What is the best IT managed services plan for my business?

When considering either a move to managed IT services or to a different MSP, it’s important to consider both your current IT support/management model and any organizational goals that might be impacted.

These days (unlike just 10 years ago) most organizations agree that information technology can be a strategic enabler, not just an expense. The right IT choices can equalize the competitive playing field, but poor choices can cause confusion and stall progress.

Choosing the right IT managed services plan (and of course, the right provider) for your organization is one way to position yourself for your best chance of success. However, there are a few questions you should ask yourself before you begin interviewing MSPs and comparing support/management plans:

  • Do I have the right technology in place for my organization?

  • Am I managing my current technology investment as well as possible?

  • Are “down” systems causing missed deadlines or production issues?

  • Is my current IT support model appropriate? Do I need after-hours support? If so, is there a subset of things that require immediate response?

  • Is my network secure? If not, what is my reputation worth?

  • How would my business function if I lost my data?

Once you’ve reviewed your honest responses to these questions, it’s time to start looking at options.

There are a myriad of IT support and management options out there. One thing I regularly tell customers is that if you can’t easily understand the differences between a single MSP’s various offerings, then you may be looking at the wrong provider.

Managed services should make your life easier and give you peace of mind, not create stress. With that said, it’s natural that you may not easily be able to understand the differences between offers provided by multiple MSPs.

Every one of them thinks they have the secret sauce that makes them special and unique. It would be foolish for me to say that all MSPs are created equal, but if you’re looking at reputable businesses with existing customers, solid references, and healthy financials, you’re probably going to get a quality offering.

Your challenge is determining the best fit for you.

A complete analysis of specific managed services offerings and hardware/software bundles of any MSP are beyond the scope of this discussion. More importantly, here are a few of the common services/features to consider when selecting a managed services plan/provider:

Remote support. This is a fundamental offering from just about any MSP on the planet. This is typically part of a user help-desk offering. One key question to ask is whether the provider/plan institutes any kind of volume limit, whether per user or per day/week/month. You should be looking for plans that incentivize the MSP to solve problems quickly and proactively provide training to users for common or periodic issues. Throttling the number of tickets to reduce workload is never the right answer.

Onsite support. This is a very handy component of a successful relationship. If you’re consider an MSP who is not located close to your location(s), this could be an expensive option. You may be best to consider MSPs who fit your footprint closely. If support personnel are further than a business day away from your sites, consider the impact of the delayed restoration of a critical system.

Security services. If you’re planning to outsource the administration and monitoring of your firewall, IPS, etc. then you should do your homework. MSPs are in the sights of hackers these days, since they can be a gateway to many organizations if not secured (https://www.us-cert.gov/APTs-Targeting-IT-Service-Provider-Customers). Make sure your MSP is protecting their own house before you let them secure yours.

Make sure that they are implementing a risk management framework, are performing periodic assessments of their own systems, and have an incident response plan in place. Make them share proof of an external assessment with you.

Co-management option. One thing that’s been common with many MSPs is the desire to lock everyone out of your systems but themselves. That’s an understandable approach, as it reduces risk of misconfigurations causing unexpected downtime, as well as the chance of a finger-pointing match. That said, you own your technology resources, and if you have someone who is qualified to make changes, then there should be a mechanism to allow it. It’s very easy (and expected) for MSPs to install things like central log collection in conjunction with audit logging on your equipment. If a proper change-management solution is in place, you should be able to smoothly integrate your people into the mix as you see fit. Of course, the argument that if you’re paying an MSP to manage a system, then you should have them take care of it, is valid.

Monitoring. This is the low-hanging fruit of the MSP world, since everyone can do it. However, there are varying degrees of monitoring which can affect the outcome you receive. You should be looking for a solution that can be tuned to meet your specific needs and SLA. Nobody wants to be alerted at night because a scheduled job ran as expected. In fact, you may not even want to know that a backup failed until the next morning. If you happen to be paying for managed backups, then you may not need to know until the end of them month when the MSP tells you what happened and how they fixed it… The key here is that monitoring should be extensive enough to provide actionable information and reporting but be tuned to filter out the noise.

Patching. I don’t know how many times I’ve met with a new customer who was surprised that our on-boarding team was asking to schedule planned maintenance windows for patching. If you’re paying for managed services of any on-premise or co-located system, then it should have a patching window. The days of exempting an asset from patching because it’s too important to take down are long gone.

Critical vulnerabilities are being discovered at a prodigious rate, and not patching is like leaving your front door open when you go on vacation.

Strategic Planning. Some managed services plans have options to provide strategic consulting or planning. You’ll need to decide just how much assistance you need on an ongoing basis. Any good MSP should be willing to assist with IT budgeting and equipment lifecycle management at no cost. In fact, they should also be willing to participate in your established IT steering process on a regular basis (attending monthly or quarterly committee or senior management briefings). If you don’t have a formal process and need IT management or virtual CIO services, then you should expect to pay, as those resources are expensive and are in great demand.

Un-covered assets/services. Since there are many different support and management models in use throughout the industry, it’s important for you to understand exactly what is and is not covered. Some support models are asset based, which provides flexibility for you to outsource support for only portions of your infrastructure. This can save substantial amounts of money, but it does create the question of what happens when something else breaks. Many MSPs (not all) offer discounted service rates and call-out fees to address issues with items not specifically covered by your managed services agreement.

Beware that some MSPs simply won’t touch anything they aren’t contracted to manage. Your job is to understand any possible costs up-front and make sure there are no surprises down the road.

Documentation. If your MSP is doing their job, then there should be somewhat extensive documentation of your IT environment. This includes asset lists with maintenance contract expirations, network diagrams, critical passwords, etc. This information belongs to you, so your MSP should be willing and able to provide it to you. There shouldn’t be a charge for documentation, since the job can’t be done right without appropriate documentation.

IT Purchases. You should never feel obligated to purchase IT equipment or software from your MSP. While it’s a common and convenient practice, it’s still your choice. Understanding of the various managed services plans being offered, and whether they are bundled with hardware and software is extremely important. That’s where communication and planning come into play. You should also get pricing from one or two other sources any time you’re looking at a large purchase. Hopefully, that just proves that your MSP is treating you fairly. Worst case, it might save you some money. Good companies will support your purchases (assuming they meet the agreed-upon specifications) no matter from where you acquire them, if it’s a properly authorized source. MSPs will question, and possibly refuse to support, any equipment that comes from a gray-market source.

There are many other considerations that should play into your decision, so it’s important for you to be diligent and ask the tough questions. Give your MSP prospect some scenarios and see how they respond. Most likely, they’ll narrow down their offerings into one or two that make the most sense.

The real key here is flexibility.

There should be enough flexibility in the managed services plan to give you comfort that you’re dealing with a good business partner and aren’t being forced to fit into their box.

Arctic Wolf® Wolf Managed Detection and Response

Download Datasheet

Enter your name and email to receive a Datasheet PDF

Arctic Wolf® IR JumpStart Retainer

Download Datasheet

Enter your name and email to receive a Datasheet PDF

Arctic Wolf® Managed Risk Solution

Download Datasheet

Enter your name and email to receive a Datasheet PDF