Call To Action: MSPs Must Get Involved In Legislation And Regulation Of IT Services Industry

“At some point, there’s going to be a problem and the state legislature [is going to say], ‘I need to have a piece of legislation and look like I’m doing something about this problem.’ … We need to figure out what we as an industry want and don’t want, and we want to be involved in that conversation,” says Karl Palachuk, founder of the National Society of IT Service Providers.

MSPs are grappling with a perception problem at a time when, arguably, businesses need solution providers more than ever, according to Karl Palachuk, executive director and founder of the National Society of IT Service Providers.

Founded in 2021, the National Society of IT Service Providers (NSITSP) is a professional association representing SMB IT consultants, including MSPs, VARs and systems integrators. The society was formed to further education and professionalism and to promote the interests of IT professionals and it came on the heels of the Kaseya VSA ransomware attack in which a number of MSPs and their customers fell victim to a cyberattack perpetrated by the REvil group, which caused widespread downtime for more than 1,000 businesses.

“What happened then was my fear level that the government would get involved in our business went up dramatically. And then I listened to the news with people saying things like, ‘Why would anybody outsource their IT? Why would you turn all of this activity over somebody else? And why don’t they configure these things properly?’ In other words, they demonstrated that they didn’t know one single thing about our industry,” Palachuk told an audience of MSPs at the XChange August 2023 conference, hosted by CRN parent The Channel Company.

All but five U.S. states in 2022 introduced laws to regulate the IT services industry in the form of more than 250 bills that were introduced. That’s why now is the time for channel partners to step up and get involved, Palachuk said.

[Related: MSPs On Growth During Economic Uncertainty: ‘Traditional IT Is Dead’]

The IT industry’s biggest challenge is ransomware, Palachuk said. “Ten years ago, [ransomware] cost $100 and was annoying. Now it’s millions and billions of dollars a year,” he said. This is coupled with the fact that cyber insurance has become increasingly expensive and is something that many businesses can’t afford.

Solution providers must work with insurance companies, which have more lobbying power, Palachuk said. “We need to say, ‘What can we do as an industry in order to comply so [the insurance company] can lower the rates? What can we do together to make something happen?’ We then need to build that partnership and take it to states so that when the regulations do emerge, we are involved in that conversation,” he said.

Another issue that the IT services industry faces is that there is no set requirements to be part of the industry, such as official trainings that a person must accomplish as an “on ramp,” Palachuk said. “If you look at government jobs for Level 2 techs, it has certain requirements in terms of training and job experience. When you look at [many SMB IT consultants], you probably don’t have a written Level 2 tech job description,” he told the audience.

Enrique Corea, CEO of Corea Technology, a Woodbridge, Va.-based MSP,was in the audience during the session said that there are “absolutely” perception issues with MSPs in terms of understanding the value that solution providers bring.

“It’s important for MSPs to be more aware of what’s going on and [we] need to have more representation in the government so we have someone on our side,” Corea said.

One way that Corea Technology combats these issues is by leaning on its certifications for credibility, including the Cisco CCIE certifications that some of its employees hold, as well as various white papers the company has done with customers, Corea said.

The NSITSP with the help of its members are working to develop a way to spell out what a professional IT consultant looks like, Palachuk said.

Only one state currently—Louisiana—has defined managed service provider and managed security service provider into law.

“ We have one example, which I would call a very bad example of what is an MSP is as defined by a state government. Now, luckily, that law only applies to people who sign contracts with the state of Louisiana, but you can see easily see that [we are] misrepresented in the industry,” he said.

The channel needs to build partnerships and become more involved in these ongoing conversations that threaten to reshape the industry, Palachuk said.

“At some point, there’s going to be a problem and the state legislature [is going to say], ‘I need to have a piece of legislation and look like I’m doing something about this problem,’ he said. “It’s out there and it’s happening. We need to figure out what we as an industry want and don’t want, and we want to be involved in that conversation.”