There are managed service providers (MSP) and there are really good managed service providers!

Paying a standard fee for your technical support through your Managed Service Provider (MSP)  is an idyllic solution in today’s business and organisations.

It allows the organisation to focus on business, core business, what you do to make money, without having to worry about technology, policies and people.

The original idea for managed services, you pay a monthly fee for all technical support is failing as greed sets in.

A true managed service provider should be doing it all for you.

Anything that is part of your business and the technology required to achieve your goals should be their responsibility.

Most MSP’s have change the contractual obligations in their service level agreements (SLA) to improve their bottom line at the detriment of the client.

The small print usually states all care but no responsibility.

To increase profits they have changed the way the SLA is applied to business.   They have moved the risk back to your organisation.

Instead of mitigating the risk of something happening by putting in self repairing software or moving your data to the cloud without soverienty, compliance and governance implications they have put it back onto your organisation where you now pay the additional costs.

If your MSP has a clause in their SLA that states you have to pay for time on site, additional costs for policies and plans then they have moved the risk back to your organisation.

Check your SLA / contract have they moved the risk back to you.

The clients interest.

When it comes to a SLA, it should change the onus of technical support away from your organisation to the expertise of the MSP.

The MSP have the skills, training and capabilities to make the technology that your organisation uses to increase revenue and in that profit for your organisation.

A MSP should remove the responsibility on the clients side by having the expertise to fix problems.

They are also the trusted adviser.

In that role they should be advising on the businesses requirements to improve the capability of your business to increase profits and build rapore between you and the them.

This should all be done without pushing a particular vendor, supplier or system.   It should all be based on YOUR requirements!

The capability of the MSP organisation to ensure both functionality and security in the client organisation is the reason that they are there.

There should be a single point of contact, email or phone, that can be contacted to resolve any issue from user to internet.   This single point of contact should have the authority to speak on your behalf to resolve the issues and to improve your bottom line.

The MSPs interest

The MSP role is all about visibility.

Visibility of the system by reporting in all facets of the systems and security.

The reporting has to be done in such a way that management decisions can be made simply and easily.

There are no vanity stats in this process.   The facts are of paramount importance and to get those facts, systems have to be implemented and managed correctly.

The visibility of the people is as important as the technology in showing what is happening behind the scenes and gives an indication in education and training requirements.

The MSP should also be implementing policy and procedures ranging from disaster recovery (DR) and business continuity (BC) to audit capabilities and user policy.

This is not an additional component of the environment, an MSP cannot do its job for the client if it does not understand the importance of your data, where it is located and who has access to that information.

 Why is this important?

Yes, a SLA with these requirements is more expensive.

If you think about it, it has to be.    They are taking their role in your business seriously.

They are allowing the management team to delegate the business requirements to a group of people who should have the expertise to actually do the job, improve the efficiency and security of the organisation and do it with the expertise required to ensure your organisation is going in the right direction.

if you are paying for a SLA that is not doing all of this then you need to look to an organisation that will.   Look to a better way of managing your systems.

Posted in Business Security, NIST, Risk Management and tagged , , , , , , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *