If you're running a small or medium-sized business (SMB) or non-profit, you may have come across the term Managed Service Providers (MSPs). But what exactly are MSPs? What services do they provide, and when should you consider using one? This article aims to answer all of these questions and more.
Related Blog: Measurably Better IT: Why It Matters
What is a “Managed Service Provider”?
The term “managed service provider” is used by many types of companies and industries. In this article, we will focus our definition of Managed Service Providers (MSPs) to refer to third-party IT service firms that provide ongoing IT management and support services.
“IT management” means IT infrastructure, cybersecurity, and continuity management. The configuration, monitoring, and maintenance of your data network and all the attached devices and applications. The “support services” covered under this retainer-type model vary greatly from MSP to MSP. Some take a bare-bones approach and charge for their service by the hour. Others take an all-inclusive, fixed-fee approach.
Services Overview
Many MSPs claim to be "proactive" and "process-driven," but these terms can be ambiguous as they have varying meanings among MSPs. A clearer way to help you distinguish between MSPs would be to categorize them as either "low-maturity" or "high-maturity." It's important to note that this classification isn't intended to be negative but rather a way to differentiate the level of service provided. Depending on your needs, either type of provider could be a good fit for you. Let's explore how to differentiate between the two.
Infrastructure Management
Service providers who are less mature tend to be more responsive than proactive. They mainly provide reactive support, meaning that they wait until problems arise before trying to solve them quickly. Although they perform basic preventative maintenance like installing software updates and monitoring backups, they do not typically address early warning signs of potential problems. They also provide basic system monitoring to detect outages.
On the other hand, MSPs that have achieved high maturity levels prioritize preventing issues by proactively aligning your IT environment with best practices for security, performance, and reliability. They adhere to numerous standards and concentrate on prevention rather than merely reacting to support requests. These MSPs respond to alerts and detect early warning signs to take proactive measures to address any issues. They utilize their monitoring platform to automate and innovate, ensuring consistent implementation of configuration and security policies while reducing the need for human intervention.
Cybersecurity & Business Continuity Management
When it comes to cybersecurity and business continuity, providers with low levels of maturity tend to focus primarily on technical aspects such as firewalls, antivirus software, and spam defense. While they may offer a basic cloud backup solution, this approach may not be sufficient if your IT systems or data are essential to your mission.
Providers with high cybersecurity maturity have a different approach compared to low-maturity ones. They use similar tools but adhere to a structured framework of best practices, like CIS Controls or NIST-CSF. This approach focuses not only on tool usage but also on system configuration, user permissions, activity logs, security monitoring, and response to potential threats.
Comprehensive business continuity planning is also part of the high-maturity approach. Providers consider factors like downtime cost and average recovery time when developing the backup strategy. They pre-plan incident response strategies and take into account cyber insurance provider requirements. The recovery plan is continuously tested and refined in response to various scenarios.
IT Support
When issues arise, or your employees have questions, both low- and high-maturity providers respond well with onsite and remote help-desk services.
Low-maturity providers usually charge for their services based on time and material. They may offer a discount off their standard hourly rate if you agree to pay for a minimum block of hours each month. In addition, they may charge a monthly retainer that covers a base fee associated with their Infrastructure Management and Cybersecurity services.
High-maturity providers take a different approach. They charge a fixed monthly fee that includes their management and unlimited support services. They can do this due to their organized structure and efficient process. Their adherence to industry standards and a process that identifies the underlying cause of support requests helps to minimize reactive noise to predictable levels.
Use Cases
In general, as an SMB or non-profit, it makes sense to engage with an MSP when any of the following statements are true:
- You are reliant on your IT. If the systems go down, you can’t function.
- Your data is valuable. If your data was lost or stolen, and you couldn’t recover it, it would significantly impact your business, customers, and/or reputation.
- You have compliance requirements. Insurance or regulatory policies require you to meet certain standards.
Some sample use cases:
Supplement Internal Staff: You have an employee who wears multiple hats. They might be an engineer or an accountant who also assists with some IT tasks, but IT is not their area of expertise. In such cases, it might be beneficial to partner with a low-maturity MSP to bridge the knowledge gap and have a backup solution in case your internal employee goes on vacation or leaves the company. This is a popular strategy for companies with 5-15 employees.
Turnkey IT Department: If your business has between 15 and 150 users, a high-maturity MSP can serve as a one-stop shop for all your IT management and support needs. From a risk and productivity standpoint, your IT requirements have surpassed what a layperson can handle. Finding an affordable jack-of-all-trades specialist can be difficult even if you hire a full-time internal IT professional. Retaining them in this competitive job market is an even greater challenge. When they depart, all that institutional knowledge goes with them. An MSP can address these obstacles by providing a team of experts who collectively manage your systems. They will offer specialized knowledge in areas such as security, strategic planning, and end-user support.
Co-managed IT: When your business has around 150 to 500 users, consider hiring internal IT resources to optimize the use of your line of business applications and data analytics, as well as provide initial help desk support to your users. However, your MSP should still focus on managing your infrastructure, ensuring security, and aligning your IT with your long-term business goals. With the MSP's platform, process, and structure, your in-house resources can be extended to their full potential.
Summary
If your operation is an SMB or a non-profit organization with fewer than 500 employees, it would be beneficial to utilize the services of a Managed Service Provider. MSPs can help lower the risks associated with IT and increase your team's productivity. If your IT infrastructure is not a top priority but rather a “necessary evil,” a low-maturity provider may be the best option. However, if IT plays a critical role in your business operations, then a high-maturity provider is recommended. By understanding the differences between the two types of MSPs, you can choose the one that is right for your business needs.
About EpiOn
At EpiOn, we are a high-maturity Managed Service Provider serving Nashville, Knoxville, Chattanooga, and points in between. Our approach is built around the Measurably Better ITTM Framework that empowers innovative business leaders with simple metrics to help reduce risk, increase security, improve productivity, and fully leverage their IT investment. We believe that IT should be all about helping you achieve an Outcome with clear metrics and a shared definition of success. We specialize in full-service outsourced IT as well as co-managed IT. We also excel in cyber security, cloud solutions, and voice-over-IP for an additional layer of security. Our customer-focused framework strives to understand the unique needs and challenges of each client in order to provide the solution that’s best for them. Our framework and commitment are why we consistently rank among the top IT firms in the world.
