Managed Service Provider
How an MSP Can Help Your Law Firm Stay in Compliance
Elmo Taddeo
With ever-changing business requirements, Managed IT Services have become imperative for the efficiency and growth of organizations. Gone are the days of break-fix IT where organizations solely relied on their in-house IT department for all the network and IT services.
Managed IT Services have quickly garnered the attention of many organizations due to all the great benefits they offer. They help companies stay focused on what matters to them most by managing complex and time-consuming IT tasks.
Want to know more about the benefits of Managed IT Services? Keep reading to discover the top 10 benefits of Managed IT Services that will help your organization stay ahead of the game!
Before discussing the benefits, let’s get to know what Managed IT Services are and their value.
A Managed Service is a service that is outsourced by companies and managed by a third-party organization, often known as a Managed Service Provider or MSP. These MSPs are not limited to IT, and you can utilize them for almost any business area that requires significant IT operations, from business administration, logistic and warehouse handling to marketing, supply chain management, etc. A Managed IT Service specifically focuses on managing IT-specific functions of a business, such as the following:
A small to mid-size business with 15-300 employees is a perfect candidate for Managed IT Services and the number of them using the service model is growing rapidly. More and more, smaller businesses (less than 50) are choosing to no longer work with one “IT Guy” or try to do everything in-house.
Their need for increased IT security is dramatically increasing this need. Expectations of excellent support, tools, products, solutions, advice, and procedures are also increasing as businesses are realizing that mediocre or poor IT services are having a negative impact on their entire organization.
Most large (over 300 employees) and enterprise organizations are still hiring IT employees to work in-house.
1. Reports predict that the cost of cybercrimes will be $6 trillion per annum [1] by 2021
2. The cost of network downtime can be $5,600 per minute [2].
3. Even for a simple drive recovery, the cost can be as high as $7,500. Yet, there is no guarantee that it will succeed. [4]
4. The average cost of data breaches is increasing every year. In fact, it will be US$ 4.24 million.[5] by 2021.
5. The average hours of downtime for SMBs during a breach [6] is 8+ hours.
The lack of robust IT services is the main reason behind such security threats and financial losses. Therefore, if you have ever ignored the idea of outsourcing your services to a managed services provider, now is the time to reconsider your decision.
Any system is subject to issues at any time of the day. An operationally mature MSP will utilize customized remote monitoring tools to proactively receive real-time alerts when certain issues occur within the client’s IT environment.
Some MSPs provide 24/7 real-time remote support. A service desk team is available around the clock to answer the phone and start assisting the end-user with an IT issue.
This is especially important for employees who work before or after normal business hours, travel often or live in a different timezone, and for companies that have offices in other countries.
The 24/7 remote team will often be actively monitoring alerts to start addressing issues before they result in larger problems and downtime.
Managed IT Service Providers can proactively strengthen your company’s IT security posture in many ways.
The main way security is increased with an MSP in place is by monitoring the network, server infrastructure, and anti-virus/malware installation on your computers. If the anti-virus/malware software is uninstalled or a second solution installed (which defeats the purpose of the first one) then the MSP is notified and they can contact the end-user to find out what is going on (and potentially uninstall the incorrect solution and reinstall the correct one).
The second way MSPs strengthen security is through patching and automating updates for not only the computers but the firewall and server infrastructure as well. This way, the infrastructure is patched and updated on a regular basis and there is a log illustrating what’s done, successfully, consistently.
Thirdly, based on the client’s needs, MSPs can implement additional security solutions such as Multi-Factor Authentication, Single Sign-On, VPN, and Mobile Device Management, just to name a few.
MSPs can also help facilitate end-user security awareness training so that the risk of employees accidentally clicking on a malicious link or being the victim of a phishing attack is greatly reduced.
An established MSP has expertise and experience in a broad range of different technologies, meaning you have the opportunity to work with experts who have the necessary qualifications and certifications to meet your company’s needs.
By partnering with an MSP that has a broad range of skillsets, you are not relying on your small IT team or IT employee to have the capability to resolve all issues or implement various technology projects.
For example, let’s say you need to migrate an on-premise server to a cloud infrastructure and you are already using Microsoft products. A well-run MSP will have Microsoft Gold Partner status and senior project engineers certified with Azure that can:
Alternatively, if you work with a small IT company or a few IT employees, you are hoping they have the knowledge, skillset, and past experience with this type of project to ensure it goes smoothly.
Training and managing an IT employee or small IT team is also not necessary, as an operationally mature MSP will maintain training for their technical team, and have an incentive program in place to encourage employees to obtain and maintain various certifications.
The right MSP partner will also be actively increasing the size of their employee base over time, hiring new engineers that possess current skills of applicable IT solutions.
Having an IT partner that delivers these types of resources to your business will have a beneficial impact on operations and security risk reduction. The business will receive more value with less cost and effort.
One of the main reasons organizations choose to work with an MSP is the cost savings. Below, we compare the costs of hiring an MSP vs hiring in-house.
Type of Costs | In-House | MSP |
Labor Costs | Using in-house employees involves more than just a monthly salary. You must also consider the costs of recruiting, onboarding, healthcare, overtime pay, vacation and sick absences, management/oversight, equipment needs (computer/mobile device), as well as the potential turn-over of that employee. | Most MSPs provide their services for a flat monthly fee, often depending on the length of the service agreement and the nature of the service. For that budget, you receive the support of a specialized IT team without any extra or unpredictable in-house labor costs. |
Training Costs | When working with new technologies, you need to provide the in-house staff with the necessary training or certifications. | MSPs employ experienced qualified experts so that there are no additional training costs to the client. |
Maintenance and Support Costs | Usually, IT employees work normal business hours only and may not be available after hours or on the weekends for general support, and IT projects, or an emergency. If they are available, overtime pay or additional time off will most likely be required. | Some MSPs will provide 24/7 support and perform scheduled maintenance without additional costs. Some MSPs will say 24/7 support when they really mean 24/7 monitoring, so make sure to clarify exactly what you’re receiving. |
Working with a well-established and properly run MSP means that you have an entire team to depend on.
You have a complete IT department at your fingertips and are not dependent on one or a few IT employees to always be available. Employee turnover isn’t going to cause a disruption and headache to your business.
A well-run MSP will ensure there is redundancy in place for the different roles and responsibilities provided to the client. If some team members are unavailable or absent, other team members are available to step in.
An operations-focused MSP will have invested in the time needed to create detailed, comprehensive documentation, ensuring that any engineer stepping in because of an absence will be able to assist the client efficiently and successfully.
Fully accessible, accurate, comprehensive, and detailed IT documentation (that is safely stored in an encrypted cloud-based environment) empowers the business to be knowledgeable of and truly own their IT assets, and therefore make decisions that are right for the company.
The business isn’t beholden to an IT employee that “holds the keys to the castle” and can turn off access to the IT documentation if that employee leaves the company.
In this way, the business is proactively maintaining operations and revenue-generating activities; thus ensuring its business continuity.
Businesses in industries with sensitive information must maintain certain data security standards to protect their customers.
A small portion of MSPs helps clients achieve and maintain IT compliance with a particular regulatory organization. This could be HIPAA, SOC 2, SEC, FINRA, PCI, and others.
This involves having trained and highly-experienced senior engineers on staff who can implement the requirements and document everything for the regulatory body.
As stated earlier, some MSPs provide 24/7 support to ensure that your IT services and infrastructure are up and running. As a result, they provide a faster response time, which helps to reduce system downtimes caused by various issues, including cyberattacks. It will also minimize revenue losses caused by downtime, an impactful benefit for the company.
The right MSP will ensure that your organization has all the mandatory components to reduce risks associated with IT operations. These include essential security policies, data backup recovery plans, and incident response plans.
By this means, MSPs help mitigate cybersecurity attacks, system downtimes, data privacy, and compliance violations. Furthermore, they can help identify and assess the potential risks and manage those risks effectively.
As the demand for your business fluctuates (and hopefully grows) over time, you will eventually need to scale the IT infrastructure to accommodate that demand. MSPs enable easier scaling of your infrastructure. Your MSP will have the systems in place to manage your changing needs, so scaling up and down your infrastructure is a much easier process.
A well-established or operationally mature MSP will have the team, tools, processes, and procedures in place to help you scale. For example:
The biggest advantage of partnering with an MSP for your business is that your team has more time to focus on core business objectives.
A solid MSP partner will provide you with:
When all of these things are ‘off the plate’ of internal employees and managed by the MSP, you and your team can focus on your core competencies.
Now that you understand the benefits of using a managed service provider, you may be considering finding one for your organization. IT can often feel like a black box with complicated jargon that makes finding a great MSP confusing and difficult.
Below are some basic considerations to make when conducting your search.
It’s important that the MSP have experience working with the IT infrastructure currently in place, or the infrastructure that will be in place. For example, if your company uses Microsoft Azure, it’s ideal to work with an MSP that is a Microsoft Gold Certified Partner and has a tremendous amount of experience implementing and supporting Azure environments.
Find out about their service plans and the functionalities they provide. Consider the following questions:
Find out who is on the MSP’s team and what areas of expertise they have. Smaller MSPs tend to have more generalists while larger MSPs will have specialists in different fields.
This can be important if your IT infrastructure is more complex, if you’re growing rapidly, if you have a large remote (possibly international) team, or if you plan on implementing various IT projects.
In addition, find out about employment status – does the MSP only work with full-time employees, or do they utilize independent contractors or even third-party support teams?
It’s important to partner with an MSP that only employs full-time employees because this allows the MSP to conduct comprehensive background checks, manage that employee’s assigned computer, closely monitor their performance, and have them sign confidentiality and non-disclosure agreements.
Larger MSPs can also provide more redundancy in their support model, provide more certified engineers, and deliver more of an ‘IT Department’ with more roles, such as procurement specialists, deployment engineers, systems administrators, project teams, and IT security and compliance directors.
Many MSPs will use 24/7 support language in their marketing and sales, but this doesn’t necessarily mean that someone will be available to pick up the phone and help you 24/7.
Sometimes “24/7 support” can mean that one of the engineers has a pager and will be notified if a call comes in. They are not actively working or accessing a computer.
Sometimes “24/7 support” can mean that some IT systems are in place to create an alert if downtime is sensed and the technical team will see the alert the next morning.
Sometimes “24/7 support” can mean that a tech support person is available via email or chat only and has limited access to IT documentation or knowledge of the IT environment.
It’s important to clarify exactly what you are getting when discussing support with an MSP.
There are three customer support structures.
A tiered support structure is common and most widely utilized by technical companies.
In this operational model, the end-user calls in and speaks with a Tier-1 (entry-level) IT support person.
If that tech can’t resolve the issue, the end-user is put on hold or have to receive a call back, and the ticket is escalated to a Tier 2 (mid-level) IT support person.
This process can continue up to four levels and can be inefficient, time-consuming, and frustrating for the end-user. If the MSP with this support structure isn’t well-organized and the IT environment is not documented comprehensively, the end-user will be potentially repeating themselves over and over with each new technical tier they speak with.
This is a common practice of nationwide and enterprise-size MSPs.
The swarming or 1-touch-close model describes the process by which an end-user calls in or submits a ticket for an IT issue or request and the engineer who receives that call or ticket handles it from start to finish, even if additional assistance by a more senior engineer is needed.
This operational procedure can help the end-user stay more connected and feel more engaged with less frustration and wasted time. This requires that the MSP invest in more capable, experienced, and trained engineers so that the likelihood of the engineer being the one to resolve the ticket is higher and more successful.
It also requires comprehensive, detailed, and accessible IT documentation to be in place to assist the first engineer with his/her troubleshooting procedures.
An additional support model is the pod system, which can include the swarming/1-touch-close model as a hybrid service desk process.
With a pod, a client is provided with a dedicated team within a team. In other words, five to six service desk engineers within a larger group of service desk engineers are trained on a small number of client environments.
Therefore, instead of a large group of service desk engineers being knowledgeable and responsible for a large number of IT environments, a smaller group become intimately familiar with a reasonable quantity, enabling them to provide faster response and resolution times, a more personalized experience for the end-user, and a reduction in downtime.
This pod model can be combined with the swarming model in that one engineer within a particular pod will be assigned a ticket and will see it through to resolution; partnering with other engineers in or outside of the pod as needed.
This is the model Parachute provides to our clients as we’ve found it generates the highest client satisfaction levels and the lowest downtime for the end-users we support.
When it comes to security, an MSP needs to be able to perform a GAP analysis of your company’s current security situation in order to create a plan of action.
You might call this an IT Security Roadmap which can come in the form of a 24-month Gantt chart illustrating how IT security is going to evolve and be implemented and upgraded over time to continuously meet the growing needs of your company to reduce risks and proactively stay ahead of ever-changing threats.
For example, the MSP needs to have the ability to not only implement anti-virus solutions but to actually actively monitor your systems, as well as have the operational procedures and team in place to take action if there is a breach.
The MSP needs to have partnerships in place with Security Awareness Training companies for end-users. This is particularly important considering human error is the most common vector of attack of successful cyber attacks.
The MSP also needs to be capable of running dark web scans regularly, able to implement MDM and MFA successfully, and even have third-party partnerships in place with Security Operations Centers if more advanced security is needed.
Below is an illustration of the layered, security architecture an MSP must be capable of building and maintaining to help keep their clients safe.
An MSP must be able to piece together minimal security solutions
There are significant benefits to partnering with a trusted and highly capable Managed IT Services Provider. A well-established MSP will provide an entire IT department to your business, including a redundant team, tools, systems, processes, and procedures to help you reduce IT issues, scale, and increase security.
The right MSP will help improve workflows, productivity, and the capabilities of your team. While reducing costs is important, it’s more important to find an MSP that will consistently deliver value and eliminate expensive problems in the first place.
However, selecting the right MSP is crucial as they can either be an expensive headache or a valued partner. Look for a well-established MSP that has a positive reputation and provides transparency to you through access to tools and systems.
A reputable MSP wants to communicate and collaborate with you consistently. It’s important to speak with some client references who can share their experience working with the MSP and speak to their ability to keep up with technology and make consistently valuable recommendations.
[1] https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
[2] https://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/
[3] https://www.bostoncomputing.net/consultation/databackup/statistics/
[4]https://www.upguard.com/blog/cost-of-data-breach
[5] https://www.maricopa-sbdc.com/15smallbusinesscybersecuritystatistics/