ChannelPro Deep Dive’s May 2026 virtual event focused on next-level cybersecurity for MSPs. During the 12:35 PM session block, TruNorth Dynamics CEO Ole Gjerde brought a different perspective to the conversation: the cybersecurity gap MSPs cannot tool their way out of.
That message matters because most MSPs already have strong conversations around endpoint protection, identity, email security, backup, BCDR, MDR, SIEM, and other infrastructure-layer controls. Those tools are important. They are necessary. But they are not the whole picture.
Ole’s session focused on what happens when clients make business application decisions outside the MSP’s field of view. ERP, CRM, accounting, reporting, integrations, and automation decisions all shape how data moves, who has access, where identity lives, and how the business operates. When those decisions are made without governance, the risk does not stay neatly inside the business application. It eventually touches the broader technology environment.
The decision layer between tools and business systems
The central framework from the session was the decision layer. Most MSPs think about cybersecurity in two layers: the infrastructure layer they manage and the business layer their clients operate. The infrastructure layer includes the network, endpoints, email, identity, backup, and security stack. The business layer includes the ERP, CRM, accounting system, reporting tools, workflow apps, and line-of-business platforms where the client’s work actually happens.
The decision layer sits between those two. It is where the client decides which platforms to use, when to replace aging systems, which partner to trust, how data will be governed, who owns administrative access, and whether new tools will be reviewed before they touch production data.
Those are not just business decisions. They are technology and security decisions. A strong tool stack can reduce risk, but it cannot fully compensate for weak application decisions that introduce unmanaged identities, unsupported systems, shadow reporting, or undocumented integrations.
Three scenarios MSPs keep walking past
The session highlighted three common scenarios where “we do not do that” can quietly become a client risk story.
First, a client is still running legacy ERP such as GP, NAV, or SL on-premises. The MSP knows the system is aging. The client knows upgrades are expensive and disruptive. Nobody owns the business application roadmap, so the conversation keeps moving to next quarter while the environment becomes harder to govern.
Second, a client’s accounting system is outdated. The controller or CPA starts researching replacements without involving IT early. New SaaS tools, browser plug-ins, file exports, integrations, and identity stores enter the environment. The MSP did not choose the system, but the MSP may still inherit part of the security and support fallout.
Third, a client is unhappy with their current Dynamics partner. Projects have stalled. Documentation is weak. Admin access is unclear. API keys or service accounts may not be governed well. The client is frustrated, but the MSP does not have a business application partner ready to bring into the conversation.
The new MSP opportunity
The takeaway is not that MSPs should become ERP implementers. That would be the wrong lesson. The stronger move is for MSPs to build a trusted partner path for business application conversations before the client needs one.
That partner path gives the MSP a better answer than “we do not do that.” It becomes: “We do not deliver that work directly, but we have a partner who helps clients make those decisions well. Let’s bring them into the conversation.”
That shift protects the client relationship. It helps the client avoid isolated platform decisions. It keeps the MSP aligned with the broader security and technology posture. It also creates a referral revenue path for projects the MSP was not going to deliver anyway.
What changes after the event
For MSP owners, vCIOs, and service leaders, the practical next step is simple: train your team to recognize the signals. Clients rarely say, “I have a business application governance risk.” They say things like, “Our accounting system is old,” “We need better reporting,” “Our Dynamics partner is not working out,” or “Can someone automate this?”
Those comments are not side notes. They are indicators that a business application decision is forming. The MSP that spots them early can guide the client toward a better process before the decision becomes urgent, isolated, or poorly governed.
TruNorth built two follow-up resources from the ChannelPro session to help MSPs put this into practice. The MSP Partnering Playbook explains the full decision-layer framework and partner motion. The 10-Signal Client Opportunity Scorecard helps MSP teams identify which clients in their existing book are ready for a Dynamics conversation now.
Cybersecurity has moved beyond defending the perimeter. The MSPs that win the next phase will help clients govern the whole technology surface, including the business application decisions that shape data, identity, workflow, and business flow.
Next step
Ready to identify the clients in your book who are already showing signs of business application risk? Download the MSP Partnering Playbook or run the 10-Signal Client Opportunity Scorecard in 15 minutes.