All managed service providers (MSPs) are not created equal. MSPs can range from one or two engineers up to large organizations with hundred-person call centers. Some provide cybersecurity solutions, also known as managed security services providers (MSSP), but some do not. How do you identify a quality MSP? Are they equipped to provide you with strategic guidance on the unique needs of your business, future growth, or compliance standards? You should consider these five areas when looking for an MSP partner.
Quality of Service
Whether you need fully outsourced or co-managed IT, a quality MSP provides you with a team of dedicated industry experts. There should be clearly defined protocols for who to contact when issues arise. Response time should be fast. When you experience a problem, an engineer should reach out to you the same day, if not within a half hour. An engineer should clearly articulate the remediation plan and timeline. Has it been over a week since you requested an update to your email signature? Time to look for a new MSP.
Here are some signs that an MSP won’t live up to your business standards:
Some issues require more advanced knowledge and experience. Mid-sized businesses and those who are affected by regulatory agencies need experts that can help them strategically plan their IT solutions.
Protracted Response & Remediation
If you are experiencing delays in response time and remediation, your MSP might be too small for your organization or not appropriately staffed. It’s essential to find an IT partner that can grow with your organization.
Frequent Onsite Engineer Changes
It can be frustrating to tell your issues to one engineer on a Friday only to have to repeat the problem to a new engineer on Monday. If an MSP has a high turnover rate, internal troubles might be making it difficult to retain experienced engineers.
MSP Caused or Allowed a Breach
One of the most significant warning signs is an MSP that experienced a breach themselves or did not take the necessary steps to prevent a breach for their clients. Do your research and ask about breaches on day one.
As your organization grows, resolving day-to-day tech issues isn’t going to be enough. You will need an MSP that acts as a strategic IT partner. Your IT solutions should proactively align with business goals and initiatives. Experienced MSPs should make IT recommendations that increase efficiency and reduce costs.
Some questions to ask around strategic planning:
- Do you offer Virtual CIO sessions?
- Do you provide recommendations on new technologies?
- Do you understand how IT solutions affect our business?
- Do you understand our industry needs?
- How many clients like us do you support?
- Do you know which compliance regulations affect us?
The costs of a breach go beyond financial. A breach can cause permanent data loss, loss of reputation, and even closure of your business. According to Inc.com, who cites data from the National Cyber Security Alliance, 60 percent of companies that experience a breach will go under in less than six months.
Experiencing a breach is terrible, but letting it go undetected for months is worse. In the case of American Medical Collection Agency (AMCA), a breach went undetected for more than eight months. If going undetected for months wasn’t bad enough, not notifying patients within 60 days of a data breach violates HIPPA’s compliance standards. Violations lead to legal action, among other negative consequences.
Comprehensive cybersecurity providers should have the following:
Vulnerability Assessments & Penetration Tests
Regular vulnerability assessments and penetrations tests allow you to proactively address your weak points, whether it be systems, updates, or human behavior.
Managed Detection & Response
Cybersecurity professionals actively watching your IT infrastructure around the clock can prevent attacks from becoming successful and reduce the response time to active breaches.
Security Awareness Training
Comprehensive security includes education. Security awareness training empowers employees to work safely and notify your IT team if they notice any suspicious activity.
If you are unfortunate enough to experience a breach, your MSP should be familiar with the compliance standards that affect you. They should also have a clear remediation plan, which is often a component of compliance.
Compliance regulations are complex and can be overwhelming when you try to address them with a small or inexperienced IT team. It’s vital for highly regulated industries like life sciences and financial services to have an MSP who is familiar with the compliance standards affecting their industry.
Some questions to ask around compliance:
- Do you assist with developing a strategic IT plan?
- Do you assist with reporting (compliance reports and due diligence requests)?
- Are you familiar with the compliance regulations that affect our business e.g., FINRA, SOX, HIPPA, or HITECH?
Not all MSPs can grow with their clients. Industries like Life Sciences need to find an MSP that can support them through their whole lifecycle. Maybe an MSP can support you as five people, but can they continue to support you as you become five-hundred people and subject to federal regulations such as SOX?
Cybersecurity also becomes more complicated as your business grows. Adding more users to a dynamic work environment increases vulnerabilities. By not addressing vulnerabilities, you risk experiencing a data breach and becoming non-compliant.
Here are some questions to ask around growth:
- What solutions do you offer that support scalability?
- Are you able to support hundreds of users?
- How will you maintain security as our landscape changes?
- How will you keep us compliant as our environment becomes more dynamic?
Is your company looking for an MSP partner to co-manage or fully manage your organization’s IT? Coretelligent has years of experience working with organizations in industries such as financial services, life sciences, technology, legal, among others. Give us a call at 855-841-5888 or contact us to schedule your complimentary initial consultation.
Read our case study to learn how we helped a company with over 500 employees transition to a scalable stand-alone fully managed IT environment.