Managed IT services are bundled services from a provider that takes care of your entire (or ‘end-to-end’) IT infrastructure.
Common Components of Managed IT Services
- Cyber Security Audits & Maintenance
- Managing Emails
- Managing Servers
- On-site Engineers
- Help Desk
- Virtual Chief Information Officer (CIO)
- Client Services
If you work with an IT management partner, you’re essentially outsourcing your IT department to a third-party so you can go about your business and not have to worry about IT. Your service manager takes care of everything for you.
Every provider does things a little differently, but there are some standard procedures we’ve put in place to ensure client satisfaction.
Customer Service Appointments & On-Call Service
Depending on the size of the client and the needs, we send an on-site engineer out to our clients on a regular basis. We call that a customer service appointment (CSA).
CSAs are in addition to any emergency on-call services, of course. If a server or a network goes down we send somebody out to fix it.
For non-emergency CSAs, we send engineers out to connect with customers and build relationships. That’s when we find out about end-user issues that are affecting performance. For example, when someone opens Adobe, three out of five times they might get an error message. Or users might have questions about how things work.
When those issues go unaddressed, it diminishes the user experience over time. That's why we work to connect with the end-users, ask them how it's going, and if they have any questions.
These visits are also an opportunity to provide some cybersecurity training and answer questions about subjects like phishing, fake emails, and things of that nature.
That said, we try to handle as much remotely as possible so that we don't interrupt the customers' business flow. We go out on emergencies as necessary and have scheduled appointments.
Sometimes end-users say, “it was doing it until you were standing here -- what kind of magical powers do you have?” It's the nature of the business, but we’ll investigate any issue as much as possible.
Sometimes problems come from user training issues, or they’re endemic to the system, or it’s just a transient glitch.
How Much Do Managed it Services Cost?
IT service costs really depend on the clients’ needs.
We have a price structure, for example, but each client is slightly different. Factors that can affect cost include:
- Server count
- One or more locations
- Number of end-users
- Type of equipment
- Type of software
Typical customers can expect to spend somewhere in the order of 100 to $125 per user per month for an all-inclusive managed service contract.
How Do Clients Sign Up for Managed IT Services?
For us, customers engage by finding us on the web or through a referral. They reach out to us and we schedule a qualifying conversation.
The qualifying conversation typically runs about 20 minutes, but some can be as long as an hour and a half.
During that conversation, we try to clarify why is the customer is looking for managed IT services. What problem do they have currently that they need solved? We also want to find out more about their company and how they do business.
At the end of the conversation, if it makes sense, we recommend scheduling an on-site assessment.
For the on-site assessment, we send one or two people out to the location. We ask the client to sign a nondisclosure agreement in advance and send a letter explaining what we'll need and what we're going to do.
During the assessment, we scan their network for systems information, error logs, and other network operating data.
We also interview some of the end-users to learn about the physical aspects of their experience. We learn what's important to them, what issues they’ve faced recently, and discuss cybersecurity.
After the data-gathering assessment, we would schedule an appointment the following week, we'll put the data together, we'll come back with a presentation.
Presentation & Service Proposal Offer
The presentation will focus on what we found, what's working well, and what things the potential client should be aware of. We also discuss any concerns or issues that will need to be remediated, followed by our service proposal offer.
What Should You Expect From a Managed Service Provider?
When you engage with a managed service provider, you should expect to start with a discovery call. This is an open-ended call to discuss your needs.
Talk about what's going on in your business. It gives you the opportunity to get to know the consultant or head of the company a little better and vice versa.
The next step after that is an assessment of your network. Any company that gives you a quote over the phone in the first call, in my opinion, is not worth their salt. You really need to understand the customer's environment. You need to understand what they have, what's working, and what isn't working. And the way to do that is to perform an on-site IT assessment.
That assessment generally should take a couple of hours, and they should ask you to sign a nondisclosure agreement so that anything you see or share stays confidential.
Then you should expect them to come out and log in to the server, the firewall, and various devices. They should use a scanning tool to scan the network for problems. They’ll also collect warranty information, serial numbers, and equipment information before scheduling a time to come back and present a proposal.
During the proposal presentation, it shouldn't be focused solely on cost. It should be focused on the results of the assessment and the state of your company’s network and cyber security. The proposal should show how the provider will remediate the issues they found and how they’ll support you as a partner.
Drawbacks of Managing IT Internally
Let's say a company doesn't have managed IT services, but they have someone in the company that can help them get by even though that's not their job. That's one common scenario.
Another common scenario is a company with an existing IT consultant. Generally, that relationship is what we refer to as a break-fix. If something breaks or doesn't work, you call your IT consultant to come out and fix it.
That isn’t proactive enough. It's absolutely necessary for the network to be created and maintained proactively.
Updates need to be applied, security must be monitored, and management tools on the network should be looking for things that could potentially go wrong. You don't often get that level of service in a break-fix relationship.
The third scenario is an internal IT person or team that you’ve had for a long time. They feel like part of the family, part of the company. But at some point, the company will probably find themselves in a position where their internal resources don’t have what it takes to reach the next level, and/or there's a break of trust.
We’ve seen it happen often. The person or team that has been there for a very long time isn’t up-to-date on security, or they were expected to do something and they weren't, which contributes to a break of trust.
In all these scenarios we recommend moving to managed services. You can have somebody come in and look at your IT and manage it with a holistic approach.
Why Should Businesses Use Managed IT services?
When you hire someone internally, they come to you with what they know, they learn what you have, and their education stops. In contrast, our IT team works with multiple companies in multiple industries and constantly attends conferences and training, so we have a broad scope of experience.
When you're working with a managed IT service company, you're not relying on the knowledge that one person has in your company. You're hiring a team of specialists and experts.
For example, we serve clients with end-users ranging from about 10 to 150. Our average client has between 40 and 50 end-users and one or two locations. There is often some additional complexity with remote users or another office in a different state or city.
At 40 or 50 users, your company is at a place where it really doesn't make economic sense to hire an internal IT person. It makes much more sense and it's much more cost-effective to hire a managed service provider.
Risks of Hiring In-House IT Technicians
There are some significant risks involved in working with a break-fix type person or an in-house person who doesn't have a background in cybersecurity. In today's cybersecurity environment, small businesses are an absolute target.
1) Lack of Cyber Security Experience
A few years ago, you may have heard about data breaches at Target, Home Depot, Kmart, and places like that. But hackers are not after those companies anymore. They're after small businesses. They're after small businesses because small businesses are an easier target.
Small businesses rarely have cybersecurity controls in place like larger companies do. And their employees aren't as well trained. If you're working with somebody who's not addressing cyber security, you open yourself up to issues like wire fraud and email phishing, where someone gets your email credentials, gets into your email, and changes bank account numbers for wire transfers. That's a common cyber security issue we see.
Your insurance company and your bank may not back you if that happens, because if you transfer the money, it was willfully transferred regardless of whether it was transferred to the wrong account or not. A lot of people don't realize that. They think their bank will take care of it.
Sometimes the bank will, depending on the relationship. Sometimes the bank fraud department might catch it before it goes through. We’ve met clients who say hey, my bank called and asked why am I transferring money to China when you normally don't do that, but you can't rely on that.
2) Protocols for Addressing Breaches
You need to have the proper software and hardware solutions in place. You need to have proper protocols in place for when a breach occurs, and how to report it. And you typically don't find that with your in house person, 'cause they just haven't had the training and the experience.
And you don't find that with your break-fix IT guy either, because they don't have the experience and the training.
Hackers will use social engineering to figure out who's who in a company. They'll find the people who are controlling the money, the CEO, the CFO, office manager, then they will phish them to get their credentials to their email. If everyone is on Office 365, for example, once they get the credentials for that, they can log in through the back-end and you’ll never know they're in there. They'll create rules to forward all your mail to them.
They'll work in there for, weeks, months to see what the conversations look like and when the time is right, and there's a conversation about money or wire transfer, or they feel that they're comfortable enough that they can get the language right, they’ll send out an email like, "Hey, I'm traveling right now and I need $40,000 immediately,” and that money gets transferred.
Or they’ll interject themselves into a conversation about a wire transfer, transfer funds and payment from a customer, and change the account number. That's very common.
3) Expertise to Train End-Users
You really need to be working with someone who can look at cyber security from the outside in or from the inside out. You can spend all kinds of money on hardware, software, firewalls, and electronic safeguards. But if you don't train your people, they're the weakest link in the chain.
All it takes is one person to get an email and give away their email credentials or transfer money based on an illegitimate email. In other words, you really need someone who works with the end-users. They need to be trained.