Managed Service Providers — Strategy
Altitude: years. Decisions here shape your whole book of business, not a single client.
As an MSP you don't sell hours; you sell a repeatable, scalable service to many clients at once. Strategy at this level is about portfolio, standardisation, and liability — building a business that gets more profitable and more defensible as it grows, rather than less.
Service portfolio design
The core strategic asset is your service catalogue: a deliberately designed set of offerings rather than whatever each client talked you into. The classic structure is a ladder:
- Break-fix — reactive, billed per incident. Lowest commitment, lowest margin, hardest to scale. Useful as an entry point, dangerous as a core model.
- Managed — you own the outcome for an agreed monthly fee. Predictable revenue, but only profitable if you've standardised (see Tactical).
- Co-managed — you work alongside an internal IT team, filling specific gaps (security, after-hours, projects). A growing and high-value segment.
The strategic discipline is steering clients up the ladder and resisting the urge to deliver bespoke snowflakes at managed prices.
Standardising the stack across the client base
Every additional tool, vendor, and configuration pattern you support multiplies your operational cost. A standardised technology stack — the same RMM, the same security tooling, the same documented baselines applied to every tenant — is what makes a managed model profitable. Heterogeneity is the enemy of margin. You will sometimes inherit non-standard environments; the strategy is a deliberate plan to converge them, not to support everything forever.
Security as a productised offering
Security is no longer a value-add you give away — it's a product line. Packaging Essential Eight uplift as a defined offering (assessment, roadmap, implementation, ongoing maturity reporting) turns an open-ended worry into a sellable, repeatable engagement with its own margin. It also protects you: clients who decline the security package have made a documented, informed choice, which matters enormously when something goes wrong. The technical baseline you'd deliver lives in the Technical Library.
MSP-specific risk: you are the target
This is the strategic risk that distinguishes an MSP from any other business: you hold the keys to many clients at once, which makes you a high-value target. A supply-chain compromise of your RMM or your administrative tooling doesn't breach one business — it breaches your entire book simultaneously. This has happened to real MSPs, repeatedly.
Strategically, that means your own security posture is not an internal matter — it's the foundation your whole service rests on. It also increasingly shows up in your clients' obligations: under APRA CPS 230 (in force from 1 July 2025), APRA-regulated clients must actively manage material service providers like you. Being the provider who can evidence strong internal security becomes a competitive advantage, not just a cost.
Pricing models and where margin actually lives
Margin in an MSP rarely comes from the headline service fee — it comes from efficiency and standardisation. Per-user and per-device pricing scale cleanly; all-you-can-eat models punish you for client growth in tickets. The real profit lever is the gap between what you charge and what it costs you to deliver because you've standardised and automated — which is why the Tactical and Operational layers, not the pricing sheet, are where MSP strategy is actually won or lost.