In my previous post, I discussed some of the most common types of services offered by managed service providers (MSPs). This brings us to what organizations need to do to prepare to work with an MSP. Here are some considerations to keep in mind.
Have an Idea What You Need
Organizations could land themselves in trouble if they end up wasting money on services they don’t need. The same goes for those that might go with an MSP that doesn’t provide the desired types of protection. Hence, organizations need to know the following:
- What’s on the network? Do organizations want an MSP to support all their assets? Can all their assets even be managed? By understanding their environment, organizations can choose an arrangement that supports their mission-critical needs.
- What are the biggest challenges? Organizations must understand the biggest challenges facing them and be able to verbalize how an MSP will help them to tackle those issues.
- What’s needed from an MSP? Some organizations may have local or global hosting requirements to consider, while others may need to choose vendors with engineers who are FedRAMP-certified or who hold other certifications. Organizations need to know what exactly they need from an MSP, as this will help them to narrow down their search. Having a list of must-haves will aid you in your search process.
With that information, organizations can start looking for an MSP and evaluating their options. This requires that they look at four key factors of any provider’s managed solution.
Factor #1: Cost
Organizations need to know what it will cost them to work with a particular MSP. That projected cost will vary based upon the term length that they’re interested in as well as the type and tier of service they’re examining. It’s then up to them to figure out whether those costs are acceptable at this state in their growth and whether those costs support the ability to scale over time.
It’s also important for organizations to look at the relative costs of bringing on one managed solution over another. For example, will engaging an MSP allow them to operate with fewer people? If they were to purchase a self-managed solution, what would they need to spend on hardware, ancillary software, training, professional services, etc.? These additional factors can make a material difference in an analysis of return on investment (ROI).
Factor #2: Dedicated Support
Some organizations don’t have the ability to address security concerns outside of normal business hours, while others want 24/7 coverage. In either of those cases, organizations need to make sure they get the coverage that they need. They also might look for an MSP that allows them to change their preference should they grow. That way, the service rendered by the MSP can evolve with the business.
Factor #3: Maturity
Organizations need an MSP that’s established insofar as it won’t disappear and leave its customers without the services they need. But it’s also useful to have an MSP that can meet an organization’s level of operational maturity level (OML). As noted by ELBO, those levels range from a break-fix model at OML 1 to building competitive advantage throughout customers’ IT environments at OML 5. Organizations need a managed solution that won’t overestimate their OML but that can help them to advance their level of operational maturity going forward.
Factor #4: Prove Value
Sometimes, it’s difficult to communicate the importance of cybersecurity across the entire organization. A great MSP can help organizations to change that by enabling their customers to generate reports that they can then present to leadership and thereby prove ROI.
What Goes into a Conversation with a Prospective MSP?
It’s important to note that organizations oftentimes can’t determine the factors discussed above on their own. What’s required is for them to talk with an MSP directly and find out what they have to offer to their customers.
Don’t know where to start your conversation with a prospective MSP? For a list of questions to find out if a prospective MSP will work with your company, download your copy of Tripwire’s eBook “Exploring Managed Cybersecurity Services: Mission Control for Security, Compliance, and Beyond” here.