For most companies, maintaining the diverse skill sets and 24x7 coverage for IT systems is not affordable. Instead, to remain competitive and continue to grow their business, companies use managed services and pay only for the services they need, when they need them. (Learn more in the blog post, "Why use an MSP if I already have internal IT staff?")
With a managed services contract, businesses can rely on their MSP to provide services that will prevent problems from occurring, as well as to solve issues when something happens such as a hardware failure or security breach. Many companies will consider outsourcing their IT needs to an MSP when the company reaches a certain level of growth. Using an MSP to provide managed services enables company staff to focus on business strategy, instead of IT tactics.
↑ back to top
What's the Difference Between a Break/Fix Vendor and an MSP?
Many IT service providers that started out in the break/fix model have simply slapped on the MSP label as a way to upsell their services. It is important to understand the difference. A break/fix company waits until you report a problem and then fixes it, billing you for remediation efforts. A proactive managed services provider typically charges a fixed monthly fee and takes steps to prevent issues from happening in the first place.
Because an MSP is in the business of preventing problems, which is also advantageous to an MSP's clients, business owners are increasingly choosing MSPs over break/fix vendors. MSPs can offer more robust services to businesses which translate into cost savings.
When you select an MSP over a break/fix vendor, you align your business goals with those of your IT service provider — to prevent problems in the first place.
(Learn more in the blog post, "What No One Tells You About Computer Network Support.")
↑ back to top
Types of IT Management Services
The successful management of your IT infrastructure requires highly skilled technical staff monitoring your systems 24x7x365 using the latest remote infrastructure monitoring technology. You need experts in servers, virtualization, storage, networking, desktops, cybersecurity, disaster recovery, and other business technologies. A company will use managed IT services to supplement or outsource the daily operation of their IT infrastructure.
A critical task that an MSP can perform is IT asset management. During the initial engagement, the MSP will do a technical assessment of your entire network that will identify all devices. Then, they will continue to manage your inventory of IT assets.
Types of IT services:
- 24x7x365 IT monitoring
- 24x7x365 end user help desk support
- software patching
- malware protection
- business continuity & disaster recovery
- managed hosting
- procurement & IT lifecycle services
- configuration & integration services
Learn more in the blog post, Why We Love IT Asset Recovery Services.
Your need for IT support may be unique based on your specific business and your in-house IT capabilities. In a managed services contract, typical systems within a company's network that will be supported are:
- mobile devices
- wireless devices
- network devices
Learn more in the blog post, "What are managed IT services?"
Help desk support for end users is provided through a network operations center.
↑ back to top
Network Operations Centers
A network operations center (NOC) is a hardened facility that is used to monitor performance and security events of client networks 24x7x365. Ideally, the facility should have redundancy for all major systems including electricity, HVAC, and internet, in addition to computing systems.
From a NOC, IT monitoring is performed on all kinds of traditional IT infrastructure as well as IoT devices, including network equipment, servers, storage, desktops, laptops, and mobile devices. For each type of device, there should be a performance monitoring template in place that defines the device parameters to be monitored, the threshold to be used for alerting, and the measurement frequency for that device.
Communication with clients is a key factor for measuring the effectiveness of a NOC. This requires that NOC personnel have the most advanced tools in monitoring technology and incident management, as well as comprehensive processes that keep clients informed every step of the way during remediation.
NOC personnel may have different capabilities (Level 1, 2, and 3 technicians) and the NOC should be staffed 24x7x365 with coverage for the various disciplines. To expedite on-site resolution, NOC teams should have real-time connectivity with field resources.
↑ back to top
On Site & Remote Support
In addition to remote support where monitoring is done by NOC personnel, MSPs can also provide on-site temporary or permanent support to you where employees of the MSP work at your site, acting as your virtual IT department. The extra benefit to this scenario is that on site personnel have the talents of all the employees of the MSP behind them, and therefore can provide comprehensive and specialized service.
↑ back to top
An MSP can also serve as your virtual IT department to completely fulfill your technology needs or to supplement your existing IT team. A common engagement may outsource all end user issues to the MSP’s NOC, freeing up your internal IT talent to focus on the strategy and planning of future IT needs at the company.
An MSP can also be a good fit when specialized technical skills or certifications are required as in the fulfillment of new mandates or other compliance needs that require some type of assessment, such as those for HIPAA, PCI DSS, and NIST.
↑ back to top
A typical need for IT services is colocation. Forward-thinking businesses are realizing they can keep expenses in check while strengthening security by using a shared data center infrastructure. A company that requires the use of a data center understands the cost benefits and security advantages of this service over building and maintaining a company’s own data center to house servers, storage, and networking equipment. With colocation, businesses get a reliable, secure environment for critical business systems with maximum uptime and reduced operational exposure. At the same time, expenses are controlled by sharing the costs of space, power, and connectivity with other firms.
But even for those businesses who do not necessarily need colocation services or managed hosting, there are huge benefits to selecting an MSP that owns its own data centers. (Learn more in the blog post, "Selecting an IT Service Provider with its Own Data Centers.")
When an MSP owns and maintains its own data centers, the MSP is not relying on a separate vendor to provide data center services. This can make resolution of issues seamless for the MSP’s clients if a disruption occurs as there are not multiple vendors involved between the MSP and the data center provider. As a client, you are dealing directly with the MSP to resolve all issues. And if that MSP has multiple data centers configured to provide redundancy, even better – now there is redundancy built into the systems supporting the service the MSP is supplying to clients.
Corserva's colocation services include:
- rack space
- power redundancy
- internet redundancy
- data security
- on site workspace
- physical security
- remote support
How to Evaluate Data Centers
When evaluating MSPs that have their own data centers, consider your vertical market and any regulations to which you must abide. Focus on the type of data center or to what standards the data center complies. Keep in mind that there are a range of standards, and that you do not necessarily need to use a data center with the highest level as that may cause you to overpay for services you don’t need.
Data Center Attestation
The auditing of data centers originated from the financial world where accounting firms regularly audit a company’s financial results. A need was identified to validate the security and control of a data center. Over time, this auditing became more specific to data centers and now we more correctly describe the attestation standards of a data center.
When a data center has met a certain attestation level, this means that independent auditors have come in and tested that there are controls in place to make that data center compliant. There are different attestation standards a data center can meet.
- SSAE 16 (Statements for Standards for Attestation Engagements No. 16) is the current auditing standards against which data centers are managed, having replaced SAS 70. This standard was finalized by the Auditing Standards Board of the American Institute of Certified Public Accounts (AICPA) in January 2010.
- SOC (Service Organizational Control) refers to different reports used for different purposes: SOC 1, SOC 2, and SOC 3. SOC 1 reports deal with controls over financial reporting while SOC 2 and SOC 3 reports focus on controls related to security.
- Type refers to options within SOC 1 and SOC 2 reports. For both SOC 1 and SOC 2, Type I reports describes the service organization’s system and its controls, while the Type II report also includes a description of the auditor’s tests of controls and results.
- Tier describes how much power and redundancy is built into the data center: Tier I, Tier II, Tier III, and Tier IV. Think of tiers as a classification, not a certification. The higher the tier, the more redundancy is built into the data center, and the higher the cost to use that data center. The most redundant data centers will have multiple power providers and multiple internet providers coming into the same building for redundancy.
The level of tier you need is based on your type of business and risk tolerance. This should be an important part of your initial conversations with providers. Your MSP should be able to help you determine the right level of service you need without overspending on unnecessary redundancy.
Corserva's data centers are audited annually:
- SSAE 16 Type II
- SOC 2
- HIPAA compliant
- PCI compliant
- Tier III
The Auditing of Data Centers
The process of auditing a data center to ensure compliance involves an outside party coming in to evaluate the controls put in place at that data center as well as risk management. Outside auditors will evaluate processes and procedures. They are looking for two things:
- Are there controls put in place?
- Are those controls being followed?
During the annual attestation process, the auditors will check for evidence that the data center company is following its stated
Auditors will verify that formal controls have been put in place and are followed in such areas as:
- Organization and administration — The organization of the IS department provides for adequate segregation of incompatible duties.
- Change control — Changes are made in an orderly, standard process and follow change management procedures.
- Access control — Formal information security policies and procedures exist and have been communicated to employees.
- Application security — Access to client proprietary data is restricted to authorized users.
- Network management — Network hardware and software is appropriately designed and implemented to achieve availability, performance, and resiliency requirements.
- Backup and recovery procedures — Backup and recovery plans have been developed to minimize the effect of a disaster on critical processing activities.
Other controls may also be audited depending on the data center, such as controls for HIPAA or PCI DSS.
↑ back to top
IT network support services provided by an MSP typically include:
Managing the IT Network Infrastructure
Your IT network infrastructure includes your servers and your workstations (endpoint devices such as PCs and printers), as well as the network connecting everything (both wired and wireless).
Making Sure Backups are Running Properly
It’s important to remember the reason for running backups in the first place — you want to protect your business so that in the event of a disaster, you can recover your lost data and restore your systems. It’s not enough to simply run backups. To ensure disaster recovery capability, you must be able to actually recover from your backups.
Protecting Your Network
Keeping your network secure generally means two things:
- that endpoint devices (such as PCs and servers) have anti-virus and anti-malware software installed, which prevents intruders from entering your network and harming your systems
- that the network is protected with the latest firewall systems so that in the unlikely event the network is infiltrated, the harm will be minimized
↑ back to top
IT Support Services
Compared to a small mom & pop type shop, a large MSP can provide faster, more comprehensive service. Proactive services will include monitoring of systems around the clock and, if there is a problem, 24x7x365 remediation. With proactive services that include monitoring of IT assets, your MSP can identify and remediate a problem before you are even aware of the issue.
To keep your network environment secure, proactive services will also include software patch updates and other security virus updates.
↑ back to top
Help Desk Support
When you experience an issue and you need support, the level of customer service you receive can vary based on your provider and your contract with that provider. You should have consistent, multiple methods to report problems such as via phone, email, or through a web portal. Ideally, you should be able to report issues and get responses from your provider any time, day or night.
MSPs that maintain their own NOCs should have a NOC ticketing system that provides real time status updates to keep you informed each step of the way on the path to resolution of the issue.
When you report a problem to your MSP, you can expect several things to happen.
- A new service ticket should be generated through a NOC ticketing system and the issue should be assigned a unique ticket number for tracking purposes.
- You should receive immediate acknowledgment (such as an email) indicating that your request has been received and logged into the provider’s ticketing system. This way, you know they received your request.
- The provider should then assign the appropriate resources to work towards resolution of the issue.
- You should receive another acknowledgment that your issue is being addressed directly from the person assigned to be the main point person on your case. This person should then follow up with you to get more details on the issue.
- As your issue moves through the steps to resolution, you should be kept informed via email or another method so that you always know the status of your issue.
↑ back to top
Special IT Projects
Some companies with their own in-house IT staffs are successfully handling their daily IT needs, but may require specialized help on certain projects. If you have a one-time need for specialized IT services, an MSP can fulfill this role. For example, if you are getting ready to migrate your employees to Microsoft Office 365, it might make sense to use an outside third party.
↑ back to top
Security & Network Assessments
Starting off with a new engagement, an important service that an MSP can provide is to evaluate your existing network, comparing your needs with your current capacity. This can be useful if you feel that your network is not meeting demands and needs optimization, or if you are embarking on a major project such as consolidating, centralizing, or virtualizing your data center. An MSP can assess your existing infrastructure, look for bottlenecks or shortcomings, and develop a list of problems that need to be addressed.
Corserva provides assessments for:
- PCI DSS
In addition to overall network assessments, an MSP can perform specific assessments for cybersecurty , virtualization, HIPAA, PCI DSS, and NIST.
↑ back to top
Network Architecture & Design
In the case where you are starting from scratch or nearly so, an MSP can build your network, taking into account your existing space and power resources, your need for wired or wireless connections, and the requirements for digital and physical security.
Your IT infrastructure should support your business goals. If you have specific growth goals, these should be considered in the network design. Any concerns you have about your current technology hindering the achievement of your goals should be addressed. Think about the features you need. Do your employees need to be able to access applications remotely? If so, your network should enable secure remote access.
The benefits of an optimized network infrastructure design should not be overlooked. These include:
The right network design ensures that your employees have access to the applications and files to which they need. Nothing can be more frustrating for people than roadblocks that make it difficult for them to perform their jobs.
An optimized network is a fast network.
The best network design enables employees to be as effective as possible.
Your network should be designed from the ground up with security in mind. Security should never be an add-on.
Backup systems support the company’s business continuity efforts and enable you to keep operating even in the event of a disaster.
As the company grows and the needs of the business change, so too must your IT systems. Optimized network infrastructure design enables IT systems to evolve over time, while leveraging the existing investment you have already made in IT.
Your IT infrastructure should support your business goals.
↑ back to top
Best Practices in Managed IT Services
Following the most effective practices will enable an MSP to deliver superior service management. ITIL is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. When an MSP is using ITIL based processes, the MSP enables you to maximize the value derived from technology.
Aligning IT Services with Business Objectives
Conforming to ITIL practices ensures that IT services are aligned with the needs of the business.
1. Service Strategy
Your MSP will start by evaluating the current state of your complete IT landscape. Then, they will make recommendations for changes that will enable you to meet your business objectives and identify and track metrics for determining when objectives are met.
2. Service Design
The MSP will develop a network design and IT infrastructure.
3. Service Transition
To achieve the future desired state, the MSP develops execution plans in a phased evolutionary fashion.
4. Service Operations
The MSP then executes the agreed-to plans with your IT resources across the enterprise to achieve the future desired state.
5. Continual Service Improvement
On an ongoing basis, the MSP will manage, maintain, and seek methods for improvement, focusing on meeting business objectives. Moving forward, the MSP will adapt plans and integrate enhancements as needed.
Understanding Your Environment
Critical to the successful implementation of IT services is for the MSP to assess and document your network environment. The technology infrastructure of any organization has become extremely complex. Newer technologies such as cloud services, Big Data, and IoT have provided great opportunities for companies to innovate, but have also exposed new risks to the network. Without thoroughly documenting a customer’s environment, resolving future issues will cost the customer more time and money than is necessary.
It is not unusual for a company to sign up with an MSP to solve a specific problem, and then during engagement with the new customer, the MSP discovers previously unknown risks of which the customer was not aware caused by unintentional connections throughout the network.
It is understandable how this situation occurs when you consider how a network changes over time. It’s relatively easy to create an efficient network of servers and workstations when you start from scratch; but greenfield projects are uncommon. At most companies, networks have grown and changed over time both geographically and as new technologies were introduced.
↑ back to top
The Benefits of Using an MSP
The successful management of your IT infrastructure requires highly skilled technical staff monitoring your systems 24x7x365 using the latest monitoring technology. You need experts in servers, virtualization, storage, networking, desktops, cybersecurity, disaster recovery, and other business technologies. For most companies, maintaining the diverse skill sets and 24x7 coverage for IT systems is not affordable. What if there was a way to pay for that level of service, but only when you need it? There is – managed IT services.
Once engaged, an MSP becomes your virtual IT department. An MSP can monitor and support your servers, network equipment, and desktops remotely or in person 24 hours a day to keep your operations running smoothly and securely. Services are provided for fixed monthly fees.
By selecting the right MSP, you realize lower IT cost, better performance, and higher security for your critical business assets. (Learn more in the blog post, "The Benefits of Outsourced IT Support.")
Companies that use the services of an MSP can expect the following benefits:
Effective execution of operations
- Eliminate single points of failure - people and infrastructure
- Provide 24x7x365 monitoring of all key assets
- Remediate critical issues 24x7x365
- Provide extensive expertise on all technology operating issues
- Enable employees to focus on what they do best - growing the business
- Increase uptime and performance, thus reducing lost revenue from downtime
- Reduce expenses by having ongoing access to experts in every technology, but only use them in the amount required
- Provide sliding, fully scalable support costs for your IT infrastructure
- Reduce CAPEX expenditure
Business risk reduction
- Ensure IT performance and uptime required to support your 24x7x365 business needs
- Ensure organization-wide security from the network perimeter to the endpoints to the data center
- Reduce the threat of security breaches by ensuring that all endpoints are up to date with patches and anti-virus updates
- Reduce the risk of intrusion into the network by providing third generation managed firewalls
- Pinpoint legitimate threats across the IT infrastructure with advanced event logging and analysis software
- Back up all critical files and systems
- Complete data recovery from a single device to entire data center failure
Increased agility and organization expertise
- Access to experts in security, networking, and other advanced technologies
- Enable fast rollouts/upgrades to meet changing business needs
- Thought leadership to help drive new technologies
- Support long range IT plans
- Visibility into every aspect of your IT infrastructure down to individual incident tickets
- Documentation of the entire IT landscape including network devices and servers
- Comply with regulatory requirements (NIST, HIPAA, GLBA, PCI, etc.) for transactions and data
- Gain access to extensive performance data and quarterly performance reports
- Tap into additional resources, on-demand
- Control user access to sensitive websites and information
↑ back to top
How to Decide Which IT Services to Outsource
As the technology needs of your company grow, you may be struggling to decide which services you should outsource to an MSP, especially if you already have your own internal IT staff.
There are several factors you should consider:
- Efficiency — Certain tasks can be handled more efficiently inhouse versus outside, and vice versa. For example, it may make sense to outsource straightforward end user application issues to free up internal IT staff for more critical business functions. (Learn more in Why You Should Consider Outsourcing IT Help Desk Services.)
- Business Objectives — Planning the initiatives that will best contribute to the goals of the organization may be better suited for internal IT staff, although an outside party can provide IT consulting services toward this effort.
- Cybersecurity — With security breaches making headlines every day, all businesses have concerns about cybersecurity. Securing the company's data and systems may require skills and experience beyond the scope of internal staff.
- Compliance — Depending on your industry, there may be regulatory compliance laws or federal mandates to which your company must comply, and may require outside expertise, such as those for HIPAA, PCI DSS, and NIST.
It can be more cost effective to outsource some or all IT needs instead of continuing to hire internal staff as the technology requirements of the business grow. Leveraging the services of an MSP gives you access to a wider range of technical skills than you would otherwise have with internal staff. This can be instrumental in making sure your company meets its business growth plans.
There are multiple benefits to be gained by using an MSP to supplement the workload of your internal IT staff. In fact, in our experience, this has been the most successful utilization of the MSP services model. Typical services that can be handled by an MSP include managed monitoring services and IT help desk services. A common engagement may outsource all end user issues to the MSP’s NOCs, freeing up your internal IT talent to focus on the strategy and planning of future IT needs at the company.
Corserva's NOCs provide:
- 24x7x365 monitoring
- Level 1, 2, 3 technicians and engineers
Here are six reasons why you should consider using an MSP: