looking to consolidate some of their tooling because they've kind of grabbed some different tools from different vendors and they're realizing they're dealing with three or four of these guys just to handle the kind of problems that we solve. And so we also help from a vendor fatigue perspective by becoming one trusted partner from which you can get a lot of different, really great features.

[Uncle Marv]
All right. So let me ask, you know, historic wise, when did you guys come to market? And how long have you been pushing this?

Because I'll be honest, I haven't seen it.

[Chris Reid]
That's no problem. Yeah, we spent about two years getting this platform developed. We went to market in late Q3 of last year of 2023.

And so we've really been pushing it very hard since then.

[Uncle Marv]
All right. And you mentioned that you are with a lot of our RMM and PSA partners already. Yeah.

So is it just pretty much PSA driven?

[Chris Reid]
Yeah, that's where the real benefits come in, for sure, is having that that view of our capabilities right inside your ticket and your PSA. That's where a lot of the benefits come from. But we also offer our own UI where depending on what kind of capabilities a PSA vendor offers, maybe they don't offer iframe embedding or that sort of thing in their platform.

We also have our own UI where we can pull back information from your PSA and you can do things like end user verification, secure data, send the other features we've been discussing from our UI instead.

[Uncle Marv]
All right. And then when it comes to actual verification, I know that Duo I saw as part of your site. And you mentioned Microsoft.

So what types of authentication and verification are available?

[Chris Reid]
Yeah, this is a really great topic. In the case where somebody's account has been compromised, you know, somebody's got access to M365. They've got access perhaps to their email.

Obviously, sending that person a verification request over email isn't a great solution. Same kind of thing with sending them a text message as a verification request. You can do things like SIM card spoofing or there's other ways you can get access to that person's phone perhaps.

And then they've got the code right on their phone. What really is beneficial is using something like Duo or more commonly like Microsoft Authenticator where we're using something like Face ID or Face Unlock. We're using biometrics basically to confirm that the person who is accepting that verification request is you because it's scanning your face.

It's all done over a secure API to Duo or to Microsoft. That makes that the most secure option to go with as an MSP.

[Uncle Marv]
All right. So let me go outside of the box again, because I just thought if we're doing verification, what if we're doing something where we get access to a customer's machine, they're not there. So unattended access.

This seems like it would only work for people as we're, you know, either talking to them on the phone or talking with them through chat. Does it do anything else when there's no one around?

[Chris Reid]
Oh, good question. It really is meant for that case where you are either you're talking to the end user or the end user is receiving a phone call from a technician. And then the end user is looking to verify that technician's identity.

It's meant for that one-on-one conversation so you can feel comfortable that the person you're talking to is, in fact, who they say they are.

[Uncle Marv]
Okay. So more of the, hey, I'm in emergency. I need admin rights to this station.

All right. Well, Chris, thank you very much. I think I've asked all the questions that I could think to ask.

I know I asked you about, you know, what makes you unique, but probably the last question would be, you know, you guys have spent two years putting this out. You know, you've now almost a year in production, I guess you would call it. Have you received much feedback in terms of, you know, things to add down the road?

Have you seen anything changing in the roadmap?

[Chris Reid]
Yeah. So we listen really closely to what our customers are looking for. That's something we've taken to heart from a corporate culture perspective, is we're very tightly coupled with our partners, making sure we understand what they want and building out what they're looking for.

That's where things like the Duo integration, the authenticator integration came from. That's where things like we're just about to start working on being able to send emails through your M365 tenant. So the emails you're sending to your customers that are from us actually come from your mailbox.

There's a bunch of great functionality coming out. We maintain a roadmap that is very actively voted upon and updated in our platform. So any of our partners can go in and take a look at what we're doing, understand when we release things and also submit new ideas.

[Uncle Marv]
All right. Very nice. Chris Reed, MSP Process.

And just like it sounds, MSPProcess.com. And when you check that out, everything is right there, folks. That doesn't look like they're hiding anything.

Pricing's on the site as well.

[Chris Reid]
Correct. We're a great platform to help you secure your communications with your customers, whether that's by end user or tech verification. We're easy to set up, simple to use.

It's a great platform to help solve some significant security gaps and improve your communications with your customers.

[Uncle Marv]
All right. A good way to help MSPs achieve that high quality service and keep up with service levels. All right.

Well, Chris, we look forward to seeing you out and about and definitely hope to see you in Orlando at IT Nation Connect and see if you're one of the three on stage.

[Chris Reid]
Absolutely.

[Uncle Marv]
Thank you very much, Marvin. All right, Chris. We'll talk to you later.

[Chris Reid]
Sounds good.

[Uncle Marv]
That's it, folks. We'll be back with more vendor interviews and more at the IT Business Podcast. We'll see you out there.

And until then, holla.