When we tell our prospective clients that we don’t have a Help Desk, the most frequent response we get is usually “What do you do then?”
Instead of me just giving you the blurb on our website – that we’re an advice-based management and technology consulting firm – this clearly doesn’t explain what we do well enough, so let’s do a deeper dive on what our prospects are often looking for: MSPs – what are they and why they may be just what you need, or maybe not.
What is an MSP?
Often when we get prospects looking for IT outsourcing, they are looking for what we in the industry call “Managed Services Providers” or MSPs.
MSPs are well-rounded service firms that provide multiple tiers of IT services usually with a monthly subscription fee.
MSPs are like the building managers for your technology condo. You contract them, pay a subscription fee, and you get a set of maintenance and support tasks that is outlined in your contract. Most frequently, these services include:
Ad-hoc support, usually in the form of a Help Desk, either via phone, email, or an online service portal, and
Monthly security patching/maintenance, to keep your device software up to date.
You can of course, add additional services such as back ups, monitoring, etc. as long as the MSP offers the service. As well, MSPs typically focus on reactive and break-fix tasks. Unless it is a scheduled task like patch management, Help Desk only responds when you call them for support.
MSPs also usually manage many client environments, and to make everything easier to manage, they will typically use a Remote Management and Monitoring (RMM) software to monitor for any outages, and to deploy those security patches we talked about.
These RMM tools are usually installed by the MSP on every device you would like them to manage, so they can access the device remotely without you being present. Because these RMM tools are far reaching into many different client environments, a single security compromise could have cascading effects. The most recent incidents of these cascading supply chain attacks are the massive SolarWinds hack, where attackers compromised SolarWinds’ Orion software for monitoring and managing IT systems, and the Kaseya Ransomware incident where an estimated 800 to 1500 small to medium-sized companies have experienced ransomware through their MSPs.
That being said, attacks like this are very sophisticated and very targeted. Whether or not your MSP gets hit isn’t something they can necessarily prevent since it is the software vendor they use that gets compromised, not necessarily the MSP themselves.
MSPs are a very good option if you require ad-hoc support and do not have the resource to hire, train, or retain internal IT personnel.
Adding to the challenge is that if you do not have any IT knowledge in house, it is potentially very difficult to hire competent talent. The result may be more security holes you’re trying to avoid.
When Might an MSP Not be Appropriate?
When our clients don’t choose an MSP, it is generally for any of these reasons:
They have internal IT staff and do not require outsourced support
They have technically self-sufficient staff who do not require ad-hoc support
They require specialized knowledge that typically does not exist at most MSPs
They manage their own endpoint devices, backups, and their own infrastructure and as such do not need the management oversight of an MSP
They do not manage any of their endpoints devices (all BYOD), and as such do not require management oversight for those.
That being said, MSP services can be varied especially depending on the size of the firm. So when we say that specialized knowledge typically doesn’t exist at MSPs, it’s because they serve a different set of client needs than we do, not because they’re less competent.
What Does SiFr Do?
You might be asking at this point “If your client has internal IT, what do you do?”
What we do seems to confuse a lot of prospects who’ve just found us on the internet via Google which tells me I haven’t done a good enough job with our Marketing! But honestly, I’m not surprised.
I have had many people from my network whose spouses work in IT and they cannot explain what IT does. The simple reason is that Information Technology is a very diverse set of disciplines. From Networking, Infrastructure, Cybersecurity, to Artificial Intelligence… anything that deals with technology and data, can be labelled as IT.
What we at SiFr specifically focus on is foundational IT Infrastructure, best practices, and processes. Most of our services are advice-based, meaning we don’t manage your environment, and we don’t try to sell you anything.
We are sort of like fee-for-service Financial Planners for your technology decisions. While Financial Planners may help you answer questions regarding finances such as:
How much do you need to save for retirement if you wanted a monthly income of X dollars?
When can you retire given your goals?
Should you put money in an RSP or TFSA?
How can your assets best be protected?
We help answer your technology questions such as:
How can I best secure my IT environment? (Hint: not by buying an anti-virus)
How can I reduce the number of hours I spend on X task and be more productive?
Where should I focus my near-term IT investments and efforts?
Is Cloud worth it?
While Financial Planners give you a financial roadmap and best advice to direct your finances so that you can live your best life, we give you a technology roadmap and best advice so you can do your best work.
When we talk about roadmaps, just like a real map, it is forward looking and proactive. As such, our services help to reduce the number of support calls for our clients and everyone’s life gets better. Because no one enjoys being on hold listening to elevator music.
In our smaller client environments, we do occasionally help manage their endpoints. However, we do this very differently from MSPs. Instead of deploying RMM tools to centrally manage all of our clients, every single one of our client environments is a stand-alone. We do not install any management tools or agents such as SolarWinds or Keseya. Instead, each client environment would be managed independently as if there was internal IT.
Why is this better? Without an RMM tool or monitoring agent, and having an entirely independent environment means when you choose to disengage from our services there is nothing you need to uninstall. Because your security patching is handled internally, should we exit your environment, we don’t leave you with unmanaged devices whose management tools were pulled off leaving you to scramble to modify your IT processes.
As well, without an RMM tool or agent, our clients are not subject to a supply chain attack with us at the epicenter of the crisis. A breach at one client will not affect another this way.
In essence, for our small to medium-sized clients, we are their internal IT, without needing to pay for full-time staff (and all the legal compliance with HR that goes with it).
Have you ever had to make an important decision and wish you had someone knowledgeable to ask for advice? Well, that’s us when it comes to the world of IT.
So, if expert advice, proactive technology roadmap, and cost savings are what you're looking for, contact us!