The right Managed Service Provider (MSP) can help your business in many ways, and a great one can elevate your business exponentially. Your technology choices are like your people choices. Make the wrong ones, and they are seen as a cost. Make the right ones, and they are viewed as indispensable investments that reap rewards year after year. While outsourcing some or all of your IT to an experienced and strategic third party is almost always a win, the perceived cost is often the factor that causes hesitation or drives CFOs to put the managed IT services initiative on the back burner.
But what’s the real return on investment (ROI) of hiring an MSP? When do the costs validate the investment, and when is the return better when you keep your IT in-house? While every business has its unique set of resource constraints and strategic objectives, here are some considerations to help you make the best investment decision for your organization.
Does your team have the depth and breadth of IT experience?
Experience is one of the most common – and critical – gaps between many in-house IT teams and exceptional Managed Services Providers (MSP). There are a few factors that contribute to an MSP’s depth and breadth of experience:
- IT teams at MSPs are exposed to a wide array of environments rather than just one.
- MSP teams are continually exposed to new environments, keeping their knowledge up-to-date. When the IT industry changes, employees’ knowledge from previous jobs becomes obsolete once they’ve worked in one environment for more than a few years.
- MSPs focus the majority of their resources on employing highly skilled IT professionals. In regions like the Bay Area with employers like Google, hip startups, and tech unicorns, it’s a competitive environment for attracting and keeping talent.
- MSPs have the resources to hire workers with highly focused skillsets, which is especially important for security experts. Every company should have a security operations center (SOC), whether provided by the MSP or kept in-house.
Security Operations Center
Many MSPs have Security Operations Center (SOC) capabilities in-house or via third-party vendors, which monitor threat detection and incident response with a team of security experts. A company that chooses to conduct all business in-house must ensure that every team member is security-conscious and on top of the security threats out there. Furthermore, we recommend that in-house SOCs at mid-size companies have more than a single person (and therefore, a single point of failure) to secure their organization effectively.
Incident Response
A viable in-house IT team should be able to cover anything from sporadic phishing attempts all the way up to a full disaster recovery and response to a major breach. However, in many cases, MSPs tend to flatten costs over time by more successfully preventing these events and reducing their costly ramifications with a swift and appropriate response. Companies without MSPs tend to see cost spikes if they don’t have the time and resources to effectively prevent, prepare for, and respond to security events.
If companies can source and maintain all the above resources in-house, they may not need to work with an MSP. However, most companies find that keeping those resources in-house is much more costly than outsourcing them to an MSP. For example, the average cybersecurity analyst salary anywhere in the US is over $100,000. To avoid being dependent on a single resource, most firms would want at least a second equally experienced individual. That’s over $200,000 per year in total burdened costs for personnel. In most cases, this figure alone makes working with an MSP more cost-effective.
Further, the costs of incurring a breach are always more expensive than the predictable monthly expenses of doing all you can to prevent such a catastrophic incident. According to Statista, the average cost of a data breach in 2020 is $3.86 million.
Cyber-attacks are growing exponentially, especially in new – and often vulnerable – remote and hybrid-remote work environments. Lacking in even one security area could be enough to cause a breach. And without a team of security professionals ready to respond to one, damages can compound, sometimes irreversibly.
When your MSP isn’t a good fit
Not every business needs a managed service provider, and not every business needs the same type of provider. While the right fit will be different from company to company, there are a few red flags to look for when evaluating whether the MSP is a good fit:
- When the MSP tries to take control of your assets, accounts, and information rather than letting you maintain control of your technology assets.
- This behavior is an indication that the MSP may want to make it difficult for you to leave. While it’s normal for an MSP to ask for credentials and access to your environments, they should never keep that information from you. Ask yourself, if you were to change your provider, would you have trouble regaining access to any systems or accounts? Would your team be left without critical knowledge of the systems they’ve implemented? MSPs should aim to earn your trust, not force it. They should be willing to share their knowledge and work with your team if you decide to make a change.
- When the MSP requires you to use their home-grown data center rather than work with global, industry-standard providers such as Microsoft and Amazon Web Services.
- This is another indication that the MSP wants to lock you into their services. The MSP’s private services may be the right choice for specific environments. However, they should be an option and never mandatory. If your MSP prevents you from leveraging global, industry-standard clouds (like AWS or Azure), they may be putting their agenda before yours.
- Note that MSPs are powered partly by partnerships with providers like Microsoft and Cisco. However, regardless of their partnerships, the best MSPs are those that are brand-agnostic and put your needs before their sales quotas. The best way to get a feel for this is by reading reviews, looking at who they partner with, and talking with people at the company.
- When the MSP uses lock-in contracts.
- Like many people, the MSP won’t be driven to do their best work if they know there are no consequences for their mistakes. With lock-in contracts, you’re stuck with them, even if they make mistakes or stop meeting your needs. The best MSPs will earn your trust by allowing you to leave at any time.
What if my environment is too unique to bring in a third party?
Many companies feel that their environment is too complex and unique to bring in a third party effectively. While this may be true for certain facets of your IT environment, we estimate that around 90% of IT work is not concentrated on the specialized things that make your business unique but rather on the underlying technology that powers it.
For example, suppose you were working on developing a custom database. In that case, your team could dictate its intent, setup, and functionality, and ZAG could work on the underlying equipment, software, and implementations that power it. With structures like this, in-house IT teams get more breathing room to work strategically on projects that require intricate knowledge of the business’s functionality and goals without worrying about day-to-day IT issues or ensuring continuous uptime.
Finding the right MSP
MSPs aren’t the right fit for every business, but the most innovative, fastest-growing companies succeed by focusing on their core business and not becoming IT specialists. If your business finds that it’s struggling to keep up with the security, experience, or resources it needs to keep its IT viable and competitive, we are here to help. Whether you want assistance with analyzing the ROI of outsourcing your IT, exploring the idea of parting with your current provider, or just getting some questions answered, one of our technology strategists can provide guidance. Contact us today to start a no-obligation conversation.