HERE'S SOME THOUGHTS ABOUT WHAT TO LOOK FOR IN A GOOD IT SUPPORT COMPANY, AND WHAT MAY MAKE THEM A GREAT FIT FOR YOUR BUSINESS.
One of the hardest decisions any business has to make is who their partners will be. This is especially true when it comes to technology partnerships, as they can become integral to everything you do as company. "Is my current provider doing a good job? Are they putting us at risk? Are we maximizing the technology in our environment?" - These are probably just a few of the questions you may think about as you assess your options, and you would be absolutely right to ask these types of tough questions to your current or prospective provider.
However, one of the problems a lot of small and mid-sized businesses face when asking these questions is they don't have IT professionals on staff, so may not be able to fully parse or evaluate the answers they are given. The purpose of this article is to give you some insight into the way Managed Service Providers / outsourced IT companies work, and how you as a business could be better placed to spot shortcomings in their service, to identify where they need to improve and when they are putting your company at risk.
This article isn't intended to expose some sinister side of the Managed Service Provider (MSP) business, just offer a 'good sense' practical guide on what to ask your provider, and more importantly, how to interpret the answers you receive.
ASK HOW THEY MANAGE YOUR PASSWORDS
There are two aspects to this question and you are looking for reassurance in both. Firstly, are they being held in a secure manner? We have worked with a lot of outsourced IT providers over the years and have seen client passwords held in lots of different ways. We have seen companies keep passwords for their clients on un-encrypted spreadsheets on server shares, and we have seen companies keep them in secure online vaults that require 2-factor authentication to access. And everything in between. We have even seen support companies that basically have one password for every device they manage, across all clients they manage!
The main things you should be looking for in their answer, is that your password data is really secure, unique for every device and that access to the passwords can be audited. A good MSP will have a solid narrative about the way that they deal with your password data, how it is accessed and what security investment and process they have in place for good management.
The second aspect to this question is what they will do when a member of their own staff leaves the organization. For these circumstances, you would be looking for a company that routinely 'rolls' all the passwords the departing member of staff has touched - ideally having a way of automating this process.
In general, the kind of answer you are looking for will suggest a really secure methodology and approach to password management, a company with Standard Operating Procedures related to the way they process passwords for customers, and a sense that they know the gravity of the risk. The more mature the company, the better they will deal with sensitive data.
ASK HOW THEY MONITOR AND VALIDATE BACKUPS
We would argue that this is probably the most important task any Managed Service Provider performs for their clients, and as such there is absolutely no room for error. If you ask this question, don't be blinded by a 'technology orientated' answer. As an MSP, having the best monitoring tools and software packages frankly means nothing in comparison to a comprehensive and dependable internal process for managing backup failures. All backup software has the ability to send alerts pertaining to the success or failure of any given backup job. It has long been our experience that most, if not all, MSPs will routinely configure these alerts so that they can keep an eye on the backup, making sure that when it fails, they know about it. However, problems often occur due to the fact that many MSPs are extremely poor when it comes to processing the failures, allocating resources to fix the problem, or dealing with the issue at all.
A good provider will have a very structured and systematic approach to how they internally deal with backup monitoring, often having dedicated technical resources whose sole job is to manage client backups. If you are looking for reassurance that your backup monitoring needs will be met, make sure that your provider has a mature outlook and process for managing backups, reporting backup job results and a mechanism for performing regular backup restore tests.
We would also advise that you test your restore process from time to time, by simulating a file restore without your partner's knowledge that it is in fact a test. Call them up and have them restore a file. This will tell you a lot about their capabilities.
ASK ABOUT THE IT BUDGET PLANNING PROCESS
Good providers will tell you about upcoming IT spending and when you will need to renew warranties and hardware. Great providers will lay out a full IT budget plan for your business over the next 3 years, including projected costs for projects, software expenses, growth projections and how industry trends may affect costs. This level of engagement is rare, but we think companies that offer this kind of service can make such an impact to the businesses they work with, that it can often be worth pushing to find them. Although this level of service may not be high on your priority list, knowing that a support company will at the very least track and manage your asset life-cycles, software licensing and make sure you have solid information available to you should be a minimum requirement.
Ask for information and clarity about how this is tracked and documented internally, and make sure the answers align with your expectations.
ASK WHAT IS COVERED WITHIN THE CONTRACT
If you are looking for a fully managed IT service with a set monthly fee, ask what is and isn't covered within the contract. These types of contracts can offer a really good level of service that will cover most of your IT needs at a set cost, making them extremely attractive in terms of budget planning and knowing you have comprehensive IT coverage for your business. However, this 'We're your IT department, one stop shop for a fixed monthly fee' type of contract will not cover all your requirements without additional costs. New technology deployments or projects will generally not be covered under the contract, as well as some maintenance tasks. What we would advise you to ask is, what specifically is covered as part of the contract, and even more importantly, what is not covered. If the support company even remotely suggests that everything is covered under the contract, without exception, they are flat out lying and as such, should be avoided. A good, mature and fair Managed Service Provider will be able to define what is and isn't covered under the terms of their contracts, as well as work with you to define and tailor the contract exactly for your environment. For example, they should be open to defining the level of responsibility they will have under their contract for your Line of Business applications or custom software packages.
We firmly believe that a good provider will be very open and transparent regarding their contracts and service levels.
Choosing a technology support partner can be a little tricky, but there are ways to spot companies that will work better for your business than others. It's been our experience over the years that the better outsourced IT companies are much more process driven, have a mature outlook on doing business and are far more open and transparent with their processes and procedures. The technologies they use and the expertise they bring to the table is certainly a huge factor, but great communication can be just as important to a successful engagement.
Best of luck in your search!
What our clients think ...