The scope of IT responsibility has grown significantly over the last few years. It has shifted from managing only a few computers to overseeing company-wide technology usage and instituting security policies. This expansion prompted companies to either expand their IT departments or create a separate cybersecurity team to help alleviate the pressure on one department alone. Another increasingly popular option is outsourcing IT management.
Are you aware of the different types of managed IT services available to your organization? Read on for our in-depth guide.
What is a Managed Service Provider
In a basic sense, a Managed Service Provider (MSP) offers services for network, application, infrastructure, and security in a pay-as-you-go model. An MSP may work from within a company, at an MSP data center, or at a third-party data center. In the past MSPs focused mainly on device configuration but they increasingly assist with management, maintenance, and real-time support. In many cases, multiple MSPs must coordinate efforts as companies often contract with different service providers for different needs. For example, a cloud infrastructure provider may need to coordinate with a system administrator MSP. The overlaps come into play not only when maintenance is required but also when security or vendor standards become involved. The bottom line is that there are numerous services so hiring multiple MSPs is not uncommon.
Navigating the MSP Market
Managed services mean different things from different perspectives which can sometimes result in a disconnect. From a customer’s viewpoint, devices are simply being outsourced, and the configuration and monitoring responsibility falls on the MSP. However, from the MSP’s perspective, devices should already be set up and their job is simply to come in and take over the management, not necessarily the devices’ upkeep or upgrades. In other words, MSPs typically focus on operating issues and creating a runbook (for dealing with incidents, remediation, and performance). As a result, the customer goal-based approach sometimes fails to align with the more focused, operational MSP approach. In order to prevent this disconnect, companies must make sure Service Level Agreements (SLAs) reconcile these differing mindsets and objectives in a clear way. The points below outline how businesses can minimize discrepancies when negotiating an SLA.
How to Clarify MSP Objectives
- Give MSPs baselines. This will enable them to tailor a plan for maintenance and efficiently execute it.
- Create a partnership through extensive dialogue about what maintenance services are needed
- Be explicit in SLAs to avoid scope creep. Include the reasoning behind for services in SLAs as it will provide clarity later down the road if objectives begin to stray or become ambiguous.
Hot to Craft a Service Level Agreement
An SLA outlines the responsibilities of the MSP. What are the expectations of the contract? What are the consequences if an incident occurs and who will shoulder the loss? At a minimum, an SLA should cover the following topics:
- Provided services – The provided service section stipulates what expectations and specific services the MSP will oversee. It should list products and solutions and what those services address. The client should clearly outline what it wants from the MSP and try, as much as possible, to avoid broad goals that involve ambiguity.
- Performance – This section describes the performance level expected from the MSP and the metrics that will be utilized to determine success.
- Problem management – Problem management deals with the nitty-gritty aspects of MSP responsibilities, such as how operations will go on a daily basis. This section should cover responsibility, escalation, reporting, and resolution. Responsibility outlines who will take action for different scenarios, such as reporting a system failure. Escalation establishes priorities, that is what constitutes an emergency and what is a minor problem. Reporting must focus on accuracy and timeliness. The faster the reporting, the quicker remediation can begin. Lastly, the resolution section sets a timeline for expected fixes. For example, what if an incident happens outside MSP operation hours?
- Availability – This section should explicitly outline when the MSP is available, its Uptime and Downtime hours. How can the MSP be reached if an emergency occurs during its Downtime, and will there be an extra charge? Clarity in this section is imperative as ambiguity may result in future legal battles, hidden fees, and unresolved issues.
- Legal Considerations – Before drafting this section, contact your legal representation and determine the fine points of indemnification, warranties, exclusions, and third-party claims.
- Scalability – Incorporate the option for scalability if your business is likely to grow. The SLA can always be updated later, but it’s recommended that some clause addresses the likelihood of expanding service in the future.
- Termination – In the unfortunate event that the relationship between you and your MSP becomes unsustainable, it’s important to have a termination plan in place. This foresight will smooth the termination process and protect both sides involved.
Types of Managed IT Services
MSP services offer to reduce the burden of internal operations through a pay-as-you-go model. The number of managed services available has expanded significantly over the years and now, in addition to device management services, many MSPs also offer third-party services, like hosting.
24/7 Management – This option covers what the name implies: complete management without any time constraints throughout the year. Any breaks may be indicated on specific SLAs, but for the most part, there are no breaks in monitoring. With this service comes a help desk or a means of contacting the MSP at any time should an unforeseen issue arise. This kind of management means that as the MSP identifies an issue, it immediately begins remediation. Depending on the SLA determined, 24/7 management may cover monitoring for intrusions, implementing patches, and maintaining backup systems, although there are numerous other options available.
Cloud Servers – Beyond devices, an MSP can take control, monitor, and maintain your cloud infrastructure. Since cloud services allow collaboration from many locations and since they have become so integral in daily activities, any downtime can cost companies significantly.
Backup/Disaster Recovery – Backups mitigate the aftermath of a hardware failure or a natural disaster. In this scenario, an MSP would focus on duplicating application software, local data, memory, and any preferred settings.
Managed Security – One of the MSP services growing in popularity is security. Through outsourcing security, companies have more time and brainpower to delegate toward innovation and expanding the company. An MSP will usually assess the network, looking for any vulnerabilities, similar to a self-assessment or an audit. Once the MSP identifies the vulnerabilities, it can create a plan for improving those weaknesses and even develop a customizable application for the company’s security needs. For example, the application may provide metrics on the testing or generate incident reports to detail tests. In short, the application would serve as a platform for communicating MSP findings with the customer in an understandable format.
Custom Applications – MSPs can create applications for the needs of the customer. This is especially helpful for small and medium companies that lack the resources to monitor, manage, and secure their systems and devices. If there isn’t an MSP service that exactly fits your needs, contact different companies and ask about custom plans.
Benefits of Managed IT Services
With approximately 82 percent of the IT industry made up of small businesses, it’s no wonder the MSP model has gained popularity. While larger businesses have the resources to manage all IT operations in-house, small to medium businesses (SMBs) continue to lean more on outsourcing management. A 2018 report by Sherweb noted that 39 percent of SMBs use managed services in some capacity. So what are the benefits of using an MSP and what do SMBs want out of MSPs?
- Efficiency – More and more, SMBs strive to improve their efficiency, making their operations cost-effective yet robust. Small businesses tend to lack the staff necessary to operate a comprehensive IT department, or if they do, the one or two individuals in the department become overwhelmed. By collaborating with MSPs, those small IT departments become less burdened and learn more about how a successful IT department should be managed. This means if the company ever becomes big enough to run all IT operations internally, the team will have a good idea of where and how to begin. Having an MSP at their disposal gives SMB IT departments a resource and safety net when it comes to disaster recovery, network security, and monitoring.
- Better security and compliance – Compliance is the hot button issue for many companies, with each industry rolling out new guidelines from year to year. Much of the focus either lies on transmitted or stored data security. Using MSPs to monitor systems helps alleviate the pressure SMBs feel when it comes to potential security breaches. MSP involvement makes tracking metrics easier and less burdensome to the companies involved.
- Proactive approach to maintaining systems – Rather than addressing issues only when they severely cripple company operations is simply not acceptable. That’s where MSPs fill in the gap. With 24/7 monitoring and frequent penetration testing, vulnerabilities can be patched quickly before they become detrimental.
- Return on investment – In addition to paying for hardware costs, setup costs, and software/infrastructure costs, businesses have to fund maintenance efforts. The level of maintenance correlates to the size of your IT department. The more individuals tackling different issues, the better return on investment. However, for smaller companies, upkeeping software and monitoring for cybersecurity threats mean fewer resources and time for expansion planning. Having a set monthly cost for an MSP allows for better budget consistency. Additionally, as the company earns more revenue, it can contact the MSP and easily expand the services provided.
- More time and resources for innovation – Giving system management to an MSP doesn’t make internal IT departments irrelevant. Rather, it gives IT departments time to focus on more strategic goals and less tedious projects.
How to Choose an MSP
Instead of contacting an outside service company when something breaks, more companies are outsourcing IT management on a consistent basis. MSPs can also help companies create a more proactive plan to prevent future breaches versus the reactive strategy. The variety of MSP options continues to grow including compliance assistance, cybersecurity, and strategic consultancy. The question is quickly shifting from whether to use an MSP to which type to use. Here’s how to choose an MSP and what should you look for:
Services – What gaps do you need to fill? What departments are floundering or overburdened? Once these questions have been answered, research and identify the MSPs that can satisfy those specific needs.
Security – Not all MSPs focus on security, so when choosing an MSP, make sure to ask what role security plays. Consider how information will be handled and how data will be transmitted. Similar to vetting a vendor for compliance, ask MSPs about how they approach information security.
Expertise – Make sure to select a company with experience, but also one that isn’t opposed to creativity and innovation.
Customer Service – Contracting with an MSP doesn’t mean you sign and forget. Rather, there should be dialogue and constructive communication between the MSP and the customer on a consistent basis. Thus, it’s important that the MSP has a reliable and professional customer service infrastructure.
Customization – Make sure to ask if the MSP offers custom services. The best MSPs are willing to customize their tools and strategies based on your needs since cloud platforms make it relatively easy to diversify and tweak services.
Onboarding and Cost – Even if you are sure which MSP you want to hire, it’s important to ask about the onboarding process. How long will it take? What is the cost? There are different pricing models including per-device, per-user, tiered pricing, and value-based pricing.
Some people might consider MSPs as a signal that companies lack sufficient resources or experience. However, more and more companies are realizing the time-saving benefits of choosing an MSP. Letting another company fill in the gaps isn’t without risk, but it also frees up time for more departments to focus on innovation or critical tasks. If you are interested in learning more about managed services or need help choosing the right one for your company, contact RSI Security today.