Our role is to be security advisors to organizations, some of whom outsource their IT services. Executives sometimes express their frustration and ask us whether to fire a Managed Service Provider or third-party IT consulting company that handles all aspects of their IT needs. We always listen to the executive and ask them about specific experiences. 99% of the time, organizations are better off sticking with their existing provider, and here are some reasons.
An exception will be if you feel held hostage by them, or if there is some other outstanding reason they’ve failed you. Yes, we’ve seen horror stories. In those extreme cases, the executives had already decided to fire their outsourced firm.
When we perform cybersecurity consulting, unless the executives ask us to approach it differently, we give the outsourced firm the benefit of the doubt that their intentions are always to provide you with the best service possible. If we encounter a grave security mistake, that’s one purpose of the audit – for us to catch things like that so your IT providers can fix it. We almost always find at least one gaping hole, which is our specialty. After all, third-party IT companies are responsible for many aspects of your IT operations, while our focus is cybersecurity. Once outsourced IT firms realize we’re there to help and not replace them or their services, they relax, welcome input, and ask questions about the best way to protect you.
If you move to a new provider, there could be a steep learning curve before they can serve you at the same level. Keep in mind that your IT provider is already familiar with your systems and understands the unique challenges you face. Unless their turnover is high, the professionals that serve you know your team members and maintain a friendly, professional working relationship with them.
If you consider changing providers because some well-meaning person says you have the wrong brands of products, find out if their personal bias is evidence-based. If the specific solution your provider prefers meets all the functionality criteria, it is almost always best to allow your IT Professionals to select brands and vendors they like. They typically prefer particular brands and solutions for important reasons.
For example, their engineers might be most familiar with Cisco, Juniper, SonicWALL, WatchGuard, or one of the many other firewall brands. Most brands, if configured properly, will serve you well. As with automobile repairs, you want a technician familiar with your car’s brand. If you ask your outsourced IT company to support an unfamiliar product, you’re putting them in an uncomfortable position. They want to consistently produce excellent outcomes for you, and if you insist that they support a brand they are unfamiliar with, you could be setting them up for failure.
Your outsourced IT firm almost certainly has you set up with specific vendors for your anti-virus, anti-spam, backup solution, etc., because they have automated tools that allow them to monitor and manage your solutions. That efficiency of scale facilitates them taking optimum care of you. Deviating from their standard brands creates unnecessary expense and frustration. For this reason, if you do decide to change providers, prepare yourself for needing to replace some of your software and hardware to conform to the new IT provider’s preferred configuration.
If your provider is too slow to respond, perhaps they’re understaffed but have an expedited service option you could invest in to get priority access to their best engineers. Or maybe they have a different brand or product solution that permits them to use streamlined tools, but you’re still using products a previous IT firm installed.
Without knowing the brands you are using, I cannot say if you’ve got great ones. I can share that most brands have excellent products and solutions that work well when appropriately configured by knowledgeable professionals who’ve proven their proficiency by earning certifications on those brands.
Executives sometimes ask if they should seek a cheaper provider. We rarely see third-party IT companies overcharging for services. They are aware of the competitive nature of their business. Consider how much it would cost you if all your systems were down, and the investment you pay your IT support firm is probably worth it.
Yes, your IT provider might be priced higher, but consider their level of professionalism too. Are they quick to reply when you need them? Do they fix issues the first time?
It can be an excellent sign if you feel you don’t need your provider because you never have any problems. That can indicate that your IT firm is taking such good care of the inner workings of your systems that everything runs smoothly for you. If you did terminate your IT provider, things could start falling apart slowly, without being observable, until everything stacks up to the point when you suffer a disaster.
If you wonder if they are competent, consider asking them for a list of certifications they’ve earned from Microsoft, Cisco, or the brands and technologies they provide and support for you. If they’re not certified, encourage them to take the training and pass the tests. Certifications often involve significant expense and time, so don’t expect them to earn the credentials overnight. Passing the certificate will be a breeze if they’re already knowledgeable about the products they support. And during the training, they might find new ways to help your organization without you needing to buy more stuff. Everyone benefits.
Your firm may not have top-level cybersecurity certifications. Cybersecurity is a complicated and rapidly evolving field that requires intense specialization. We never have expectations that third-party computer services companies know everything there is to know about cybersecurity. We expect them to be open to cybersecurity recommendations. We’re thrilled to discuss and answer their questions as they tune the solutions from brands they sell and support.
As cybersecurity advisors, it is rewarding to see and facilitate, if necessary, our customers strengthening their relationship with their MSPs and other third-party IT firms. Sometimes it is a matter of us helping you identify the pros and cons of the add-on cybersecurity packages your provider offers. Or, if their package isn’t the perfect fit, sometimes you can negotiate the offerings to get the best solution.
Please forward this to your friends if they wonder if they should change to a new outsourced IT consulting firm. As long as they’re well-staffed, competent, and professional, there are many advantages to staying with the company with whom they have an established working relationship.