The Artificial Intelligence (AI) Arms Race

Like it or not, artificial intelligence (AI) has added to the cybersecurity arsenal. AI has made a big splash in the cybersecurity marketplace as every manufacturer has claims about how they are adding AI to their products. At the same time, AI has also been quietly impacting the strategies of cybercriminals. While AI has helped us bolster our defenses with enhanced threat detection and prevention capabilities, it also presented new opportunities for criminals to devise sophisticated attacks. The race is on, and the world will never be the same.

Help for the Good Guys

There’s no doubt, AI has been beneficial to all of us when it comes to bolstering our defenses. For cybersecurity professionals, AI has provided several defensive advances:

• Advanced Threat Detection: AI algorithms analyze vast amounts of data, enabling defenders to detect anomalies, identify patterns, and proactively detect potential cyber threats. Machine learning techniques help identify new attack patterns and behaviors, aiding in early threat detection and prevention.
• Automated Incident Response: AI automates incident response processes, streamlining the mitigation of security incidents. By analyzing and correlating security events, AI systems can autonomously respond to certain threats, minimizing human intervention and reducing response times.
• Behavioral Analysis: AI-powered systems monitor user behavior, establishing baseline profiles and detecting anomalies that may indicate unauthorized access or compromised accounts. This enables defenders to identify insider threats and bolster overall cybersecurity posture.
• Malware Detection and Analysis: AI assists in identifying previously unseen malware through behavioral analysis and heuristics. By recognizing suspicious patterns or behaviors, AI-powered solutions enhance the detection and mitigation of sophisticated malware attacks.
• Cybersecurity Analytics: AI algorithms process and analyze security data, logs, and network traffic, extracting valuable insights to identify trends and patterns. This aids security analysts in making informed decisions, prioritizing risks, and effectively responding to emerging threats.

Tools for Criminals Too

At the same time, our adversaries have also taken full advantage of artificial intelligence. While we’ve been bolstering our defenses, the criminals always seem to be one step ahead with advances like:

• Automated Attacks: Criminals leverage AI to automate various stages of an attack, from reconnaissance to vulnerability scanning to exploitation. AI algorithms enable rapid data analysis, identifying potential targets and launching attacks more efficiently.
• Sophisticated Malware Development: AI empowers criminals to create more advanced and evasive malware. By leveraging AI techniques, attackers can develop malware that adapts and evolves, evading traditional security defenses and increasing the difficulty of detection.
• Social Engineering: AI enhances social engineering attacks by generating personalized and convincing phishing emails, voice calls, and messages. Criminals use AI algorithms to analyze public information, tailoring messages to exploit individual vulnerabilities and increase the success rate of attacks.
• Automated Vulnerability Exploitation: AI assists criminals in identifying and exploiting software vulnerabilities at a faster rate. Automated vulnerability scanners powered by AI enable attackers to discover and exploit vulnerabilities efficiently, potentially scaling up the impact of their attacks.
• Defense Evasion: Criminals employ AI techniques, such as adversarial machine learning, to evade security systems. Adversarial attacks aim to exploit weaknesses or blind spots in AI-based defenses, enabling attackers to bypass detection mechanisms.

The Artificial Intelligence Race is On

It’s clear that both sides have benefitted from the advancements that artificial intelligence provides. Criminals have invested in AI with speed and agility, making them a formidable foe.

We must continue making similar investments and update our defenses to handle new and ever-evolving threats. But we also must live within a budget – and get business done – while we upgrade our defenses. Having the right partner to guide you through the complex security landscape is critical. A cybersecurity partner that knows what’s available and where it fits can help you get your essential security initiatives done so you can focus on your business.

One thing is certain: that five- or ten-year-old security solution that’s always been “good enough” isn’t enough today.

In Part I of my series on Unified Communications as a Service (UCaaS), “What Every CTO Should Know…,” I covered some keys trends about the future of cloud-delivered UCaaS and how important omnichannel communications have become for nearly every business no matter what industry you’re in.

The truth is UCaaS has been around for so long that it might be fair to say that many CTOs, and even the implementation vendors, may be taking some of its complexities for granted. I’ve seen very large companies hire industry-leading vendors to implement their UCaaS solutions and still make critical mistakes that cost them a lot of time and money.

So, that’s precisely why in this Part II post, I will cover the KPIs I believe you should focus on to measure implementation success and real business outcomes as concretely as possible. While this may sound like it’s ‘back to basics,’ it most certainly is… mainly because I’m still surprised by how many companies or implementation vendors (or both!) overlook these points.

Enterprise Telephony

Well, we’re all not quite communicating telepathically yet, or 100% by text, SMS, IM, and chat. This means effective enterprise telephony is still essential for employee productivity, agent retention, customer satisfaction, and more. Here are key KPIs to monitor in this arena:

1. Agent performance
2. Agent attrition and satisfaction
3. Call quality, volume, and duration
4. Agent and customer tone and sentiment analysis
5. Cost per contact (from cradle to grave)
6. Average handling time
7. First call resolution success
8. Customer satisfaction
9. Seamless CRM integration (to enhance and simplify customer journeys)

Remember, your agents and your customers (which may be external customers and your employees) are all seeking positive interactions each and every time they interface, so the more you can analyze the details of how that support is going, the more you can identify where additional training is needed, and/or how to improve customer communications and expectations, and so on.

Agent turnover is also costly, and so is customer attrition. So, having these kinds of meaningful KPIs driving the implementation and ongoing solution monitoring can help you catch issues early and head them off before they snowball into costly ‘mountains.’

A few other key words of caution:

1. Be sure your implementation vendor has done their homework on your telephony portability, all of your data connections and systems (on both ends), and what type of voice solution you’re using.
2. Don’t forgo end-user training after rollout to be sure your agents (whether in-house or outsourced) are highly productive from day 1.

I’ve seen companies execute UCaaS rollouts and then forgo end-user training to save a few dollars on the back end, only to have internal support costs go through the roof because the agents are learning the system on live support calls. It’s a recipe for poor customer service and a classic case of ‘cutting off your nose to spite your face,’ for lack of a better idiom. These all must be factored in for a smooth transition and successful management of your environment.

* An important note here on AI

The latest AI technologies are adding incredible benefits to UCaaS solutions and the customer support process, so don’t disregard the value of using AI to your advantage. For example, some integrated AI tools can now create unique algorithms for specific customers or those that fit into a particular profile and then route them into a pre-identified support queue uniquely designed to meet their needs.

This kind of personalization experience and omnichannel support
is the future, so the more you begin to embrace AI to your advantage now, the more competitive you’ll become (and stay) in the months and years ahead. I won’t get too deep on AI here, but just note that it is proving to be a substantial benefit to improving customer workflows, reducing response and handle times, and predicting customer behaviors. If you’re interested in drilling in on this now, here’s a useful report from Harvard Business Review on “How AI is Helping Companies Redesign Processes” to help.

Maybe more on this to come as Part III in my UCaaS series.

Meetings (Audio/Video/Web Conferencing)

Meetings, of course, play a crucial role in collaborative environments, and now more than ever in the post-COVID era. Be sure you consider these KPIs for monitoring meeting effectiveness:

1. Connection quality
2. Meeting attendance
3. Meeting duration
4. Meeting recordings
5. Overall user experience

Unified Messaging

Unified messaging also consolidates various other communication channels, e.g., e-mail, fax, and voicemail… although some of these are becoming increasingly obsolete while others are holding on longer than many of us thought possible. The sooner you streamline and enable seamless interactions here as well, the better off you’ll be. Here are the KPIs to note on this front:

1. 1. Message response time
   2. Message volume
   3. Message delivery rate
   4. User adoption rate
   5. User satisfaction

Instant Messaging (Personal and Team)

Real-time communication through instant messaging, including support chatbots and team collaboration tools (e.g., MS Teams, Slack, Skype, etc.), has transformed collaboration like no other segment of a cloud-delivered UCaaS suite. Employees and customers alike now expect to be able to connect via IM, and when done right, these tools can dramatically improve productivity, efficiency, and satisfaction levels. Be sure you are setting KPIs for these metrics:

1. Instant message response time
2. Resolution and handling
3. Overall usage metrics
4. Sentiment analysis

Mobility

With the growing importance of remote work, mobility features are crucial. Whether you’re in B2B or B2C, you likely have users on mobile that needs to be carefully accounted for, so be sure to monitor these KPIs to ensure effective mobility:

1. Mobile app usage (active users and sessions to measure adoption and engagement)
2. Call handoff success rate
3. Mobile data consumption

Communications-Enabled Business Processes

UCaaS solutions can integrate communication into business processes for enhanced efficiencies and to streamline workflows and productivity. These KPIs should be accounted for as part of your UCaaS strategy:

1. Integration uptime
2. Process efficiency
3. User feedback (customers, employees, and agents)

Key Takeaways

Implementing a UCaaS cloud-delivered solution offers businesses significant benefits in terms of communication and collaboration, but you cannot improve or fix something you cannot see. It’s easy to get lost in the complexities of implementations and rollouts quickly. To ensure you’re positively impacting business outcomes, be sure you’re monitoring KPIs for each major segment and overall based on what’s most important to your business.

If this all makes sense, but you’re still unsure where or how to start, don’t hesitate to reach out; we’re always here to help.

We are pleased to announce that CRN^®, a brand of The Channel Company, has named MicroAge to its 2023 Solution Provider 500 list, marking the 11th year of making the list.

CRN’s annual Solution Provider 500 ranks North America’s largest solution providers by revenue and serves as the gold standard for recognizing some of the channel’s most successful companies. This year’s list of companies represents combined revenue of more than $475.9 billion, and the honorees are among the top influencers impacting today’s IT industry and the global technology supply chain.

MicroAge has made the CRN Solution Provider 500 list for the last 11 years, rising from position 140 to 112 this year. With a broad portfolio of IT solutions and services, MicroAge has a team of deeply knowledgeable associates who have achieved numerous industry and technical certifications, making them uniquely qualified to assist clients with the right technology solutions and strategies to address their IT challenges.

“The Solution Provider 500 list highlights the pinnacle of industry service providers, and MicroAge is honored to be featured once again,” said MicroAge Chief Executive Officer, Rob Zack. “MicroAge is committed to providing clients with the highest level of service to meet their most challenging needs, and we are excited to be recognized for our industry-leading services.”

“It’s a distinct honor to recognize CRN’s 2023 Solution Provider 500. These are today’s top technology integrators, strategic service providers, and IT consulting firms, making this list the go-to resource for creating strategic partnerships among technology vendors and today’s top-performing IT solution providers,” said Blaine Raddon, CEO of The Channel Company. “My heartfelt congratulations go out to each of these companies for the significant impact they make on the continued growth and success of the IT channel.”

CRN’s 2023 Solution Provider 500 list will be available online at www.CRN.com/SP500, and a sampling of the list will be featured in the June issue of CRN Magazine.

Phoenix, Ariz. – May 31, 2023 – MicroAge^®, The Digital Transformation Experts^®, announced it has been awarded the Sophos 2023 Synchronized Security Partner of the Year for the Americas. MicroAge is recognized for its outstanding performance and commitment to securing organizations with Sophos’ innovative portfolio of cybersecurity solutions and services.

“Cybercriminals are constantly pivoting and refining their techniques. This, plus the complexity of attack methods, requires layers of security that protect organizations at every point along the attack chain. By working with Sophos to ensure our joint customers have the defenses they need, Sophos has recognized MicroAge as the Synchronized Security Partner of the Year,” said Kendra Krause, senior vice president of global channels and sales operations. “Sophos is honored to work with all of the winning partners that are dedicated to delivering superior cybersecurity outcomes to defeat cyberattackers.”

MicroAge is an award-winning technology solutions and services provider, specializing in IT services and cloud. For nearly five decades, MicroAge has empowered businesses to advance, secure, accelerate, and transform—moving quickly with technology changes to drive business forward.

“We are honored to be named a Sophos Partner of the Year,” said MicroAge Senior Vice President of Marketing and Technology, Larry Fulop. “The award is a testament to our commitment to providing best-in-class cybersecurity solutions and services that help ensure the safety and security of our clients and their end users.”

About MicroAge
MicroAge combines a powerful mix of technology services, backed by vendor-certified engineers and an acclaimed panel of experts to deliver the competitive edge technology leaders need to lead in a disruptive, digital environment. A Gold-Certified Microsoft partner, MicroAge is recognized annually by Computer Reseller News (CRN) in the Tech Elite 250, Solution Provider 500, and MSP 500 lists of top-performing technology integrators, strategic service providers, and IT consultants. Headquartered in Phoenix, Arizona, MicroAge has a rapidly expanding national salesforce to support growing demand. To learn more, visit MicroAge.com.

About Sophos
Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organizations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organizations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully-managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

In today’s rapidly evolving threat landscape, organizations of all sizes face increasing cybersecurity challenges. Couple that with a cybersecurity skills gap that’s creating challenges around hiring full-time staff quickly enough (check out my colleague’s recent blog to help on this one), and it’s easy to see why many companies are in a bit of what I call, ‘OMG! scramble mode.’ Two popular options to consider to quell the panic are Security Information and Event Management (SIEM) solutions and Managed Detection and Response (MDR) services: both viable options for security threat management.

In this blog, I’ll delve into the differences between these two approaches, highlighting their unique characteristics, benefits, and drawbacks. By the end, you’ll have a clearer understanding of which solution aligns best with your organization’s needs.

Before we get there, a quick anecdote: I was recently involved in prospect meetings where the client’s team confessed that, although they had not been breached, others in their industry have been, and they believe it’s just a matter of time before they are too. Much to their credit, they are getting proactive about their cybersecurity defense posture rather than waiting around for it to happen and then taking action. That prompted me to look at the various options for advancing their defense capabilities, and I urge every company to look at their defenses through a similar lens.

Why? Because this year, industry analyst Gartner, predicts that over half of U.S. workers will be remote. At the same time, 61% of organizations have already experienced a 25% increase in cyber threats or alerts since the beginning of the pandemic. It’s clear that as the threats continue increasing, our collective defense efforts need to do the same. So that leads me to the two modern options that are quickly evolving: SIEM versus MDR, so we’ll look at the pros and cons of both.

Understanding the Pros and Cons of SIEM Solutions

SIEM solutions are designed to centralize security event data from various sources, such as logs, network traffic, and system alerts. These systems provide real-time monitoring, event correlation, and reporting capabilities to help detect and respond to security incidents promptly. They are complex, robust software systems that have extensive features and capabilities and require time and expertise to optimize.

Pros of SIEM Solutions

• Improved threat detection: SIEM systems analyze large volumes of security events to identify potential threats that may have gone unnoticed.
• Compliance management: SIEM solutions assist in meeting regulatory compliance requirements by providing automated reporting and audit capabilities.
• Enhanced incident response: By aggregating data from diverse sources, SIEM solutions provide a holistic view of security incidents, facilitating faster incident response and investigation.
• Scalability: SIEM solutions can handle large volumes of data and adapt to growing organizational needs.

Cons of SIEM Solutions

• Complex implementation: Deploying and configuring SIEM solutions can be resource-intensive and require expertise to fine-tune rules and correlation logic. In some cases, configuring these solutions can take 12 months or longer and requires advanced knowledge of the solution’s capabilities in addition to the environment.
• High false-positive rates: Without proper tuning, SIEM systems can generate a significant number of false-positive alerts, leading to alert fatigue and reduced efficiency. “Alert fatigue” is a real and growing issue wherein resources are distracted and drained by many false positives, taking time and money away from finding and containing real threats, in addition to delaying progress on everyday tasks.
• Limited threat-hunting capabilities: SIEM solutions focus primarily on event correlation and analysis, lacking advanced threat-hunting features to proactively identify emerging threats.

According to a 2022 report by Gartner, SIEM solutions will remain an important part of security operations, with the market expected to reach $5.93 billion by 2025. SIEM solutions are maturing quickly and can be a tremendous help to bolster your cyber defenses, especially in organizations that have the time and resources to deploy on configuration and optimization.

Understanding the Pros and Cons of MDR Solutions

Managed Detection and Response (MDR) services are a direct evolution of SIEM solutions, combined with expert human analysis (aka specialty cybersecurity analysts) with advanced technologies to provide continuous monitoring, threat detection, and incident response support. MDR services offer a proactive approach to threat hunting and containment and help you launch an effective defense strategy in days rather than months or a year, or more.

Pros of MDR Services

• 24/7 threat monitoring: MDR services employ skilled security analysts who continuously monitor an organization’s network, endpoints, and cloud environments for potential threats.
• Rapid incident response: MDR services offer swift incident response capabilities, including containment and remediation, with the assistance of experienced security professionals.
• Advanced threat detection: MDR providers employ cutting-edge technologies, such as machine learning and behavioral analytics, to detect emerging threats and anomalies.
• Scalability and expertise: MDR services provide access to a team of cybersecurity experts, relieving organizations of the burden of hiring and training a dedicated internal security team.

Cons of MDR Services

• Cost considerations: MDR services are typically subscription-based, so there is an ongoing cost. That said, the monthly cost is typically far less than a large capital outlay required by SIEM purchase, so small- and mid-sized organizations with limited budgets may find this option attractive. Effectively being able to improve security without a large upfront investment offers almost immediate defense improvement and proactive threat monitoring.
• Trust and experience: organizations relying on MDR services must trust the capabilities and responsiveness of the service provider, as the majority of security functions are outsourced. That means it is important to seek a proven provider with references and seasoned cybersecurity analysts.
• Integration cautions: MDR services may require integration with existing security infrastructure and processes. Since these can be time-consuming and complex, it’s critical to be sure your provider has the depth and knowledge to help guide you through necessary integrations in order to get the most from their services, especially if you are short-staffed on the cyber skills front.

A report by IDC predicts that the global MDR services market will experience a compound annual growth rate of 32.2% from 2022 to 2027. Clearly, this evolution from SIEM to fully managed cybersecurity services with MDR is another twist in the threat defense landscape, and both are surely here to stay. The question is, which one is the better fit for you?

Key Takeaways

Choosing the right cybersecurity solution is crucial for organizations aiming to protect their digital assets from evolving threats. SIEM solutions and MDR services both offer valuable features, but their focus and implementation vary significantly, and they should be evaluated based on the unique needs of your organization.

SIEM solutions are well-suited for organizations that require compliance management, event correlation, and centralized security monitoring and have the in-house resources and expertise to properly support the implementation, configuration, and ongoing monitoring and management of the system. However, they often require extensive configuration and maintenance efforts, can take 12 or more months to configure and fine-tune to your environment, and in many cases, their effectiveness can be hindered by false positives.

On the other hand, MDR services offer proactive and expert threat detection, 24/7/365 monitoring, and expert incident response. They are particularly beneficial for organizations lacking internal cybersecurity expertise and can help limit false positives and the distractions of ‘alert fatigue’ since seasoned security analysts are managing the systems and filtering the data.

Ultimately, the choice between SIEM and MDR depends on an organization’s specific needs, budget, and internal capabilities, and in-house skillsets. You may also want to consider how much time and resources the leadership is willing to invest in cybersecurity, keeping in mind that those in-house resources are often focused on threat hunting and alerts rather than supporting your core business.

As the threat landscape evolves, it is vital to reassess your organization’s security posture periodically and consider the efficacy of your existing environment and cybersecurity tools in that process. Regularly engaging with industry experts and staying abreast of emerging technologies will enable you to adapt your cybersecurity strategy accordingly.

An Interesting History

Sometimes it’s easy to get lost in the mire of today’s technology world and forget just how far we’ve come in a relatively short span of time. What we term ‘communications’ has really been around since the 1800s, back to the days of the first telegraph. Soon to follow came the switchboard and call routing, and people started getting quite used to the convenience of person-to-person connection from a distance.

By the 1960s, companies began realizing a private switchboard would save time and money… enter the ‘private branch exchange,’ or ‘PBX.’ The 70s brought interactive voice response (IVR) by automating call routing so human operators were no longer needed. Snapshot forward to the 80s and 90s, and the world we now call unified communications began to take shape when voice over IP (VoIP) emerged along with instant messaging and chat.

The Emergence of Today’s UCaaS

Today, unified communications as a service (UCaaS) is a cloud-delivered communication platform that supports meetings (audio/video/web conferencing), unified messaging, instant messaging (personal and team), mobility, and communications-enabled business processes. Typically a UCaaS solution includes multitenancy and self-service web portals for provisioning, management, and performance/usage reporting. UCaaS providers then deliver the appropriate applications from a common platform and help centralize management and licensing to simplify the technology overall, speed rollouts, and save costs.

Where UCaaS is Going From Here

Now heaven forbid you read a blog that doesn’t mention the pandemic… so here it goes: the pandemic reinforced the value of, need for, and widespread capabilities of a modern UCaaS solution and what it can offer: voice, chat, email, conferencing, file sharing, virtual desktops, automated transcripts, automated translation and more, all into one central platform and configured specifically to your unique requirements.

Unified communications platforms significantly simplified and streamlined how businesses operated with remote employees, customers, and partners, and in some cases, probably saved businesses altogether through the downturn. It reinforced and expedited the hybrid workforce trend.

According to research from Frost & Sullivan, implementing UCaaS can lead to as much as a 30% reduction in overall IT costs and a 40% increase in employee productivity (statistics that were likely even higher over the last three years).

As with most major technology paradigm shifts, a significant one will set the stage for the next big trend. Such is the case with UCaaS, and this shift has set the perfect stage for omnichannel interaction, or the seamless integration of various communication platforms and touchpoints to provide a consistent and personalized customer experience.

The Impact of Omnichannel and the Future of UCaaS

Omnichannel allows customers to interact with a brand through multiple channels, such as chatbots, websites, mobile apps, social media, and traditional customer service (contact) centers. This approach recognizes that customers may switch between channels during their journey and aims to ensure a cohesive and convenient experience regardless of the channel they choose at any given point.

Businesses use omnichannel strategies to enhance customer engagement, increase conversions, and improve customer satisfaction. By leveraging various channels, companies can provide a seamless shopping experience, enabling customers to browse products online, visit a physical store for a hands-on experience, make purchases through their preferred channel, chat with support to get questions answered, and more. This flexibility and convenience increases customer retention rates and loyalty. Simply put: it’s how customers want to do business with you.

“…companies with strong omnichannel engagement strategies retained an average of 89% of their customers, compared to 33% for companies with weak omnichannel strategies.”

The impact of omnichannel on businesses is significant. According to a survey by Harvard Business Review, companies with strong omnichannel engagement strategies retained an average of 89% of their customers, compared to 33% for companies with weak omnichannel strategies. That’s a substantial gap when you think of how competitive most markets are these days.

Looking into the future, omnichannel is expected to continue evolving and shaping customer experiences, and your unified communications environment is at its core. It no longer only applies to retail, eCommerce, and B2C companies; it applies to every business on the planet.

The increasing use of artificial intelligence (AI) and machine learning (ML) technologies to personalize and automate interactions across channels will also continue to enhance omnichannel communications by quickly analyzing customer data, predicting preferences, and providing tailored recommendations for every customer in every interaction. This trend enables businesses to deliver more relevant and personalized experiences at every touchpoint.

If this isn’t the standard in your particular industry yet, trust me when I say it will be soon, and it’s definitely time you get moving on it.

Implementing UCaaS and Contact Center as a Service (CCaaS) to Build Your Omnichannel Strategy

By now, you might be thinking, “I already have most of this in place with a few legacy system stragglers, so what do I do now?” Or, maybe you’re thinking, “I like the idea of UCaaS and replacing some of our dinosaur telephony systems, but does omnichannel even apply to me?” Ahh, I’m glad you asked!

UCaaS is a foundational solution for launching an omnichannel strategy and advancing your customer-centric initiatives whether you’re a B2C- or B2B-focused company. Sometimes, however, getting there proves more complicated than you want, and I realize it can be daunting to determine the right technology based on your unique business requirements.

Some clients get caught in a unified communications technology evaluation abyss, so I’ve outlined several suggestions for selecting the right technology platform and successfully implementing it.

1. Verify technology compatibility and identify customer interaction options. Be sure the platform will seamlessly integrate with other systems in your environment that are mission-critical to the business and your omnichannel strategy, such as your ERP and CRM.

2. Ensure portability. Check your DID numbers to be sure they are portable. If you have hundreds or thousands to grapple with, and they’re not portable, this can create a huge delay in the rollout time and, worse yet, wreak havoc on your customer support and contact center communications.

3. Find experts to ensure seamless integrations. I’ve seen clients attempt to implement a UC platform themselves, and when environments are even remotely complex, this can get messy fast and cause delays and budget overrun. Or they’re able to successfully implement a solution using internal resources, but they have no idea how to effectively configure the system. Either way, expert help here can save you time and money.

4. Spring for training. No, I don’t mean ‘spring training’ and taking your team to a game to enjoy some sun and relax. I mean spring for training by budgeting for user training to ensure everyone touching the system after rollout knows how to execute basic everyday tasks without contacting the helpdesk every 10 minutes. I’m still always surprised by how many companies forgo any training to save a little money in the end, only to find they lose it by 3-5-10x from the almost immediate decrease in productivity and man-hours wasted because users get zero training.

If you’ve recently lost sleep about how your company will be able to continue navigating the ever-changing and complex IT environment, then this post is for you. Yes, technology is advancing rapidly, and with each new paradigm shift comes more complexity and the need for new and diverse skills. This doesn’t mean you don’t need last year’s – or even the previous decade’s – skills anymore. To be clear, these are additive skills — you still need them all, and now many more. We see clients across the spectrum grappling with the gap as they realize the hurdles they have to jump on staffing to keep pace. Let’s just say, ‘The struggle is real!’

Functional Segments with the Largest Tech Skills Gaps

According to a recent Pluralsight study of over 1,700 IT professionals, the most significant tech skills gaps are cybersecurity and cloud computing, followed closely by data storage. Then follows gaps with skills in network infrastructure, telecom, social networking, business process automation, and business continuity planning. Leaders struggle daily with the gap as the pressure escalates to balance running operations smoothly around the clock with forward-looking innovation. Being understaffed and under-skilled is, quite possibly, an IT leader’s worst nightmare… maybe only behind a data breach.

The internal debates about solving the skills gap make things even more challenging. Do you try to hire FTEs with these specialties? Do you upskill existing staff? Do you outsource certain or all functions? Or do you deploy some combination of the three?

Creative Thinking to Close the Tech Skills Gaps

While there’s no correct answer here since it will depend on the details of your environment, current team, and business goals, there are certainly some rules of engagement that may help you assess the best path for closing the gap in the short-term and possibly as an ongoing operating model over the long-term… and maybe even for good. So here are three ideas on how to get there.

Source: Pluralsight, “2023 Tech Forecast: Build a Recession-Proof Tech Workforce” (December 2022)

1. Create a blueprint of your environment, including on-prem, in the cloud, and everywhere in between.

It’s far easier to assess where you have the right resources to lead or upskill versus where you need to find additional help if you have a clear view of your technology environment. Part of that process should include understanding the macro view of the company’s goals over the next 12-24-36 months, in addition to the micro view of all systems, users, applications, and data. If this sounds daunting to you already, then that’s an indication of exactly where you need to start.

Once you have a clear view, create a gap analysis to identify the in-house resources that are most likely to support various areas or be upskilled quickly, and close as many gaps as possible in the shortest amount of time. Part of closing the gaps with existing resources is to conserve budget and onboarding (or training) time. Once complete, you can better assess which areas are left uncovered and determine their mission-critical applicability to the business.

This step helps close the technology skills gap by more intentionally assessing internal resources and who can be upskilled quickly in the key areas where you have the most pressing needs. It also indicates what FTEs you want to budget for and requisition as soon as possible to get that process moving.

2. Identify non-mission critical tasks that could be outsourced to skilled and/or specialty labor.

Areas such as administering day-to-day IT support, network monitoring, system optimization, routine maintenance, and even level 1 support are often ideal for sourcing to a proven partner. Note that I say “skilled and/or specialty labor” because there’s a big difference between outsourcing specific IT tasks on a punch list versus resources engaged in operating more intelligently and proactively on your behalf.

While both options have value in different cases, the latter is better suited when you’re working to close a specific skills gap (or multiple gaps) rather than just getting a defined task list complete. These resources will typically have a discovery phase to understand your environment and business goals and identify challenges, risks, and potential improvements. They will also typically help maximize hardware and software investments, optimize licensing issues, and monitor the health and efficiencies of the environment.

As an example, one of our clients is a state that operates 89 public school districts supporting 70,000 students across 143 schools. As you can imagine, handling this much complexity is no small feat, and they were understaffed and underskilled, with a few new employees that were not yet up to speed on the environment.

They contracted to get help with pre-scheduled as well as on-demand support, including monitoring the health of the entire environment, optimizing performance and storage across the environment, executing data backups, and spinning up virtualized environments.

If they have specific initiatives, we collaborate with their internal team to implement the plans. Specific tasks are offloaded, including proactive network health monitoring, targeted system upgrades and patching, and ensuring they leverage industry best practices while minimizing downtime.

All of that equates to more time for their team to focus on future-looking initiatives rather than fire-fighting or routine maintenance and monitoring. This client has now seen a marked reduction in resolution times, including when critical alarms, problems, and issues arise. They also have a trusted partner who knows their environment and can efficiently support them through major infrastructure refreshes.

Outsourcing to a partner also affords you flexibility in how you engage: onsite support (at some or all of your locations), remote only, hybrid (combo of onsite and remote), or fixed schedules where certain tasks are done on a predefined schedule. Such flexibility gives you the ability to make quick progress on immediate needs and adjust in the future as needs evolve.

3. Cross-train and foster agility across internal and external resources.

Sometimes rethinking your team’s structure and goals can make a tremendous difference in filling the skills gaps. Are there areas where employees could self-manage and automate across teams to break down silos, better cover at least some of the gaps, and achieve collective business goals, even if in unexpected ways?

Can you use the latest in unified communications software to streamline coordination to help speed resolution times and improve the support experience… without hiring or outsourcing? Could you identify segments of the business where non-engineering tasks can be moved from the engineers to other managers to free them to focus and possibly even expand their area of responsibility?

Thinking out of the box is really the name of the game here. As Albert Einstein once said, “Logic will get you from A to Z; imagination will get you everywhere.”

Here’s the point: thinking out of the box is really the name of the game here. As Albert Einstein once said, “Logic will get you from A to Z; imagination will get you everywhere.” While I’m not suggesting that you’re responsible for the skills gap, you’re certainly responsible for what you attempt to do about it. I’m also suggesting that using the solutions of last year and the historical organizational structure of the past may not be how to best solve it. In essence… It’s time to get creative!

In some circles, the terms ‘outsourcing’ and ‘managed services’ are used almost interchangeably. While I can certainly understand why after such a long history (by some sources, outsourcing dates back to the 16th century when British landowners started sending clothing production overseas to India to save money on raw materials and labor costs), I also know there are some important distinctions worth noting. According to RedTech, “outsourcing is when a third party does specific tasks delegated by a business,” while “managed services is when the third party manages their role more comprehensively with the aim of improving the business.”

I don’t think I could have put it better myself.

In short, managed services providers should, by definition, offer more proactive value to the business in whatever arena they are managing (e.g., help desk operations, security, backups). This isn’t better or worse than traditional outsourcing; it’s just intended to be a different model and, in many cases, a different skill set for the third-party team.

Today, however, the IT industry is so vast and deep, and there’s so much money being allocated that it can be challenging to find a provider who offers such value. That money attracts all kinds of service providers, some good and some well… not so good.

So, that leads me to expand on two recent case studies to demonstrate precisely what I mean and help clarify what you should look for and expect (if and when) you decide to engage a managed service provider.

Case Study #1: Small Business in Residential Construction (<20 Users)

One small business was using a managed services provider that was hired to provide desktop security services along with remote support and backup services. They signed on, and like clockwork, the company got a bill for a flat fee each month for said services. It all seemed copasetic for some time, and the company was initially relieved to have the kind of expert help they needed to handle critical areas of IT so they could focus on customer service and growth.

Unfortunately, they started experiencing slow response times to their inquiries, outages in services they were never made aware of, and fragmented solutions they didn’t expect with their remote and backup services. That’s when they decided it was time to shop around.

Their team came to MicroAge, and after explaining our process- and procedure-driven approach, decided to sign on. We conducted a complete environment discovery process and walked them through a thorough onboarding process, which we estimated at 4 to 6 weeks.

Our goals were to understand their environment, learn about their business and unique needs, and find and remediate anything that was broken. Our discovery process revealed they were using free versions of remote software, not executing backups as they thought previously, and did not have the right Microsoft licensing in place, among other things.

By the end of the onboarding at week 5, the company had a complete backup solution in place for servers and workstations, an advanced desktop security solution, and right-sized licensing, which gave them significantly more features they didn’t even know they were missing. Throughout the process, our team over-communicated (if that’s even possible these days…?) about the status and how we planned to resolve every issue from start to finish.

Quickly after, they moved other services to the support list, including the help desk. Today, they’re getting better support, improved transparency, more features, improved security, a central knowledgebase of issues for faster troubleshooting, regular and frequent communications, and upgraded systems. And yes, although it sounds like a cliche sales line, all for less budget than their previous agreement. Another cliche? It’s a total ‘win-win.’

Case Study #2: Large International Business in Hospitality (>500 Users)

Another large client in the hospitality industry had come to us as a customer from a MicroAge acquisition. This client had 23 locations around the world with 500 servers and explained their prior managed services provider was what I would call the ‘wild west of IT.’

They described how if there were any issues or needs, they’d text “Joe” (names are changed to protect the innocent) at any time of the day or night, and he’d simply handle it. Never mind the fact that Joe was just one guy who sometimes got ill or went on PTO, or that there was no process, procedure, ticketing, or documentation in place. It was hard to imagine that’s how an organization of that size was actually functioning, but they were… kind of.

After a similar onboarding process and cost analysis – albeit a bit longer due to the complexity of their environment – we uncovered a number of enhancements, such as:

• Migrating workloads to AZURE cloud would save them significant money and reduce support hours
• Upgrades to servers and licensing optimization meant the potential for even more savings
• Implementing ticketing could reduce resolution time exponentially
• 24/7 monitoring tools could help reduce nearly all of their downtime
• PIN rollouts could significantly improve security
• Some business applications would perform better if they moved to virtual machines in AZURE
• Remote device security and policies would improve if they were moved to centralized management
• Standing up new locations with the cloud and virtualized servers could take a fraction of the time and save 10-15% of the budget
• Proactive monitoring and patching of the environment would improve their security profile
• Upgrading security tools and optimizing licensing would save money while further improving security
• New monitoring tools could help optimize network and infrastructure performance
• Modernizing their ticketing and remote access tools would improve service levels and response time
• … and more

Final Takeaways on Managed Services

Hopefully, these case studies help clarify the kind of high-value benefits you should expect from an experienced and proven managed services provider. However, if I really had to sum up the overarching value in a few key points while you’re evaluating them, I would say it all comes down to four things:

1. Process- and procedure-driven in every aspect of the relationship, from onboarding to daily tasks and everywhere in between. No wild west cowboys. If they cannot answer your specific questions on this front, keep looking.

2. Clear, transparent, and frequent communicators from the moment you first meet them to a month or two in and beyond. It’s your business and technology environment, so if you’re uncertain what they’re doing, when, and why, that’s an issue. If you don’t understand what’s on your invoice, they should be able to explain it clearly. And based on the complexity of your business, you may talk to them daily, weekly, monthly, or quarterly; it’s up to you, but be sure it’s frequent enough for you to feel informed at every stage.

3. Experts in the areas you need most who are proactive about improving your business. Whether it’s mission-critical or secondary systems and services, a managed service provider should be proactively seeking ways to continuously improve your business and operational efficiencies.

4. Customer service-focused, meaning they operate like a true service department. They put the business requirements and needs ahead of just trying to sell you what they happen to offer. Ask a few questions about their initial onboard process, and you’ll likely see clearly if your requirements will be driving the engagement or not and how service-oriented you can expect them to be.

Penetration testing.
Maturity Assessment.
Risk Assessment.
Gap Analysis.
Framework Assessment.

Which one is right for you? Let’s take a look at each one, where it fits, and when you should have one performed. First, there are A LOT of different types of testing, and they all have their benefits and different results. It really is worth taking a look at what kind of information you want to get out of it for your organization.

Penetration Testing

Let’s start with penetration testing, as that is the one that is thrown out the most. A penetration test, by definition from the National Institute of Standards and Technology (NIST), is “a test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.” This is just one of the many definitions, but for the sake of this post, we will go with this one. There are multiple types of penetration tests, so take a look at the list below.

Black Box

This is a type of test where the assessor has extremely limited knowledge of the organization they are going to attack. This will be similar to most of the “real world” examples of an attack.

White Box

This is where the assessor has been given either credentials or some information that will easily let the assessor into the organization. These are typically used to assess how the organization’s defenses respond to an attack if the attacker has been performing reconnaissance on the organization.

On top of this, we must determine if we want the assessor to be on the outside looking in or if we want to have the assessor on the inside attempting to see how far into the network they can get.

Both options are great for finding vulnerable systems as the assessor uses tactics and tools that we typically wouldn’t use on a day-to-day basis. A lot of organizations will use these to fine-tune what they already have in place and then test again after those refinements have been put in place. A penetration test should NOT be used to figure out what you need to implement going forward.

Maturity Assessment, Risk Assessment, and Gap Analysis

Next, let’s talk about the Maturity Assessment, Risk Assessment, and Gap Analysis. The funny thing is that they are all pretty much the same thing, but each provider will have a different spin on what they offer with it. Every single one is there to determine the maturity of your security program, and they will provide great insight into the level of risk and gaps in your risk management program. There are, of course, several types of assessments that look at the different areas of compliance you need to adhere to or that focus on risk from one specific area or business unit.

Framework Assessments

Additionally, you have to take into account which type of framework you want to look at. With NIST alone, you must determine which type of framework fits your organization. For example, are you a for-profit company that doesn’t do anything with government contracts? If so, you probably fall into the 800-53 framework. Are you a DoD contractor? Then, you probably have to look at 800-171. We love helping organizations figure this out if they do not already know and cater their assessment to fit their specific needs and requirements.

When looking at a NIST assessment, we look at 108 different controls and then use all of that data to determine what gaps you have in your risk management program. If we are talking about CIS Assessments, there are 153 different safeguards to also identify your gaps. This provides an in-depth view of both what you DO have and what you DO NOT have, as well as what areas of risk you are ok with having and what areas you do not want any risk in. It can quickly get very extensive and complex.

This is where things can be really fun. After your assessment, you will be given a stack of papers that essentially details all kinds of charts, dashboards, and fancy colors, and it can be highly informative but also confusing at the same time. We like to bring a proprietary tool into the mix which provides an easy-to-consume dashboard that specifically lists out what you need to work on. This gives you an easy-to-use solution to know what you need to work on in the months and years to come. Using one of these assessments should be a good view of what tools and policies and procedures you need to implement down the road. It should NOT be used to determine the level of security of your current security solutions.

MicroAge is excited to announce that CRN^®, a brand of The Channel Company, has honored both MicroAge and cStor, now a MicroAge company, on its 2023 Tech Elite 250 list. This year’s list marks the 10th year that both companies have been featured, highlighting the combined company’s dedication to achieving the highest level and largest breadth of certifications and specializations from key technology vendors in the infrastructure, cloud, and security spaces.

Businesses rely on solution providers to maintain the highest levels of technical prowess across critical products and services to help them meet today’s IT challenges and take advantage of the benefits of cutting-edge solutions. To meet these demands, solution providers such as strategic service providers, systems integrators, managed service providers, and value-added resellers strive to maintain high levels of training and certification from IT vendors and achieve the highest tiers within their partner programs.

“We are honored to be recognized for the 10th consecutive year with this achievement. We believe this is a true testament to the synergy each company brings together under the MicroAge roof, especially regarding our values and our commitment to helping our clients achieve success,” said Rob Zack, Chief Executive Officer of MicroAge. “We are proud of our associates’ dedication to completing rigorous training and certification processes in the latest technologies. This helps us advance our mission of understanding each client’s unique technology challenges and providing them with best-in-class, innovative IT solutions and services that address their needs.”

“CRN’s Tech Elite 250 list features the leading solution providers in the IT channel with the most in-depth technical knowledge, expertise, and certifications for providing the highest level of service for their customers,” said Blaine Raddon, CEO of The Channel Company. “These solution providers have continued to extend their aptitudes and abilities across various technologies and IT practices, demonstrating their commitment and value to their customers.”

Coverage of the Tech Elite 250 will be featured in the April issue of CRN Magazine and online at www.CRN.com/techelite250.