There is a lot of confusion about Managed Services, and what a Managed Service Provider does for your business. If you’re already over this learning curve, your next question is probably “How do I trust an MSP?”
It’s a double-edged sword. Your current IT environment is clearly not meeting your business needs if you are considering a Managed Services Provider. But, despite this pain point, you don’t know whether a potential MSP is trustworthy. We know it is intimidating to allow an outside party into your IT, which—in an increasingly remote world—could be the core of your business.
There are signs to look for in a trustworthy MSP, and we are here to walk you through them.
The Presales Process
Before you even agree to work with a Managed Services Provider, there are signs to look for in the presales process. In initial meetings with a potential MSP, note how thoroughly they answer your questions. Are they giving you detailed answers to ease your concerns, or are they dodging your questions and providing vague responses?
You should also pay attention to the direction of your conversations. Any presales interview should be a combination of both business and technical discussions. Do the questions asked by the provider reflect the desire to thoroughly understand your business needs? How many times do they need to come back to get “one more piece of information” from you? How involved do they want to be with your business?
The last presales sign is the length of time it takes a potential MSP to get you a proposal. Is it a couple of days, or is it weeks? A few days is acceptable. A few weeks is a red flag.
A Managed Services Provider that passes the pre-sale vet is not guaranteed to be a good fit for you, however, you can assume that an MSP who leaves you with questions and concerns during the presales interview will have you feeling in the dark once you’ve entered an agreement.
Once you’ve read through your potential MSP’s proposal, and have reviewed your Managed Services Agreement, you should understand what it says. If you are left confused, it’s a red flag. If your potential MSP is unable to explain it to you, an even bigger red flag. A trustworthy provider will distill their services into clear concepts that a less technical person understands.
After reading your proposal and agreement, there are a few questions you should ask. Do you know what you’re getting? Do you know what you’re not? Do they provide the ability to customize services to fit your business? A provider with a “one size fits all” agreement is focused on their payday, not customer service.
A provider with confidence in their services will not lock you into a long-term contract without some simple exit clauses. If you are unable to quit your contract during its term, or without substantial penalties, they might not be a provider you can trust. For example, PEI has a 30-day cancellation notice with no fees. Your contract should be equitably written with a balance of protections for both you and the provider.
Their Service Team
Part of your vetting process should include understanding the types of talent that will be working for your company. How many technical people will be working for you? Do they provide a technical champion that’s invested in being your primary point of contact? Do they have an efficient way to escalate complex issues to senior technical staff? You deserve to know who will be working with your company and what their processes are. This understanding will help build a level of trust between you and your Managed Services Provider.
Customer service is key in developing trust with any MSP. If the provider has long-term employees, they probably have good sense about quality service. If your provider outsources part or all of their engineering talent, you will have to decide how comfortable you are with another outside party working on your systems. Ask your provider about who you will be working with, their technical qualifications, years in the industry, and time with the organization. If the people you’re going to work with are the types of people you would hire, then you have a green flag. You need to trust your provider as a whole, which includes trusting them on an employee level.
If a provider has a lot of employee turnover, or if individuals don’t have a breadth of technical skills, you can be certain you’ll be bounced around and issues will take a while to be resolved. This will only leave you questioning your trust for your MSP.
Tools and Documentation
Asking your provider about the tools and documentation they provide is a good indicator of whether you can trust the provider. You want to know your provider is reliable and their processes will work to support your business. Do they provide a couple of ways to open a support ticket? Is there a portal or platform that allows you to see your open tickets and their status? Does the provider use a management platform that addresses incidents, proactive services, and automated repairs and patching? A trustworthy provider will document their work and will not close tickets without a successful resolution.
A quality organization will also help your business with projects and may offer vCIO services. They’ll have a team that specializes in architecture, design, and integration, and this project team will work closely with the service and support team.
A trusted MSP should have a periodic process for a high-level review of your organization and the services that have been provided during that period. A good MSP will also point out services you are paying for, but not using. This reporting may take place in the form of a Quarterly Business Review.
Finally, an MSP should offer an avenue for feedback. Your potential MSP should poll for satisfaction and make people available to escalate concerns to. By listening to customer feedback, and establishing lines of communication with clients, MSPs demonstrate the work they put forth to establish a trusting relationship with clients.
How can you trust a provider that does not prioritize your organization’s security? You can’t.
With the number of cyber attacks on the rise, your new service provider must have security at the top of their list. You need to be certain that the tools and resources they use to connect to your organization are not going to serve as a conduit for an attack.
Confirm that your potential provider has cyber insurance and can indemnify you should a breach come through their organization. This extra step to protect you and your business marks a trustworthy MSP. Any trustworthy provider is also going to have incident response plans to assist you should a cyber event arise, regardless of its origin. With the prevalence of cyber events, almost every legitimate service provider has helped customers through difficult times. However, any provider that has already been a conduit for an attack on their customers needs to be scrutinized. It likely means they haven’t taken their security seriously and have failed to invest in resources to secure their own environment. How can you trust a provider to protect your IT environment if they cannot protect their own?
Aside from trusting an MSP to protect your business from cyber attacks, you will also need to trust them with your most important data. How can you trust your service provider with an admin password to your most important systems? How can you trust that your new service provider isn’t going to expose your sensitive information to the wrong people?
Take the time to understand how a potential provider will secure your passwords and data. The more you can learn about an MSP’s security practices, the more secure you will or will not feel with them accessing your IT environment. Ask your provider for specifics on their tools and policies. If the provider cannot clearly explain their security and demonstrate how it works, you should be hesitant to trust them with your IT. They should have formal policies that address what data they have access to, who has access to it, and how it’s secured. You should always know who has access to your most important data.
You should also ask your potential provider if their employees sign NDAs. If they do not, ask if they are willing to sign an NDA before entering a business relationship with you. This added protection will demonstrate an MSP’s commitment to protecting your information and ensuring you feel secure in your IT environment.
Do your homework on a potential service provider. How long have they been in business? Can they provide references? How long do customers stay with them? If they have a lot of client turnover, it’s a telltale sign that their services are poor, and they cannot be trusted.
Most of this research can be done online and through social media. Organizations unhappy with their MSP do not tend to be shy with their criticisms. Take the time to do your research. If a number of customers leave poor reviews, or you cannot find any reviews for your provider, red flag.
A good service provider with happy customers is going to have plenty to say about their successful mission. In a presales interview, look for a provider who is proud of the work they do, not only giving you a rehearsed sales pitch.
Trust is a Two-Way Street
We cannot promise you that any Managed Services Provider who meets the criteria above will be trustworthy, but if a potential provider does not provide these signs of trustworthiness, it’s a sign to run for the hills. A good MSP will put forth an effort to make you feel comfortable bringing another party into your business and your IT environment. You MSP should work to build trust, not just sell themselves to you.
Trust is a two-way street, so you and your MSP will need to work together to establish a relationship based on trust. Without trust, you will not feel comfortable granting an outside organization access to your most vulnerable data. If you need to know what it means to work with a trustworthy MSP, PEI meets all the criteria in this article. Contact us today to get started!
Tim Krueger, PEI