“Managed IT services” can be an excellent solution for small companies that don’t have in-house IT expertise. But the term is vague, and IT vendors use it in different ways. In this post, I’ll explain the basic types of managed IT services that are most important for SMBs.
What are Managed IT Services?
Managed IT services are IT functions that businesses outsource. They contract with vendors called managed IT services providers (or MSPs), usually on a monthly subscription basis, to oversee and proactively manage some or all IT requirements. This gives even small businesses access to broader IT expertise and management skills than they could otherwise afford.
As I mentioned in the first of this two-part managed IT services post, more than half of SMBs use a managed IT services provider and another third are considering it, according to a 2019 CompTIA survey report.
The 11 types of managed services I list below cover two general categories:
Reactive (or “break-fix”):
The vendor responds when you have a service issue. Example: tech support, both remote and on-site.
Proactive:
You and the vendor work together to plan and maintain your IT resources, including taking precautions that minimize your risks of downtime, poor performance (like slow-running PCs), and cybercrime.
Some managed IT services providers focus on large corporations that outsource specific chunks of their IT operations. But I’ve focused my list below on IT services that I’ve seen work best for small to mid-sized businesses over the 20 years I’ve been working with them.
The 11 Most Important Managed IT Services for Small to Mid-Sized Companies
1. Strategic Planning
what it is:
Your managed IT services provider should help you create an overall tech strategy that will determine whether and how to use each of the other IT services I’m listing in this post.
Your IT strategic plan is a blueprint showing how your business operates, and how IT enables and improves those operations.
WHAT IT CAN/SHOULD INCLUDE:
Regular consultations about how your company can improve your operations and growth through IT.
Invite your IT provider to occasional board meetings and/or your annual strategic planning and budgeting sessions.
Documentation of your IT strategic plan and budget.
Review the results at least annually and adjust as necessary.
how it can help:
Think of strategic planning as the opposite of merely waiting for IT emergencies to strike and then responding — often with a monster-sized, non-budgeted capital expense.
A good strategic plan helps you minimize emergencies, and at the same time, improve your overall operations. For example, it can prevent unseen productivity killers like slow-running machines and outdated software.
2. Documenting Your System
what it is:
This is typically a detailed schematic of your network systems and devices. The level of detail can vary, but it should show how data flows through your IT infrastructure, illustrating the relationship between its devices, connections, software and storage methods.
WHAT IT CAN/SHOULD INCLUDE:
Up-front thorough IT documentation
An up-front thorough IT documentation of your company’s existing systems, licensing, and technology vendor information.
IT network diagram
An IT network diagram to help IT vendors navigate future repairs/additions/upgrades quickly.
how it can help:
People who need to troubleshoot/fix an urgent problem, do an installation, run an upgrade, or perform other tasks on your IT network need an accurate “map” to work from. It can cause serious mishaps and delays when that information is missing or outdated.
3. Network/Server Monitoring
what it is:
IT network managers use tools that monitor a network’s general health. The tools can warn of components that have failed or, more importantly, may need some intervention so they won’t fail. These tools can detect certain signs of cyber attacks and other anomalies.
WHAT IT CAN/SHOULD INCLUDE:
Qualified staff on call to respond to network alerts 24/7.
Staff should be able to assess and respond to alerts generated by network monitoring tools when issues arise with your servers, workstations, cloud services, and all connected devices.
how it can help:
The quicker a qualified IT person is alerted to a potential problem, the less downtime and other mayhem is likely to occur. Research by the consulting firm IDC showed that 80% of small businesses have suffered IT-related downtime, which cost them between $82,200 to $256,000 for a single event.
4. Cybersecurity
what it is:
In a 2019 survey of IT professionals who provide cybersecurity services for SMBs, the providers said the top cybersecurity attacks their clients had experienced were phishing (84%), malware (84%) and ransomware (63%).
The goal of a cybersecurity program can’t be to prevent all these and other cyber attacks — that’s simply not possible for companies of any size. The goal is to take strong, reasonable precautions that make your company a more difficult target than criminals are willing to take on.
WHAT IT CAN/SHOULD INCLUDE:
Training:
Training is perhaps the most important cybersecurity protection, as many cyber attacks involve phishing or other tactics that rely on employees’ ignorance. Should include new-employee training and regular updates.
Firewall installation, updates, and monitoring.
Anti-spam and antivirus protection:
Testing and maintaining your current tools and, if necessary, suggesting tools that are better suited to your specific business operation.
Encryption for your PCs, laptops, mobile devices, and email.
Installation of security patches and software updates promptly.
Documented policies and procedures:
This way employees know how to prevent cyber losses. These should be in compliance with any applicable industry regulations. Should be reviewed/updated regularly.
Password management:
Password management via a tool such as LastPass, so your employees have a convenient method of generating safe passwords that aren’t used to access multiple third-party sites.
Data backup and recovery plans:
This is a key part of cybersecurity, but they’re also important for other reasons, so I’ve spelled this out more completely in #7 below.
Dark Web monitoring:
This can show you whether your employees’ user IDs, passwords, and other key data are for sale on the Dark Web. This can help you track down cybersecurity lapses and guide your employee training.
how it can help:
Cybersecurity protects your bottom line and your reputation.
According to a Nationwide Insurance survey of SMB owners, more than 20% of cyber attack victims spent at least $50,000 and took longer than six months to recover. But 7% spent more than $100,000, and 5% took a year or longer to rebuild their reputation and customer trust.
Here are a couple of specific situations in which it’s important to work with a managed IT services provider that has cybersecurity bona fides (such as ISO 27001 certification):
Industry compliance: If you must comply with federal and/or state cybersecurity regulations, such as financial firms that occasionally face examinations by the SEC and/or FINRA, a managed IT services provider can help you implement and document a compliant cybersecurity program.
Legal liability protection: If your company is sued over a data breach, having a professionally administered and documented cybersecurity program in place can help you show in court that you’ve taken reasonable measures to protect clients’ data.
5. Tech Support
what it is:
This is the process of troubleshooting IT issues to determine whether they’re mechanical breakdowns, software glitches, user errors, etc., and either correcting the situation or calling in the appropriate specialists to do so.
WHAT IT CAN/SHOULD INCLUDE:
Remote support via phone or online.
On-site support:
On-site support for hardware problems. Also, you may want a support specialist to visit your office to train employees and/or talk with them and look for opportunities to improve operations or service.
Real-time online status:
Access to real-time online status of any ongoing service requests. Some issues can’t be resolved in minutes or hours. If you have an outstanding issue, you should be able to check on where that project is and what’s supposed to happen next.
how it can help:
The median annual salary for an IT support tech is more than $46,000 (the upper range is closer to $65,000), and the benefits for about three quarters of those positions include health insurance, according to PayScale. That’s just too big of an expense for many SMBs.
I work with some firms that are big enough to have an IT person on staff, but they outsource their tech support anyway because their staffer is just too busy to respond quickly to every urgent request.
Also, these companies tend to need 24/7 coverage — and a wider range of IT experience — than one IT employee can provide.
6. Software Training and Support
what it is:
In addition to answering daily software questions via the tech support help desk (see above), some IT vendors include software training via web-based courses or on-site training.
A managed IT services provider can administer a training program that tracks which employees need which training, and when. The provider can also monitor software updates that should prompt additional training.
WHAT IT CAN/SHOULD INCLUDE:
Knowledge of your software.
The support staff should be proficient with the key software your employees use every day, including industry-specific software if possible.
New-employee training.
Refresher training.
To help employees use more of your software’s capabilities, or to help employees through software upgrades.
Targeted training.
For a specific function that your employees need help with.
how it can help:
Software training helps you get the most productivity from your software investment. Trainers who know your company well, and know how you specifically use your software, can deliver tailored curriculum and answer day-to-day questions quickly and accurately.
7. Data Backup and Disaster Recovery
what it is:
Simply having a working data backup device does NOT give you the ability to get your operation running again quickly after a data breach, natural disaster, etc.
You also need effective pre-planning, a combination of on-site and cloud backup solutions in place, and a post-event response plan your employees know how to follow.
WHAT IT CAN/SHOULD INCLUDE:
Assessment.
An initial assessment and test of your current backup system.
Configure your IT infrastructure.
Configure your IT infrastructure with redundant internet and backup services, and cloud recovery options for your servers.
Backup testing and monitoring.
Disaster recovery plan.
A detailed disaster recovery plan that’s documented and tested.
Backup hardware.
Options for providing backup hardware and emergency power sources.
how it can help:
Being prepared for data loss and/or a significant business interruption can be a competitive advantage.
Sixty-eight percent of small business owners don’t have a written disaster recovery plan, according to a Nationwide Insurance survey. I’m betting even the 32% who do have a plan haven’t regularly tested it to make sure it will work.
So, in addition to avoiding major monetary losses mentioned above for business interruption and cyber-attack recovery, you’re setting yourself apart from your competitors.
8. IT Asset Management
what it is:
IT asset management is a system of managing your company’s hardware and software updates so you can have a more productive staff and a more predictable budget.
The goal isn’t to always have all new stuff — it’s to have equipment that effectively runs the software you need, and to avoid unplanned major capital expenditures.
WHAT IT CAN/SHOULD INCLUDE:
Inventory.
An inventory of your existing hardware and software: Including the age of PCs and other key hardware, and the warranty information from each manufacturer.
A schedule for IT equipment replacements.
This way you’re not waiting until your computers and other equipment are running slowly and breaking down before they’re upgraded.
Preparation of some replace computers.
To use as backups, so employees can stay productive while new equipment is purchased and set up.
how it can help:
Along with generally helping you control your IT capital expenses, up-to-date technology improves productivity and job satisfaction, according to the results of a survey by the startup support company, ZenBusiness, including:
Two-thirds of workers surveyed said that outdated technology had a moderate (50.2%) to major (16.2%) effect on their ability to be productive.
More than 4 in 10 workers said outdated technology had a moderate (28.2%) to major (12.2%) effect on their job satisfaction.
Computers (83.1%) and software (70.5%) were the most commonly outdated technology cited by respondents.
9. Mobile Device Management and Support
what it is:
In IT industry jargon, mobile device management (MDM) tools help companies deploy, track, and protect smartphones, tablet computers, and laptops.
Your IT vendor should be familiar enough with your devices and data plan providers to answer employee questions — which can often come from people who are on the road and need help right away.
WHAT IT CAN/SHOULD INCLUDE:
Security protection and encryption.
On all mobile devices, including the ability to wipe proprietary data from a device remotely in case it is lost or stolen.
Device setup and configuration.
For email accounts, calendars, industry-specific apps, etc.
Data backup and recovery.
how it can help:
In its forecast of five cybersecurity trends for 2020, the cybersecurity firm, Digital Shadows includes: “Mobile devices will increasingly be targeted as more business processes and payment options migrate to mobile.” Many such lists include similar warnings about mobile.
Give your company the productivity advantages of mobile devices, while your managed IT services provider addresses the additional cybersecurity risks that mobile devices create.
10. Technology Vendor Management
what it is:
Managed IT services providers help their clients choose from myriad subcontractors to find the right mix and stay within the client’s budget.
For example, you may be able to improve operations and save money by using one or more cloud-based services. Your managed IT services provider can help you sift through cloud options, and then monitor and manage these services for you.
WHAT IT CAN/SHOULD INCLUDE:
Resolution of service issues.
Including contacting any necessary providers (software vendors, internet, phone, firewall, etc.) on your behalf.
Management of disputes between vendors.
Sometimes tech providers will point fingers at one another over the source of a service issue. Let your IT partner sort it out.
Regular cost assessment.
To look for better values.
how it can help:
Your time and energy are probably best spent on growing your business, not comparing cloud backup service packages, or sitting on hold with Microsoft over an Office 365 issue, etc. Delegate that stuff to an IT partner who does these things every day.
11. IT Project Management
what it is:
This service is a blend of many of the other 10 services shown above — whichever ones are necessary to organize and execute a major project that involves IT. Typical projects include:
- Upgrading to a new operating system (like Windows 7 to Windows 10)
- Major hardware installations
- Equipping a new conference room with A/V and teleconferencing gear
- Migrating backup data onto a new on-premise or virtual server
WHAT IT CAN/SHOULD INCLUDE:
Project logistics.
Creating a timetable of events that you can use to communicate with your employees, so they understand what they will need to do and when.
Support for larger projects that include an IT component.
Such as opening or moving a branch office, or hiring a batch of new employees or contractors that require access to your network.
how it can help:
Experienced IT project managers know how to minimize business interruption and general confusion among your employees and clients. This takes the major oversight duties off your plate–and results in fewer unpleasant surprises.
Two Key Questions About IT Managed Services Billing
Reactive services can be sold as separate, hourly occurrences or as subscription, but proactive services are almost all sold as monthly subscription packages.
In addition to your other due diligence in choosing an managed IT services provider, answer two questions before agreeing to a monthly subscription package:
- Does the package lock you into an annual contract?
- Is there a termination fee for canceling your service before the contract term expires or without a certain number of days of notice?
Instead of an Overhaul, Create an “IT Blueprint” to Work Toward
Your company may need managed IT services not listed above — every client is different. But whichever mix you choose to use, be careful about implementing too much, too quickly. Complete IT overhauls can be too difficult for your employees or clients to deal with.
Create an “IT blueprint” with your managed IT services provider, and work toward it gradually. Make sure each change is working as it should — and adjust the blueprint as necessary. Continue that process until the client’s IT operations match the blueprint.
Again, different providers have different terminology for all of the above managed IT services. Ask a lot of questions. The provider’s ability to answer your questions in plain English, by the way, is an excellent gauge of how good that provider’s service will be.