Websites as a Service for MSPs (EP 964)

Hello friends, Uncle Marv here with another episode of the IT Business Podcast. That's right. I'm back and back for a short time.

I am in between conferences, folks, it is that time of year, but we are scheduled for a live show tonight coming up a little bit later. The mayor of Johnson City, Jason Miller, and his cohort, Landon Beall, will be joining me. This is the show where we talk about IT business, managed services, all those things to help you support your business customers better, smarter, and faster.

However, the big story that I want to share with you tonight, you guys have known how cold it's been here in Florida recently, with temperatures getting into the 30s and 40s, and yes, it actually hit 38 down here in Fort Lauderdale, Florida. It's that time of year where it is cold enough to cold stun iguanas. They fall out of trees, or in this year's case, they actually get stuck in trees and become tree chickens.

So this is how bad it got, folks. The Florida Fish and Wildlife Commission this year responded with a temporary executive order that allowed the public to collect and transport live cold stunned iguanas to designated offices without a permit because they are a prohibited invasive species. And so by the end of the event, over 5,000 iguanas had been turned over to the FWC.

But that's not the big story. It is estimated that about 8,000 iguanas were actually found dead. That's right.

They got stunned so bad, they never woke up. So the official count that was dropped off was 5,195. It is not known what the actual number is of dead iguana, but it is definitely 8,000 plus.

That is your story. And so for my good friend, Don Sizer, who really wants to start an iguana tagging business down here, yeah, might not need to. We have a couple of more cold spells like that.

So that is your big news Florida man story of tonight. I'll have links in the show notes for you. Let me tell you also, I want to give a big thank you to some folks.

I talked a couple of weeks ago about this SharePoint project that I'm doing for a new client. There's a lot more to the story, but the bottom line is their old IT person is leaving and we need to fix their network. They are a mix of in-office and out-of-office people, and they are sharing everything through OneDrive.

But not just OneDrive where everybody's sharing. All of the company documents are shared through this one person's OneDrive where that admin has shared out folders to everybody. So now I've got to fix it where we load all of the documents into SharePoint and the company wanted to be able to restrict people from being able to access those documents, not just by username, password, and multi-factor, but also by device.

And that was what I had sent out the bad signal for. I reached out to my good friend, Giles, our 365 guru in the community. Reginald Andre responded to me, I believe, the very next day after the show and got one of his engineers to also help me.

And then I spent some time in a Zoom call with Kevin, I'm going to say Dutkiewicz, I can't remember how to say his last name. But those of you that know, you know, and we all talked about it. Now here's the thing.

I've got just about everything done except for the isolating of the actual devices because there has been some inconsistencies where if you tag a machine by device ID and you try to coordinate that with all the conditional access policies and stuff, sometimes it doesn't work. And even in my quick testing, oh, I could block devices, not a problem. However, even the devices that were hybrid joined to Azure were still getting blocked.

So I have to forego that for now. The big news is I have to finish a lot of stuff by Friday. That is the IT person's last day.

We're getting all the documents over; I've backed up everything. I think we're going to be good and then I'll spend the coming weeks actually doing more locking down. But if any of you, again, have done this consistently.

Now, let me also clarify in situations where it has worked, it is usually been with a network that is doing a SASE VPN connection. We are not. The people that are in this office, they are in the office.

The ones that are coming in are either coming in through TruGrid to a local workstation or they are 100% remote and they are working directly in the cloud. So they're not coming into the office. We're not doing SASE.

While I do have endpoint protection on those machines, we are not doing SASE. So that is probably the one caveat that everybody needs to remember. So if you give me a suggestion, I'm not doing SASE.

So that's how that's going to go. But I do want to hear any other recommendations while I go through with this. Let me also say hello to people that are sitting out in the audience.

My buddy, Tim Golden. Hey, bud, how are you? And Valerie, the lady giving me a lot of pressure. I am here, but I just have you on mute for a second.

Well, that's not good, Val. I don't like that. Anyway, I also want to give a shout out.

I mentioned the conferences that I was going to since I was with you last. I know that I mentioned that I was going to be at the ITMSP Expo, which was here in Fort Lauderdale. Did a show on that.

Talked to my good buddies at Cork about that. And got to give a shout out to Dan Candy, CEO over there at Cork. He talked about the car that I talked about.

And I did not realize that this was a 69 Charger. So yes, Dan, OK. I'll take that.

But I think I want to put my 69 Chevelle Malibu up against the 69 Charger to see who will win at a race. I doubt anybody's done that. But if there is somebody who wants to try that out, well, I don't have the 69 Malibu anymore.

But that was the car I had in college and grad school. And it was a beast. Let's see here.

Last week, I was at Channel Pro Defend. Got the bag of swag here. So see if we have time to talk about that.

That was a great event. Saw several people there. I posted on both LinkedIn and the Facebook with some of the pictures I found.

Some people you did not see in the photos. My girl Tiffany from Avast was there. Let's see, the Caspers were in the photo, Jay-Z.

My friends from Island Router, Brian Doty. If you remember the holiday party from two years ago, Allie from Satellite Beach was there, wild hair and all. Caught up with her.

And we'll talk about all of that. So I'll share more on Channel Pro Defend later. Next week, Zero Trust World in Orlando.

Yes, a lot of things going on. That is happening March 4th through March 6th. The premier cybersecurity experience of the year.

This isn't your average conference. It's three days of real-world training, hands-on hacking labs, powerful keynotes, and actionable Zero Trust strategies that you can use the moment you walk out the door. Learn from industry heavyweights like Adam Savage, Jason Silva, Linus Sebastian, and more.

Dive deep into attacker techniques and take your skills to the next level. Plus, you can earn your Cyborg Hero certification, get face-to-face with experts, and even compete to hack a custom $5,000 PC. If you hack it, you own it.

You get to take it home. So that is all happening there. Head over to zetw.com, register.

There's still spots available. If you're going, let me know. March 4th through the 6th, Orlando, Florida.

Our good friends over at ThreatLocker presenting the sponsor of tonight's show. Thank you very much. Let's see what else is happening.

Oh, there's a chance that I will be going to another conference this May, and it is going to be a new conference for me. It is going to be a new location for me. I'm about 80% committed.

The question I have though is, is there anybody from Minnesota that can tell me what's good there? Because that's where this conference is. Minnesota. Interesting place.

That's all I'm going to say for now. We will talk more about that, Minnesota. I'm glad it's in May.

All right, let's do this. Let's go ahead and get to our guest for tonight. I mentioned him earlier, but I'm going to start with his cohort, Landon Beall, because Landon is a special celebrity guest tonight.

He was the gentleman that asked the question on Zero Trust that we've already had one episode about, and we're going to be doing more of that. I'm talking about Landon Beall from Unbound Digital. Landon, how are you? I am doing quite well, Marv.

I appreciate the time to come on the show and talk to folks. All right, well, thank you for being here, and I'm just going to say this before he comes on. It's about damn time.

Let's just say that. I've been trying to get you guys on the show for this very thing for a couple of years now, and I know he's busy. He's got kids.

He likes to travel. He's going to be the next mayor of Johnson City Jason, welcome to the show. How are you? Doing great, doing great.

Can't complain, Marv. I don't know about the next mayor but still trying to defend my title for community champ after that Facebook post the other day. Listen, you're going to be too busy to defend the belt, so somebody's gotta step in and take it.

Oh, no, no, no. We're not taking it. All right.

That's all you post with the belt. So, I mean, the reason I finally convinced Jason to come here is I figured out a cracker code. The IT Business Podcast logo, it's a crossover cable.

It's not a regular ethernet cable. So once I cracked that code, Jason's like, okay, we can go on. The first person to actually say anything about that cable.

So for the closure to everybody here, Designer Ready is technically a sponsor of the IT Business Podcast. They are doing my website for my business, mbsystems.net. Now, granted, I have not done everything I need to do to make that website better as you guys have suggested. It's functional, which is kind of how I am because I don't get my customers from the website, but I could probably do better.

But I do want to say thank you for doing that for me and contributing to the show. But let me ask a question to the listeners. How many of your clients' networks are protected by a firewall? A lot of people shaking their heads and hands up.

How many have the endpoint protection? A lot of hands up there. How many are backed up? There'd be lots of hands there. The next question is how many of those same clients have a website that is sitting out on the open internet? Websites that don't get monitored, websites that we didn't build, websites that we don't secure, and what could be one of the biggest points of liability for a customer is when their website gets hacked or gets down.

So that's where I think a product like this, you guys have put together, can come in handy, but the positioning that you guys have done it is a little bit different than most. So let's first get into the birth of Designer Ready. How did that start and what made you decide to offer it out to everybody? Well, Marv, kind of the beginnings of Designer Ready was just an idea we had.

We wanted to start doing website design for our own sales, our own MSP. And so as we started for our own MSP and trying to figure out the pricing model and everything worked well for our customers, one of the biggest things we figured out is most of our customers are built on a monthly fee. Flat fee for IT or your Office 365 licenses, your hardware as a service.

And so it just goes on a monthly bill. Most web designers out there, they want to charge as big as ordinate fee. They want to get these customers with a large amount of money up front, then a monthly fee after that or hosting per year.

And this just doesn't fit the model of most of our MSP clients. So we just kind of developed this out of the need for our customers to be able to have just a flat monthly fee on their bill, makes it easy barrier to entry, makes it an easy sell to them and just makes it super smooth the whole way. Well, let me ask you about the monthly fee because I do know a lot of web people.

I have a couple that I use for my clients before you guys got in the game and they charge a monthly fee but it's usually just for maintenance and backup. And anytime there's a change that a customer wants, that's an extra fee. So when you talk about this website as a managed service, are the regular updates and changes included as part of that fee? Definitely, yeah.

So our websites are all inclusive, one flat monthly fee. We take care of design from the ground up. It's not templates.

It's not anything that you go out and buy a template and throw it on there. We build the website from the ground up, custom how you want it, custom colors, custom brand kits. We can do logos if you need us to design a logo, as an additional service there for the logo.

But as far as the website itself, we're able to do graphics for the website, pictures. The monthly maintenance is included. So all of your updates to the website, if you put a website on the internet and have this as a managed service, it's gotta be updated.

We've seen so many websites out there that are not updated, not kept up. And so you'll log into a WordPress website and see 60 plugins that need to be updated. It's like, oh my gosh, what a mess.

But with us, the way we handle that is we update every website on a daily basis. Backups in two different places, one on our hosting provider, one off our hosting provider, because we really like backups as an IT guy. So we also do all the plugin updates.

WordPress core updates, PHP updates, pretty much anything it has to have for that website is done. We also give four changes per month because we don't want people getting nickel-dimed on their website. So we want those changes to be able to be, hey, I just need this added on here.

I got a new event coming up. You know, add this new text, add this new employee, whatever it is. It's just done.

It's one flat fee. They don't have to think about it. It makes it easy for the MSPs out there.

And you know, we're an MSP as well. Makes it easy to sell. And then, you know, our motto in our business is just like, you know, it's just a flat fee.

You know what it is. You know what you're going to pay. And it's one price.

And that way you're able to just, you know, sell that to your customer as is. You don't have to think about it. They're not going to get beat up on a price anywhere.

All right. So as I understand it, you guys started, I don't know, was this three years ago that you started this? Yeah, right around three years. All right, but it was kind of under wraps, you know, hush, hush.

And then apparently things are now taken off. And I want to know how much of that is because of Landon. How much was it because of Landon? Well, Landon is very knowledgeable about websites.

So he's definitely helped our program out a lot. We have a, he's kept our team going. We've had, you know, two other web designers behind the scenes there.

So Lee and Carmelo are the other two designers that help out. We're constantly changing things, updating things. So, and you say under wraps, the whole under wraps part is, you know, we're developing a new product, you know, designer ready.

We want to make sure that before we launch something like this, that, you know, as we, for our MSP, we have it, you know, rock solid. We have it developed how we want it before we start offering it to somebody else, so. Yeah.

All right. And I would, and I would also say, you know, my kind of my role is I'm a lot of a Swiss army knife around here at Unbound Digital. So when I started here a little over three years ago, designer ready was kind of in its infancy then.

And, you know, we would talk about it from time to time. And it was always like, okay, this is awesome. When are we launching it? Kind of, kind of in my story, I got into websites back around 2012.

That was really my first foray into IT. Was getting out of high school and then immediately diving into the world of web design and did a lot of freelance work back then. Not really at a professional level, but just kind of semi-pro growing into it.

When I finally went into IT full time, continued to build and grow those skills, built some professional websites for folks. So by the time I ended up with Unbound Digital and just in the course of conversation, started talking about the website services we already offer. Jason realized, okay, here's all these things I've been trying to do.

And so, you know, we had some brainstorming sessions. We were able to, you know, finish that brand focus so that people actually have a website they can go to and learn about designer ready. Finish building our pamphlets and finish kind of developing our internal stack because there's a lot to it.

Jason already mentioned that the big focus for a designer ready partner is that flat fee, being able to have one price that you offer your client and they have all of these different services. But being able to really outline what those services look like. You're getting duplicate backups.

You're getting regular monthly website care reports. You're getting regular analytics data. You're getting agency plugins.

You're also getting the regular maintenance support included. And so, how do you deliver an experience like that and it be consistent for every partner? It's not an easy answer. It requires, you know, good firm operations planning and really scaling that at a pace that works for MSPs.

So that's been a fun part of what we've been doing. Yeah, so let me ask this because part of, I mean, I asked Jason earlier about the monthly fee going beyond maintenance and backup and stuff. So one of the things that when we started talking about this is this whole idea of security and all of that stuff.

Now, my understanding or my experience, I should say, with security is getting something in my stack where I can go out and scan a client's website in order to come back and tell me if there are any exploits or any vulnerabilities or patches and things like that. But you've introduced some stuff that I wasn't quite sure of, and I don't know if anybody else has ever mentioned it before, but this whole idea of ADA and WCAG compliance. What the heck is that? That is my wheelhouse.

So the Justice Department has begun enforcing ADA compliance for websites and digital services in recent years, the same way that they would enforce those requirements for accessible bathrooms, accessible entryways into buildings. And what it's turned into is, one, an important piece of a business's stack and how that business is able to connect with people. But it's also led to your normal hawks that you get in this world.

And so there are, in addition to legitimate concerns about ADA compliance, you do have your frivolous lawsuits that are filed over that. And the issue becomes if your website's not ready for ADA compliance and ready for accessible users, you are placing your business at risk of a lawsuit and being sued. There's really two levels of ADA compliance.

One is going to be Title II. One is Title III. Title II is going to be state and local governments.

There is no exception for a state or local government entity to be ADA compliant with their website. So any MSPs that work in the government space, those government clients have to have accessible websites. It's not negotiable.

So when you say accessible, let me understand that. Are we talking about somebody that is either blind or hearing impaired or whatever has to be able to navigate a website that way? Is that what we're talking about, or is it something else? Exactly. It's from a digital accessibility standpoint.

So if you have a blind user, if you have a user who's hard of hearing, even if you have someone who has low vision issues, then an accessible website would also fall under ADA and how that is treated from a legal perspective. And one of the things that we've seen, too, is as AI has started to enter into the picture, you also have to treat AI as if it's blind. It doesn't have that visual input.

So if your website's not accessible for human users, your website's also not going to be easily readable by AI tools if someone with a disability is using ChatGPT, Claude, Gemini to, hey, can you tell me what's going on this website? Can you tell me some information about this business and how I can get in touch with them? Well, as the model reads the website, if it's not accessible, it's not going to be able to pull that information that the person is requesting a pull because essentially the AI model is blind. So it comes into big play with Title II. Title III is any business that has a form of public accommodation.

And from a legal standpoint, that could be something as simple as, hey, I'm a law firm, but I have the front lobby. Or, hey, we don't have an open storefront, but we have an online portal where clients can go make payments. Both of those would fall under a public accommodation, and they are not exempt under ADA.

Okay, something doesn't sound right because I know a ton of businesses that have online payment portals, and all of us have a lobby, but I've never heard of having to make sure that my website is ADA compliant. So what am I missing? It is something that is newer in the sense that more businesses haven't been talking about. The Justice Department guidelines.

Valerie's heard about it in the chat. She just put it on here. This is spot on.

She needed it apparently. So, all right. Yeah.

Those guidelines, I want to say they started roughly about 10 years ago. I could be just a hair off, and then they really started enforcing them over the last several. States in particular are really starting to ramp up enforcement over the last two years.

So in our general vicinity in Tennessee, North Carolina, Virginia, and Georgia are all ramping it up very strongly. If you go to the state websites for any of those three states, they have very specific guidelines for what you must do to meet Title II compliance if you are a local government, or if you work directly with a local government and their digital assets, you also will fall under Title II. It varies a little bit to what degree that includes.

That doesn't include things like a building maintenance contractor for a government, but it will include things such as if you work directly with that government as a subcontractor who's projecting yourself as offering a direct service from that government. Okay. So, most of that has nothing to do with security or risk.

That just has to do with compliance from the government standpoint and digital access. Yes. Does it ever translate into security or is security completely separate? Security is completely separate.

Now, what's cool about what we can do is for all of our designer-ready clients, we are tracking with free ADA scanning. So, we'll place a plugin widget on that website that allows us to have insights into, hey, how compliant is your website? Is it up here? Is it way down here? And then if it's a government client, we don't give them the choice. They have to pay for remediation to stay compliant.

If they're a business, we do give businesses the choice. Do you want free or do you want to accept the risk of a possible lawsuit? There is no way to completely prevent the possibility of an ADA digital lawsuit. You could be doing everything to the letter and it doesn't prevent somebody from suing, but we work with a platform that allows the client access to basically legal paperwork, saying, hey, I've been doing all this, I've been doing this, and they have an entire legal assistance team that can assist in the event of an actual lawsuit.

All right. By the way, I'm scanning my email to see if there's anything I've ever missed about my website. Again, I've never heard of this, so I don't know if you guys sent me a notice saying, hey, you need to fix this, but I don't see anything in here.

Yeah, and like I said, for businesses, it's been a case where we mostly let businesses accept that risk if that's something they want to accept. Governments is where we've had to be very proactive, saying you got to do it. It's not an option.

Okay. All right. So let's go ahead and slide over to security from the standpoint of, I asked the questions at the beginning of the show.

We do protect a lot of other things. Most of us don't do websites. We outsource that to somebody.

We leave the web gurus. It's usually hosted on another platform. As long as we have control of the DNS control panel, I don't care, but I do scan the sites though.

What are some of the hidden risks out there that we're ignoring by not dealing with websites? Yeah, I can take that if you want me to, Linda. Yeah, and I got a couple to add to that, but go ahead, Jason. Okay, sure.

So one of the things we do with our website for security, being an IT company first, MSP, we take security seriously. So as we're building this design-ready platform, when we're looking for how we're going to host a website, how we're going to deliver that website to the end user, then how we're going to protect it on a daily basis, weekly basis, monthly. So basically, that website's hosted on a platform.

Each website's kind of containerized in its own little bucket, per se. So no other neighboring websites, like people that have shared hosting out there, you know, if one website does something crazy, it affects another one. One of my good friends used to host websites on a shared hosting server, and he'd have all of his websites go down at once.

It's like because somebody's website on that server was getting slammed or getting hacked or something. Our platform's built to where everything's containerized, every website's in its own thing. So as far as security, your neighbors can't see you, you can't see your neighbors.

So that's the first step in providing good security. Second step is we use Cloudflare Enterprise in front of all of our websites. So not the free Cloudflare, but the Cloudflare Enterprise.

Cloudflare, if a lot of people out there know that it serves up websites, provides DDoS protection, provides some security protections, provides all kinds of other protections as well from numerous things out there. And a lot of you guys know about Cloudflare out there, but then, you know, we want to back up that security with a web application firewall or a WAF. So on top of that, our hosting has a web application firewall where we're putting rules in there all the time, manually and also automatically.

So those rules are fed, you know, signatures to protect just like anything else. And that'll stop all kinds of other things. And as far as the protections and security, of course, you know, not quite security, but a good backups.

Like we mentioned before, we have two separate backups and then the people behind it is also part of the security, you know, doing the updates on a daily basis, providing, you know, we use the WordPress platform is what we use. So using that to, you know, updating WordPress core, plugins and everything comes along with that. So that's kind of like the overall arching security mindset there.

And I don't know if Landon has something to add to that if I missed, so. Yeah, for us, there's kind of two pieces. Jason touched on the majority of them.

Uptime is a big part of our security and it's, you know, you wouldn't think that uptime factors into security, but it really does. I have a Lean Six Sigma Black Belt background. So for me, trying to get as close to five nines as possible is really the goal.

With our websites, we guarantee four nines. So that's less than a one hour of downtime per year. And, you know, a good example of why is, you know, you can have something crazy happen with the CDN and indeed that happened not too long ago.

I know a lot of people dealt with CDN issues about three to six months ago across the wide web. So we understand things happen, but as far as our hosting time, our hosting time has the four nines of uptime. And from a security perspective, I'll give you some specific examples of why we have in place an enterprise CDN and why we have in place a web application firewall.

So during the last election cycle, we had a client in the government space. And during that cycle, one of their websites was actively attempted to be breached from overseas. And we were actually able to catch it in the middle of the night.

It happened after hours. We started getting alerts in our inboxes and we're saying, this is not right. And come to find out, it appeared to be they were, you know, attempting to get in.

They may have gotten a credential leak in the dark web. We're not sure. But what we were able to do because we do have that firewall in place is one, prevent them from ever getting in.

They never breached the systems. And two, we were able to isolate that particular country that the traffic was coming from. The attacker was using relays in three different countries to try and facilitate the attack.

So we isolated traffic from those three countries. The issue stopped and client was never the wiser. They just, they kept moving along.

And what was actually funny is that another adjacent locale that they worked with did know that it had happened because it had happened with other systems as well. And they had to get the state involved to help them. We didn't have to do that.

We were able to just get it solved and the client was back on their way. Another great example is we had a client that we brought on and this client works with children. They work in professional services with children.

And before they came to us, they thought it was a good idea or not the owner. I think they had a staffer, thought it was a good idea to use a free DNS service. Of course, it's free.

It's gotta be good. It's gotta be great. I want to pay for it.

So when they moved their services to us, they just decided to keep their domain name at the time and come to find out they were using that free DNS service. And that service decided to start redirecting their web traffic to inappropriate material. And because we were hosting their content, we were able to get the client on the horn very quickly, change those DNS records and point them away.

But the problem is because that free DNS provider had the previous records of where they were located, it took a while for things to update on the web. And so we got them back up and running within about 30 minutes because we have premium DNS. So it didn't take long for it to populate everywhere.

But about three months later, they had someone try to breach their website. They had somehow used that free DNS service to capture credentials. We're not sure how.

And because they did that, they were able to get logged into the site. We figured this out, found it out. We were able to roll the site back to the previous backup that we had taken that morning before the issue happened.

We caught the issue in about an hour time period. After the rollback was completed, their content was restored to how it was. We changed the passwords or credentials and we blocked a firewall access to the IP address that had initiated the attack.

And clients went back on their way. They haven't had an issue since. All right, well, let me ask this question.

It's a sidebar question. We as IT providers want control of the DNS. And if you're my web host, I don't care where you host it, but I want the DNS.

How are you guys dealing with that? Because you're the MSP also who wants control of the DNS, but you may have clients that don't want to give that to you. So are you allowing that? And are you able to put the Cloudflare in between what's the situation there? Well, with our designer ready customers that we have, you know, working with us, we have a mixture of what they want to do. So if you move your domain to us, we're more than happy to host it, charge, you know, decent prices for that.

And then the DNS, we have distributed DNS. So it's kind of like the Cloudflare caches your website and, you know, thousands of servers all over the world. Our DNS is cached on thousands of servers all over the world.

So it's hard to take down one DNS server when we're cached all over the world. I do have, you know, of course, IT guys, me included, you know, we like to protect that client's DNS and all that. So we don't have to have the domain.

That's not a requirement. We give benefits of having that, you know, distributed DNS all over the world and keeping better up time, things like that. And besides the website, it also helps, you know, as MX records and SPF records and DMARC records to live on as well, if one DNS server goes down with premium DNS.

But I have a partner out in Arizona and they actually take, you know, they don't want to give us their domains. Totally cool. We don't mind you keeping your domains.

They actually let each one of their customers manage their own domain. So he's just logging in like their GoDaddy account or their, you know, network solutions or whatever they have. And just, you know, we'll just send a couple of records for the website.

They update it, website's live. So it doesn't matter to us if they have the, if we take over the, we're not there to take over their domain if they don't want to. They can maintain that control, so.

Well, I'll send you some A, you send us an A record and a C name and we're good, right? Yeah, exactly. We really are about 50-50 on it. I've got clients who manage it all and I've got clients who say, no, we trust you to do it.

But yeah, we would definitely push everybody do not use a free DNS service. Yeah. All right.

Especially if you Googled it. Yep, I do want to ask you more about that 50-50 mix. But before we do, let me pay some bills here and say hello to our sponsors here.

Of course, we know that the show is presented by our good friends over at ThreatLocker. I mentioned them at the beginning of the show with Zero Trust World coming next week. But if you've listened to this show for a while, you've probably not ever heard me say hope is not a security strategy, but I think I'm going to start saying it as MSPs, we can't just cross our fingers and trust that the traditional AV and EDR will catch everything.

That's where ThreatLocker comes in. ThreatLocker gives you a true zero trust, default deny approach at the endpoint and the network layer. So only the applications and connection you explicitly approve are allowed to run.

Instead of chasing alerts after the fact, you're shrinking the blast radius before the attack ever begins. So for MSPs, this means that you can better protect your RMM remote access in those business-critical apps that would be a nightmare to lose. You get enterprise grade zero trust tools in a way that's actually consumable for small and mid-sized clients.

So if you're ready to move past defect and respond and actually lock things down, check out the show notes or head over to the sponsor page at itbusinesspodcast.com for the ThreatLocker link and more details. We're also powered by our good friends over at NetAlly. You know those tickets that say the network is slow and have absolutely no details? Well, NetAlly can help you put that to bed fast.

Their handheld testers like the EtherScope, LinkRunner and AirCheck give you button-to-button auto tests to validate wired and wireless links, PoE, DHCP, DNS, VLANs and performance in just a few seconds. So instead of guessing, you walk in, plug in and walk out with real data. That means fewer truck rolls, faster root cause and proof you can hand to the client.

So to see which NetAlly tool fits your toolkit, again, check out the show notes for the link or go to the sponsor page over at itbusinesspodcast.com. And finally, how many tools do you and your tech juggle just to keep the client's calls, chats and tickets up to speed? OneStream brings all of that together in one communications platform built specifically for MSPs. You get business voice, contact center, SMS and chat, plus deep integrations into your PSA and other SaaS tools. So calls and messages automatically tie back to the right client and the right ticket.

Features like automatic call tracking, sentiment analysis and AI-assisted notes help your team spend less time typing and more time fixing. Where can you find out more about them? You know it, the show notes or the sponsor page over at itbusinesspodcast.com. Say hello to our other sponsors that are giving us stuff, LionGuard, TruGrid, DesignerReady. And of course, our folks that are giving us a little bit of money each month, Tom, Jared, Jason and Jason.

And you can always support us by using the Amazon link. I get one or 2% every time you make a purchase there. So I appreciate all of that.

So gentlemen, you say that you have a 50-50 mix. And I believe that that 50-50 mix is, you've got your regular clients that you're doing, but then you also are doing white label. So do I have that correct? You do.

Now with our regular clients, the majority of our regular clients do prefer for us to manage DNS. With DesignerReady, I would say DesignerReady is really truly 50-50 on that. I have several DesignerReady clients who they go on our co-branded tier and they just want us to handle every aspect of the billing.

They want us to handle the relationship. They trust us to come in and supplement what they're doing as an MSP or as a marketing company and be able to provide that service directly to that client, take care of them. That way, when they go back to them, it's as if we're a direct extension of their team.

Those clients, they tend to have us manage the DNS unless they are also doing security services for them. In those cases, they do like to manage the domain name. Most of our white label clients do prefer to manage the domain names.

We do have some who, like Jason alluded to, they'll give us delegate access to their console to be able to make those edits ourselves if we need to. And then we also have some who prefer that we send all of those record changes over in a spreadsheet and have them add them manually. Either one doesn't hurt our feelings.

It's more, what's the actual need? How can I serve you better? And we try to attack every issue that comes our way in Designer Ready from a service-first perspective. That's how I try to operate in business and that's how I try to treat my clients. And so our goal not only is just security and making sure you're ADA compliant, making sure you have uptime, but what's that client experience look like? And with Designer Ready, you don't just have the client experience for the end client.

You've also got the client experience for the partner. When the partner has an issue, they need to be able to call and they need to be able to get that concierge support. So what's the real benefit of me doing white label versus just saying, look, you guys handle everything? Because, Jason, we went through all this with our VoIP days, with trying to decide whether to be white label or not.

You guys went all in, mostly white label, I believe. I'm good. I'm like, that's something else that somebody else can handle.

I'll take a little bit off the back end if you offer it, but I don't want to do websites. But what makes white label a good option for other providers? Well, so we offer two different kind of ways of doing business with Designer Ready. One, like you're mentioning, is white label.

So white label basically means you're selling it as your brand. We're just in the background. You never see us, the customer never talks to us unless you want us to.

We have thrown on shirts with other companies' logos on it and done Teams meetings and stuff like that with some of our Designer Ready partners, even being white label. Oh, that's a lot of fun. With an empty system shirt, huh? Yeah, you send us one.

We'll do it with your clients. Yeah, there you go. So we don't have to have a logoed shirt, but I mean, we'll wear your color or whatever.

But white label means you're selling it as you. Our white label websites, just to throw pricing out there because it's on our website, our white label pricing starts at $99 per month for a website, a standard business website, no e-commerce or anything like that. We do have some other pricing tiers for e-commerce, but your standard basic everyday website, $99 for white label.

What that means for an MSP, another web design agency that we do work for, or anybody that wants to do websites white label, doesn't even necessarily have to be MSPs. When you white label that website, we're the guys in the background doing all the work, but you take that $99 and you mark it up to wherever you want. If you want to charge $400 a month, you can.

Whatever you make on top of that price is what you're putting in your pocket. MSPs all across the country are in different areas and different, everybody's always got that, what's your end point price? I'll charge $300, I'll charge $400, I'll charge $50. It's all over the place.

So what this basically allows you to do is you know what your cost is and you pass that on to the customer for whatever you want to charge. And then we have people like you, Marv. It's like, I just want to hand it off, don't want to deal with it.

You just do all the stuff. It's like, I just want to make a connection, like a referral partner. And basically, we call that co-branded.

So all the reporting we send out will have your logo on it, have our logo on it together. You know, white label, the reporting's all, your MSPs logo and everything, all your reporting to your client. But either way, co-branded, you basically hand them off to us.

You introduce us as your web design team, your web design partners, however you want to do it. We'll set up meetings with them. We'll do the teams meeting with them.

It doesn't matter where they're at in the country, the world, we can help them out. And then when we do all that, we're doing the whole web design meeting, getting all their colors, their schemes, their branding, all that stuff. So we do all that stuff for you.

And basically, you know, if you want to do it that way, it's $150 a month, and we pay a 20% commission. So that's kind of how we do that, so. All right.

What about a scenario like I had with this client where the IT admin person is leaving? That person also did the website. They are... Typical situation. They've got the domain and network solutions.

They got the website to go, Danny. And they're asking me, do you do websites? No. So in that type of scenario, I come to you and say, hey, I want you guys to handle this for me.

Sure. But their websites, they just got them up, so they've already paid for hosting and stuff. Are you guys able to help with that, or is it something where we're going to, nope, we're going to rip it out, bring it over, and start over? Yeah, so I'll walk you kind of through what the process looks like.

So after a partner's onboarded with us, we actually give you access to a client portal on our website. You go straight over to designerready.net, and once you're there, you sign in with your credentials, and you're in your partner portal. From that portal, you've got the options to go ahead and start.

You know, hey, I need a website for this person. I need you to go ahead and get it done. Here's the information.

And then there's also going to be a place where you can schedule a direct meeting with us. So a case like that would be a time to schedule a meeting. We can either meet directly with the partner if it's white label and they don't want us to have that interaction with the client, or maybe they do want us to have the interaction with the client, and I go into the meeting and I brand as MB Systems.

No matter what it looks like, you can schedule that meeting. Once it's on our calendar, we'll kind of assess the situation. There is no one-size-fits-all website solution.

So we kind of have three tiers of standard business, small e-commerce and large e-commerce. But to kind of put it in perspective, one of our clients is actually a company that works pretty extensively with TVA, and that company is quite large and they have very complex and odd systems that from the website infrastructure standpoint, they've had a lot of cooks in the kitchen over the years. And so they need us to be able to make sure things are maintained, but then also be able to understand how those cooks were doing things five and 10 years ago.

And so we had a support ticket that came in not too long ago for kind of a complex issue with a API integration and come to find out that the developer five or so years ago had built a custom PHP plugin, and that PHP plugin was pulling API information from another TVA-adjacent system. And in order to get the credentials for that, you had to go to another PHP program that they had coded. It was quite complex.

The PHP 4 or PHP 5? I didn't look at the version, I really didn't. Okay, first of all, you should have just laughed that I even brought that up. I think it was PHP 4, I can't remember.

But it was odd enough to where it took us time. And so a fix like that is not something you can just snap your fingers and it's done. But by golly, we got the issue fixed.

And that's a difference too in, now if they had contacted your average website company who is not an IT systems expert, then they would not have been able to solve that problem immediately. They would have needed to hire a developer that's going to get way more expensive. It's going to get time consuming trying to find that right person.

Yeah, I think for your question there, you're possibly asking, would we do hosting only? Is that what you're asking or meaning to? I don't know, I'm just throwing questions out. Okay, so we do, I mean, to answer that question too, like that client, they got their stuff spread out everywhere, domains here, website over there. We can take over that website and host it for them.

We do have hosting plans where we do all the maintenance, upkeep, same Cloudflare, all that good stuff as well. And so, those start at basically 49 bucks a month, $59 a month, depending on what you want. But, and we can take over that domain.

We do this all the time, it's not a big deal. So if we need to bring everything together under one roof and manage that for people, because that guy is stepping out and you don't want to deal with it, we can pull that domain over to us. We can pull the website over to us.

We can build a new website. We can just host it if you want to, not a big deal. But the ultimate goal there is to make the customer happy, make sure they're taken care of, make the partner, somebody like NB Systems happy, and taking care of their client.

And we're very easy going on things. So sometimes people always wonder, like when I take the domain, if I ask for it back, is it mine? It's like, yes, it's definitely yours, anytime. And once your website's paid for and everything like that, then if you want to take your website and go somewhere else, you can.

So, I mean, it's not a big deal there. We'll part ways easily if you want to take it over, what we do for you and you pay us for, it's still yours in the end. Well, once that person's gone, we'll figure out what we're doing here.

Sure, yeah. All right, we're getting close to time here. Let me ask one last question, and then I don't think we're going to have time for swag.

I'll mention Florida Man here real quick. What's the biggest mistake that you see people like me, MSPs make with their website? Not partnering with design already, of course. So, softball, it's baseball season.

No, no, so, I think a lot of times is, they're leaving, there's different aspects to that question. So, the mistake could equal, hey, I'm not partnering with somebody like us. You're leaving money on the table.

You could be making a lot more revenue because as IT guys, you're always asked,  Who does websites? Do you do websites? Do you know if somebody does websites? And it's great to have somebody like a designer ready in place to be able to have that referral. You get them with somebody you know is going to take good care of them. Plus, you get to make some money and put it in your pocket.

And that's one of the biggest mistakes I think people make. And that's why we started website design in the first place in our business, because we were referring it to other people, and they just weren't doing a good job. They're dropping the ball.

And so, we want something done right. You know, the old saying goes, do it yourself. So, here we are.

We developed this for our company, then turned it into design ready to share it with the world. So, all right. And it also allows the MSP to be full service.

There are all kinds of boutique MSPs, really large MSPs, mid-size MSPs. Being able to manage websites the same way that MSPs are used to managing networks and VoIP is a key way for them to be full service and keep that client under one roof. Kind of have them be a one-stop shop if they can call when they need service.

And also too, it, you know, make sure that, you know, if you're an MSP and you've got a website that doesn't look up to par for what you're offering, then the person who might be looking at that website might be thinking, do they know what they're saying they can do? You know, if I see a website that looks really old and I see that person saying they can handle new tech, I'm a little bit skeptical of that. If I see a website that it looks too fake and too AI generated, I'm also questioning that. Do you have the capability to be able to do what you say you do if you're building websites that don't look professional? So that's kind of my take.

Yeah. And one other thing real quick is it makes the client more sticky. The more products you have with your company, you know, phone systems, network, IT, websites, the stickier that client is, the longevity of the client lasts longer.

So they're not going to go shop you if you can be that one-stop shop. So as long as you're doing a good job. Well, exactly.

So all right, Landon, where'd you hear that term boutique MSP from? Oh, I might've listened to a few episodes of the IT Business Podcast. Nobody says that but me. All right, guys, I do want to, I mean, I have a link to a Florida man story in the show notes, but Landon, as your first time appearance in the show, I'm going to ask you to pick, do you want to hear Florida man story number one, number two, or number three? You're making it tough.

Yeah. I want to hear number three. Number three.

All right. So federal prosecutors have charged a central Florida man, the former CEO of an Orlando area cryptocurrency investment firm in an alleged $328 million Ponzi scheme. According to the Department of Justice, the scheme involved wire fraud and money laundering tied to investor funds funneled through the crypto company, which promised high returns.

The arrest is part of a larger federal crackdown on fraudulent investment operations. I will have a link to the full story, but there you have it, a $328 billion cryptocurrency Ponzi scheme. So that's crazy.

That's crazy. None of that would have ever happened if his website had been ADA compliant. It probably would have happened.

He probably didn't even have a website. All right. Well, Jason, Landon, thank you guys for finally coming on the show to talk about this.

Again, I thank you all for being one of the behind the scenes sponsors of not just the show but doing my website for the business. So thank you guys very much. Yeah.

If anybody has any questions or anything, feel free to reach out. Email us at info at designerready.net or then get our website designerready.net. All right. So there you go.

Thanks for the opportunity. We appreciate it. Well, thank you for coming on.

All right, folks, that's going to do it. And let's talk about what you guys might want to think about after this conversation. If you're an MSP and websites are still something you don't touch, well, we've already talked about that they could be one of the biggest blind spots in your stack.

You don't have to be a web agency, but you do have to decide if websites are outside your responsibility or not. We're learning that no, they're not. So you should audit your own website first.

I'm doing mine. If it's outdated, slow or non-compliant, fix that. Have a conversation with some of your clients about their website, their risk and performance and decide whether you're going to build this internally or if you're going to be smart and partner with somebody like Designer Ready.

So if you want to continue the conversation, I'll have links to both Jason and Landon's guest pages and the link to Unbound Digital and Designer Ready and tell them you heard about them on Uncle Marv's IT business podcast. That's going to do it for tonight. I will not be here next week because of Zero Trust World.

I will be back in two weeks with a name that some of you may know, Carrie Holzman will be joining me for the next Wednesday live show. But for now, have fun, be safe. We'll see you next time.

And until then, Holla!