Monday, March 28, 2022

Your Business Model: Evolve of Die

One of my favorite phrases over the past few years is . . . You be you!

I have always believed that you need to do business your way and then find people who want to do business your way. If you follow this advice, you will always be "differentiated" because you are different from everyone else out there.

At the same time, there is much to be learned from various business models you are exposed to. This is one reason why peer groups and mastermind groups are so powerful. You mix up the DNA of your business with the DNA of other businesses.

Every once in a while, a business model comes along that is powerful enough to change your business completely. For many people, managed services is such a business model. I lay out a formula that I know to be successful in Managed Services in a Month. I also lay out a different but related model in Cloud Services in a Month. And many other people have presented their versions of managed services.

But there's a downside to this as well.

You cannot adopt someone else's business model exactly. So, you takes the pieces that make sense and add them to your mix. You drop some because you just don't believe they're right for you. And so forth.

There is no pure business model. But the general business model works well enough that a lot of people with very different businesses call themselves the same thing - in this case, Managed Service Providers.

Evolve of Die

I remember two great turning points in the SMB IT community. The first was the introduction of Active Directory in Windows 2000. Many consultants decided to dig into Windows Server 4.x because they simply refused to learn the new technology.

The other turning point was the recession of 2009-2011 (more or less). It wasn't the recession alone that caused the change: It was the Cloud. The maturity of the cloud was accelerated by the recession. Again, many people simply refused to learn new technology. With their businesses in distress, they decided to sell out, quit, retire, or go to work for someone else.

In both cases, many technicians simply refused to continue their own education. The next generation of Microsoft programs, the next level of security, and the next round of technology upgrades was just too much for them. Those who stuck to it and committed to the new stuff became very successful.

Your uniqueness will always be part of your company. You simply have to let it shine. But you also need to continue working on building and rebuilding your business.

Many of you know that I love The Emyth Revisited by Michael Gerber and recommend it a dozen times a month in various settings. But that's not my favorite Michael Gerber book. It's just the starting place. My favorite Michael Gerber book is Emyth Mastery.

Emyth Mastery picks up where Emyth Revisited leaves off.

I know you've heard it a million times: You have to work ON your business, not just IN your business. That's where the freedom is! But then you discover the dark side no one talks about from the stage: You become overwhelmed and exhausted by all the work required to work ON your business.

If you're not careful, working on your business is as overwhelmed and exhausting as working in your business. You still just have a job, but it's no longer the job of the technician; it's the job of the owner working on your business sixty hours a week!

Everything about your business must be sustainable in the long run

That includes tweaking the business model, adopting new technologies, and evolving with the times. Here are a few tips that might help. (As always, easy to say but sometimes difficult to put into action.)

1) Define your business model. Sit in a chair and spend an hour writing out what you do and don't do. Who are your clients? What are your services? Why are you doing things this way?

2) Define you uniqueness. This is very hard work for many people. But you are unique. You have to be. You can't be the same as anyone else. What is your uniqueness and where does it show up in your business?

3) Don't let vendors tell you how to change your business model. Microsoft and Google are probably the most  common examples here. Neither of them particularly cares whether your business lives or dies, but they are happy to help you learn how to sell their products. 

4) Always know the next technology you will be adopting. This might be a cloud service, a business service, hardware, software, or something that's just emerging in our field. You don't have to adopt it right away, but know what it is.

5) Commit to never-ending education. You need education on the business side of things as well as the emerging technologies. When something new appears, jump in! You can't stay where you are, so pick a path and start walking.

6) Be consciously aware of your uniqueness in the industry as well as your local market. If you think you are the same as everyone else, then you believe yourself to be a commodity. No one can turn you into a commodity except you.

Yes, you still have to spend time working on your business. But it should be a passion project. It should be fun and invigorating. When it becomes too much, too hard, and just a hassle every day, then quitting slowly becomes a legitimate option. Don't let that happen to you.

The big reason to work on your business, and your life, is so that you stay in charge. Nothing should happen to you. You should choose the path you will walk - and make that path your own.

Embrace your uniqueness!!!

Comments welcome.


Thursday, March 24, 2022

ASCII Announces New Peer Group Offering

My friends as ASCII forwarded this announcement . . .


The ASCII Group Ignites New Peer Group Offering

Bethesda, Maryland – March 23, 2022 – The ASCII Group, a large membership-based community of independent North American MSPs, MSSPs and Solution Providers, is pleased to announce ASCII Spark, a new peer group offering for MSPs to collaborate with fellow members.

ASCII Spark is designed for members to come together to discuss business issues and corrective strategies in a non-competitive environment. Participants will be in a peer group made up of 10 fellow members that are geographically separated, and each group is led by a hand-selected ASCII member team leader.  

“Our objective in constructing ASCII Spark was to provide an additional means for members to work together at a deeper level while enhancing their operational overview,” said Jerry Koutavas, President, The ASCII Group. “Members have the opportunity to join forces to share best business practices with the intention of building a better IT practice.”

Included in ASCII membership, ASCII Spark is designed to enhance the community model of knowledge sharing and information exchange. With regularly scheduled, coach-led sessions, these meetings are meant to connect owners and like-minded peers to address topics that MSPs are facing in 2022 such as pricing structures, employee compensation and more.

Since 1984, The ASCII Group has provided programs, services, and resources for MSPs to better run their IT businesses. By providing ASCII Spark at no additional cost, the goal is to enrich the professional and personal development of ASCII members.

“We look forward to having deeper dive conversations with members around the latest business practices in our industry,” said Trevor DiGirolamo, Director of Strategic Projects at The ASCII Group. “By working together in a collaborative environment, ASCII members will have a leg up over their competition because of these discussions!” 

To learn more about becoming a member of The ASCII Group, please visit

About The ASCII Group, Inc:

The ASCII Group is the premier community of North American MSPs, MSSPs and Solution Providers. The Group has members located throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national and international reach. Founded in 1984, ASCII provides services to members including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more. ASCII works with a vibrant ecosystem of leading and major technology vendors that complement the ASCII community and support the mission of helping MSPs to grow their businesses. For more information, please visit



Wednesday, March 23, 2022

Two-Factor Authentication Leaves Much to Be Desired

Like most of you, I've gradually been adopting MFA or 2FA in various technologies. Most of these are via web sites. Last year I went all-in and applied it everywhere I could.

As a rule, I think 2FA is clunky at best. 

But then . . . I lost my phone.

For the most part, losing my phone was not very traumatic. I was on vacation in Mexico with my daughter and daughter-in-law. So the people I might text were with me. Email was available on my iPad. The only thing I lacked was 2FA.

Luckily, I could access my hosted desktop (Amazon Web Services desktop), which is a recognized device for many services and is exempt from constant re-verification for many services.

Rebuilding is Not A Smooth Process

Let me be clear: Nothing I went through was horrible or particularly frustrating. But it was far more tedious and annoying than it should be.

When I first started using 2FA, each service either recommended or required a specific authenticator app. I didn't know that they were all lying to me and that I could use any app. But while I was learning this, I ended up with information in Google Authenticator, some in Microsoft Authenticator, and some in Authy.

As I rebuild, I am consolidating to Authy - primarily because it is the most elegant to use across devices and is the most flexible in recovering from backup.

For most services, I had saved the backup codes. So I could get back into various services. In almost all cases, I found this process very poorly documented. And clunky. In more than one case, I had to enter one emergency backup code to request a password reset, then enter another backup code after the password reset.

This is just my speculation, but I'll bet that most of your clients (and perhaps employees) have not saved most of their 2FA backup codes. And now, as you scurry to do something about that, you'll discover that getting those codes is often impossible as they are produced only once. So to generate new codes, you have to disable 2FA (or switch to another method) and then re-enable to get new codes.

For the few services where I had not saved the backup codes, I expected a bit of a fight to regain access. In all cases, however, I found that this was a very easy process once I figured out how to access support without 2FA. Clearly, helping people recover from lost 2FA device with no backup codes is extremely common.

In the middle of this, a friend mentioned that they use Vumber ( to send SMS messages to a group email. That can make the hassles of 2FA via SMS easier.

Thankfully, about half the services were able to offer us an alternative logon by authenticating via SMS or email. I was very grateful for this since it did not require me to hassle with backup codes.

I did have a backup of my Google Authenticator, but the backup was a week old. So some changes were not recovered.

The Phone Reveals the Biggest Weakness

I reported my phone missing, got a new one, and I was . . . not back in business!

I won't go into all the details, but the process of filing the insurance claim was like an old Abbot and Costello comedy skit. To file the claim, I had to prove who I was. So they sent a code to my phone - which I didn't have. 

Again and again and again, I was asked to provide an authenticator code or information sent via SMS to a phone I did not have. This is clearly a broken system.

But the phone company was not alone. Many, many times, I was asked for 2FA in order to report a problem with my 2FA, enter a support call, or reset security. 

This is literally the biggest weakness of 2FA recovery: The process of recovery is broken. Because it requires you to access your 2FA in order to reset and gain access to 2FA, you are forced to enter a support system that costs the vendor money to provide. They will ask you for your authenticator code, but at least you can explain to the human that there's a level of absurdity in this.

Lessons (and just good ideas)

- Set up a hosted desktop or some machine you can access remotely without your phone or authenticator. Make sure you use it to log into various services so it is recognized as a known device. This will give you some access.

- The fewer authenticator apps you have, the better. Consolidate where you can.

- Backup your authenticator.

- Set up alternatives via SMS and email where possible.

- If you use 2FA with an authenticator app, save the backup codes. Be sure to save all of them in the same app (password vault) so they are secure and all in a place you can find them.

- Consider a Vumber number, or something similar, so you can receive SMS messages without an SMB device.

- Authy is the only authenticator I know of that will automatically echo a brand new 2FA setup to laptop, desktop, cell phone, and tablet (Android or IOS). If I have to use an authenticator going forward, it will be Authy.

Overall: The currently incarnation of 2FA could be a lot smoother. Sites that use it could be better documented. And you need to make sure your clients are ready for a "lost device" - because they're going to call you. The less they've prepared for a lost device, the more work there will be for you.

Personally, I am going to minimize my reliance on authenticator-based 2FA and prefer SMS and email. As long as I'm acutely aware of whether or not I have just requested a login, I believe these are secure enough for me.

Note: I understand that there are some security concerns with SMS and even more with email. But I also believe that we all need to choose a level of security that we believe is appropriate. And that generally means a balance of security and convenience. 

Your comments and feedback are welcome. Have you had a similar learning experience?


Friday, March 18, 2022

Heads Up! Making a Non-Roadshow Roadtrip to the UK

I haven't been to the UK since . . . well, since Covid! Well, I'm ready to get back to the grand old isle.

CompTIA's ChannelCon is August 2-4 in Chicago. I'm registered, and have my room. So join me there, if you can!

That leaves me in Chicago August 4th. So I've decided to hop a plane headed east instead of home.

I haven't nailed down all the details, but I am starting in Edinburgh, Scotland. I land on the 5th of August. Hoping to get some folks together for dinner, drinks, and maybe a little promotion of whatever I'm up to.

Possible community gathering: Edinburgh, August 6 or 7. Let me know if you're interested!

I'm interested in Edinburgh in August because I'm a wimp and it's the only month I'll go there. Plus, all the Edinburgh festivals will be in full swing. So that will be a nice thing to do.

Image via Wikipedia

Then I think I'll head to Glasgow via Falkirk because I've never been to Glasgow and I've never see the Falkirk wheel. As a total nerd and amateur photographer, I really want to see the Wheel. (See Wikipedia article on the Falkirk Wheel.)

I'll rest my head in Glasgow and see if they have any old sites to see.

Possible community gathering: Glasgow, August 8 or 9. Let me know if you're interested!

And, of course, I love the crowd in Manchester, and we always get a good group of folks - especially when beer is involved. So I'll take the train from Glasgow to Manchester and maybe tour some of the restaurants on the canals.

Possible community gathering: Manchester, August 11 or 12. Let me know if you're interested!

It's early times, but I have already purchased tickets to Edinburgh. I need to coordinate with possible co-sponsors and work out all the details.

Please note: Whatever we come up with, it is NOT a roadshow. In other words, it's not a four-hour event with formal presentation. Instead, it will be some kind of casual dinner with drinks and a few comments about various communities.

Please send me your thoughts and feedback. 

I look forward to getting back on the road . . . or plane. Or train. Or boat. Or whatever.


Tuesday, March 15, 2022

Most Important Checklists for Any IT Service Provider - Five Week Class Starts March 22nd

Learn how to standardize your operating procedures for both your internal company as well as externally with your client relationships and their technology.

Taught By: Karl W. Palachuk & Manuel Palachuk

- Five Tuesdays - March 22 - April 19

-- Register Now

- All classes start a 9:00 AM Pacific / Noon Eastern

This course is intended for managers and owners of a managed service business. It covers many facets of the “checklist mentality” that the instructors have used at a variety of successful IT consulting businesses.

In addition to building hundreds of checklists and standard processes for KPEnterprises in Sacramento, CA, the authors have both written books, trained individuals, and coached teams on successful processes and habits for running a modern, successful managed service business.

This course will cover daily the use of checklists in daily operations as well as the “larger picture” of running the entire company. It will address both internal checklists for running your own company and external checklists for managing client relationships and client technology.

This is an intensive live webinar course over a five week period. All assignments are voluntary, of course. But if you want feedback on assignments, please complete assignments during this course and email them to the instructor.

Only $299
Register Now

Sample Handouts for this course:

  • Class Syllabus
  • Slides from all classes
  • MPI Checklist Template
  • MPI Doc with TOC Template
  • NMW Discovery Checklist
  • NMW Remote Workstation Migration
  • How To Document Any Process White Paper by Manuel Palachuk
  • Personnel Folders
  • New Hire Checklist
  • Hiring Folder (ZIP)
  • Employee Goals Template
  • Employee Evaluation Template
  • Client Onboard Checklist
  • Client Removal Checklist
  • Roadmap Questionnaire
  • Roadmap Template
  • Roadmap Meeting Notes Template
  • Monthly Maintenance Checklist
  • New Workstation Checklist
  • New User Checklist
  • Welcome New Employee Orientation
  • Server Build Checklist
  • Troubleshooting and Repair Log
  • Time Stamp Version Standards

Live Class Starts: MAR 22, 2022

Full Lifetime Access

This course meets an elective requirement for the Management, Technician, and Service Manager certification pathways at IT Service Provider University. (See

Course Outline

Module 1 Class Introduction

  • Unit 1 Introduction  - Preview
  • Unit 2 Live Class Information

Module 2 Class Content

  • Unit 1 What is a Checklist / Sample: Daily Backup Monitoring and Maintenance
  • Unit 2 Employee Hiring Process / Exit Process
  • Unit 3 New Client On-boarding / Client Off-boarding / Quarterly Client Roadmap
  • Unit 4 Monthly Maintenance Checklist / New PC Checklist
  • Unit 5 The Pre-Discovery Checklist / Class Summary

Only $299
Register Now

Delivered by Karl Palachuk and Manuel Palachuk, authors of the Network Migration Workbook and many other books for MSPs – managed service providers.

Includes five weeks of webinar classes with related handouts, assignments, and “office hours” with the instructor.

This course is intended for business owners and managers. It is particularly useful for the Service Manager or Operations Manager.