SMB Community Podcast

The most consequential development discussed is the rapid proliferation of Shadow IT in client environments, with emphasis on the unchecked adoption of cloud SaaS applications and artificial intelligence (AI) tools by end users. Speakers noted that this has led to a substantial loss of MSP control over client IT environments, eroding trusted advisor status and prompting clients to question the ongoing necessity of working with their MSP. The pervasive use of AI and SaaS products without guidance or oversight introduces governance and security risks, particularly relating to sensitive business data being accessible to third-party vendors and potentially incorporated into external data sets.

The episode provided details on how Shadow IT emerges, highlighting the ease with which employees can adopt SaaS and AI tools through free trials, personal accounts, or non-business credit cards, often outside of IT’s direct visibility. According to Amy and El, clients are increasingly self-serving their technology needs, shifting traditional MSP-client dynamics. The conversation outlined specific governance issues, such as most AI tools ingesting client data into the cloud, with limited assurance as to how it will be used or protected unless higher tiers of service are paid for—an unlikely scenario for most SMBs using free versions.

Secondary discussion focused on broader industry fragmentation and the challenges it poses for knowledge-sharing, consensus-building, and vendor feedback. The speakers recalled a time when MSP best practices spread rapidly through tightly-knit peer groups or single platforms but observed current information channels are numerous and scattered, such as Discord, Reddit, LinkedIn, and Facebook. This dispersion hinders both MSPs and vendors from collaborating effectively and reduces the feedback loop necessary for responsive product development and operational improvement.

The key implications for MSPs and IT leaders include the pressing need to shift operational models from rigid, tool-centric offerings to relationship- and advisory-focused services. There is heightened risk if MSPs fail to address governance and security concerns, especially as end users continue adopting technology independently. Speakers recommend implementing proactive client education, detailed risk analysis on SaaS and AI integrations, and establishing clear communication strategies to reclaim the advisory role. MSPs are encouraged to align compensation models to advisory activities, as future client value is projected to depend more on strategic guidance than product-resale or ticket-resolution metrics.

Title: How are you managing Shadow IT?

Topics:

How are you managing Shadow IT?

Is the MSP industry too fragmented in how we share knowledge?

Why do MSPs exist? (blog posts from “Amy’s Sayings”: https://www.thirdtier.net/?s=Amy%27s+sayings)

What does it mean to be a M365-based MSP in 2026?

Upcoming events:

Zero Trust Workshop- 3 sessions starting May 28. 

Register here: https://www.thirdtier.net/2026/04/27/arriving-in-may-zero-trust-workshop/

Mastermind Event with James (and Amy is a guest speaker!) in Omaha, NE

Register here: https://kernanconsulting-mastermind.mykajabi.com/mastermind-event

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Recent reports highlight that Google Chrome and Anthropic’s desktop applications have introduced covert, non-optional downloads onto user devices without explicit notification or opt-out mechanisms. According to referenced analysis, Chrome has been silently installing its Gemini Nano AI model, and Anthropic’s Claude desktop app is deploying browser integrations across all Chromium-based browsers. These installations are performed without seeking user consent and, in some cases, persist even after attempted removal, raising direct concerns for device security and user privacy.

The increased risk is substantiated by internal testing from Anthropic, which found that these browser integrations increased successful cyberattack rates by 23.6% and offered minimal mitigation (11.2% reduction) even when defensive measures were taken. This unnotified software deployment expands the attack surface for user devices and can compromise operational control for IT providers managing client environments. The practice also indicates a shift in vendor behavior regarding user transparency and system sovereignty, as noted by Speaker C.

Adjacent to these developments, the episode discussed “vibe coding,” where non-technical users leverage AI tools to generate code for business tasks. This trend introduces new support and security burdens for MSPs as clients independently create potentially insecure or unsupported automation. Some MSPs are revising their Master Services Agreements (MSAs) to clarify that remediation of issues stemming from client-generated or AI-assisted code will be billed separately and are not covered under standard support contracts. The discussion also featured account of ransomware attacks on education platforms such as Canvas during critical exam periods, underscoring the importance of contingency planning and backup strategies.

The implications for MSPs and IT leaders include heightened due diligence requirements regarding vendor software behaviors, increased need for endpoint and application visibility, and updated governance around end-user-initiated automation. To reduce operational and reputational harm, MSPs are encouraged to establish explicit client policies covering AI tool usage, conduct AI readiness and risk assessments, and formally delineate the scope of managed responsibilities in client agreements. Effective communication and continuous advisory engagement are positioned as vital to maintain alignment with client priorities and mitigate emerging technology risks.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Employee recognition structures and their risk-reduction implications received primary focus in this discussion. Both Amy Babinchak and James Kernan outlined verification-based strategies, such as leveraging Microsoft Teams' Praise app and Bonusly, a peer-to-peer micro-bonus platform, as cost-neutral or low-cost starting points. They emphasized that implementing structured recognition—either verbally, digitally, or via peer-nomination systems—directly supports workforce engagement and mitigates retention risk. James Kernan described anonymized in-house recognition systems, where peer acknowledgements are aggregated and rewarded via a monthly raffle, which included prizes typically sourced from vendor swag.

Specifics included integration of recognition apps within established workflows and processes—such as Microsoft Teams for informal praise, and Bonusly for monetary or non-monetary peer-based rewards. Amy Babinchak noted that client compliments of staff are internally broadcast for transparency and morale. Both speakers advocated for public, peer-inclusive recognition in the workplace, with an explicit focus on acknowledging day-to-day contributions rather than relying solely on annual reviews or monetary raises.

Further, operational and vendor management challenges were covered: Amy Babinchak articulated concerns that help desk KPIs often measure unproductive metrics and stressed the importance of incentivizing conversational and advisory staff interactions over ticket speed. Discussions also addressed the evolving Microsoft Partner Program, noting its complexity, shifting incentive structure, and the administration required. Alternative licensing approaches—such as MSPs enabling clients to purchase directly from Microsoft or using different distributors—were analyzed for cost and administrative impact. Additionally, strategies for navigating hardware supply chain volatility, including the use of white box solutions and refurbishments, were discussed in the context of margin preservation and client-specific risk management.

The episode underscores for MSPs and IT leaders that systematic and visible employee recognition is a quantifiable retention and engagement strategy with minimal operational risk when thoughtfully implemented. Tactical decisions around help desk KPI selection, distributor choice, and hardware sourcing require ongoing evaluation to balance cost control, performance, and administrative overhead. Transparent data-driven management, especially concerning staff performance and licensing economics, can both reduce operational risk and foster a more resilient service provider organization.

1. How do you motivate your employees –ways to reward employees

https://bonusly.com/pricing

https://learn.microsoft.com/en-us/microsoftteams/manage-praise-app

2. Helpdesk KPIs 

https://www.dropbox.com/scl/fi/84v9ri236n5ck1x8mgf2w/KERNAN-Financial-Goals-and-KPI-s.doc?rlkey=e1qugzgn8x6lzqgesfqjeawew&st=1ma7g8hq&dl=0

3. Is the Microsoft partner program worth it? And how should I buy Microsoft  licenses?

4. Supply Chain challenges and price increases – whitebox or refurbs?

5. What does an AI MSP look like?   https://www.thirdtier.net/2026/05/01/deep-thoughts-on-msps-in-the-ai-age/

Amy's preferred white box vendor: https://equuscs.com

UPCOMING CHANNEL EVENTS:

In-Person MSP and Channel Partner Events

Reinvent Telecom – May 12-14th, 2026

Zero Trust Workshop -  May 28th- 3 weeks 3 part series   https://www.thirdtier.net/product/zero-trust-workshop/

Mastermind Event – July 30-31st, 2026     FREE PASS LINK: http://bit.ly/kernanmastermind

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Compensation models for technical staff in MSPs require careful alignment with business objectives and operational capacity. Both James Kernan and Amy Babinchak emphasized that financial incentives such as commissions or bonuses can be appropriate when technicians are directly responsible for generating additional monthly recurring revenue (MRR) or securing new accounts. However, they noted that proper monitoring tools are essential to track productivity and ensure fairness—without adequate systems, variable compensation based on efficiency or project profitability can introduce operational risk and potential inequities.

Supporting this, Amy Babinchak described implementing a tiered productivity incentive where technicians received additional pay for surpassing utilization rates above 80%, but expressed concern over excessive overtime. Both speakers underscored the necessity of clear job role definitions; rewarding sales activities for technical staff may be appropriate if it aligns with broader company goals and does not compromise core technical duties. Non-monetary recognition, such as trophies or gift cards for ticket resolution or utilization, was also mentioned as an effective, low-cost incentive.

The episode expanded to analyze current challenges in industry education and vendor-driven events. Citing a survey from the "All Things MSP" group, Amy Babinchak reported that 86% of respondents believe MSP conferences are now allocating too much budget to entertainment at the expense of substantive educational content. Comments from participants indicated skepticism toward vendor-led sessions, noting that paid speaking slots are typically used for product promotion rather than useful training, raising questions about increasing conference costs and the dilution of actionable takeaways.

Key operational topics included shifting preferences among AI tools, with both speakers confirming recent moves toward Claude and Copilot, and persistent debate over MSP documentation practices—ranging from ad-hoc tools like OneNote to industry solutions. The discussion concluded with an observation about payment processing costs: James Kernan highlighted a case where $24,000 in annual credit card fees significantly reduced firm profitability, stressing the importance of passing such costs on to customers or utilizing ACH to preserve margins. MSP leaders are encouraged to assess compensation structures, conference participation ROI, and vendor relationships in order to minimize risk, align incentives, and ensure operational resilience.

 Question of the week:  Should I pay my tech commissions?

Rod Trent Substack: learning to talk to our apps https://rodtrent.substack.com/p/the-new-normal-talking-to-your-apps?r=h2641&utm_medium=ios&utm_source=notes-share-action

 

Do you think that MSP conferences are spending too much on entertainment and not enough on education?  All Things MSP survey

 

What is your favorite AI tool right now?

Blog post: AI Image Generators Can Now Spell: https://www.thirdtier.net/2026/03/20/breaking-news-ai-image-generators-can-spell/

 

What tool do you use for Documentation? This is more for the smaller MSPs or internal IT folks not running something like IT Glue or Hudu. GitHub: https://github.com/   

 

 TALES FROM THE FIELD: Payment processing fees of 24K reviewing financials during valuation.  Alternative Payments and other payment automation firms help reduce/eliminate these fees by giving customers options for EFT or passing fees to them.
https://www.alternativepayments.io/

 

UPCOMING CHANNEL EVENTS:

Reinvent Telecom – May 12-14th, 2026

Mastermind Event – July 30-31st,2026

Amy’s Podcast Appearance Book Tour happening! Learn more about the book here: https://www.thirdtier.net/20-questions-every-msp-owner-asks-before-selling-their-business/

 

                     Do you have a story from the field that you’d like to share? Or a question you’d like us to answer? Email it or send it as a voice memo or video to [email protected], and we just might use it in an upcoming show.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A central theme of the episode is the challenge of communicating and defending pricing for managed services. Amy Babinchak and James Kernan described frequent client objections regarding cost, focusing on the importance of articulating clear value propositions. They noted that most client resistance either stems from an inadequate understanding of the provider’s value, or from attempts to negotiate lower pricing. Responding effectively requires MSPs to explain differentiators and to consciously decide whether a prospect aligns with their value-based approach.

Supporting this discussion, Amy Babinchak argued that many MSPs risk commoditization by relying on standardized, transactional service offerings. She highlighted a shift toward consultative selling, emphasizing the need to focus on unique solutions—such as AI guidance and security enhancements—instead of basic recurring services. Both speakers remarked that as automation and AI become more prevalent, differentiation and consultation will increase in relevance and provide a pathway to sustained business models.

Additional topics included emerging security threats related to USB drives. Amy Babinchak reported that widespread vulnerabilities, particularly in devices manufactured in China, have exposed businesses to high risks of malware via unencrypted firmware. She recommended MSPs phase out low-cost, unbranded memory sticks in favor of hardware with encrypted firmware, noting associated costs can be in the $100–200 range. The episode also addressed the responsibility for user security awareness training, with both hosts asserting that the MSP must ensure not only provision but active client engagement and outcome tracking, rather than relying solely on offering the service.

The practical implications for MSPs and IT service providers lie in proactively managing client expectations, emphasizing measurable value, and maintaining vigilance regarding hardware supply chain risk. Providers are encouraged to improve governance by reviewing service portfolios, confirming active usage of bundled offerings, and conducting regular business reviews. Regarding security, due diligence in vendor management and sound end-user education policies are highlighted as essential components of operational risk reduction.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.