Open Forem

Cover image for Solved: How to look for a good MSP
Darian Vance
Darian Vance

Posted on • Originally published at wp.me

Solved: How to look for a good MSP

#devops #programming #tutorial #cloud

Choosing the right Managed Service Provider (MSP) is critical for IT efficiency and business growth. This guide details how to define your needs, rigorously vet potential partners, and navigate complex contracts to secure an MSP that truly aligns with your organizational goals.

The Quest for a Good MSP: Symptoms of IT Discontent

In today’s fast-paced digital landscape, IT infrastructure is the backbone of almost every business. When that backbone falters, the symptoms are clear and costly. Many organizations find themselves seeking an MSP not out of luxury, but out of necessity, often driven by a series of persistent IT headaches.

Common Symptoms Indicating a Need for a Better IT Partner:

  • Reactive IT Support: Your current IT solution (whether in-house or outsourced) only responds when something breaks, leading to unplanned downtime and frantic fire-fighting.
  • Unpredictable Costs: IT expenses are a constant surprise, with hourly rates for every issue, making budgeting nearly impossible.
  • Lack of Specialized Expertise: Critical projects involving cloud migration, advanced cybersecurity, or specific compliance frameworks are stalled due to an absence of in-house or current vendor expertise.
  • Frequent Downtime and Data Loss Concerns: Systems crash, data isn’t reliably backed up, and disaster recovery plans are non-existent or untested.
  • Poor Communication & Slow Resolution: IT issues linger, and you’re left in the dark about progress, feeling unheard and undervalued.
  • Security Vulnerabilities: Constant worry about cyber threats, inadequate endpoint protection, and a lack of proactive security posture.
  • Absence of Strategic IT Planning: IT is treated as a cost center, not a strategic asset, with no clear roadmap for technological growth or competitive advantage.

These symptoms are not just minor annoyances; they directly impact productivity, profitability, and reputation. Recognizing them is the first step toward finding an MSP that transforms your IT from a liability into a strategic advantage.

Solution 1: Defining Your Unique Needs and Scope

Before you even begin to interview potential MSPs, the most critical step is to clearly define what you need. A good MSP is a partner that aligns with your specific business objectives, not just a vendor offering a generic service package. This clarity will save you significant time and prevent misalignment later on.

Key Steps to Define Your Requirements:

  • Identify Current Pain Points and Priorities: Start by documenting the specific IT challenges you face daily. Are you struggling with network latency, cybersecurity threats, slow helpdesk response, or compliance?

Example: A small architecture firm’s top pain points might include slow CAD software performance, unreliable access to project files hosted on a local server, and a complete lack of off-site backup for critical design data. Their priority would be system stability, data integrity, and swift support for design applications.

  • Inventory Critical Systems and Applications: Create a comprehensive list of all your essential hardware, software, cloud services, and network infrastructure. Don’t forget proprietary applications vital to your business operations.

    • Servers (on-prem, cloud VMs)
    • Workstations (desktops, laptops)
    • Networking equipment (firewalls, switches, access points)
    • Key applications (ERP, CRM, specialized industry software like SolidWorks, Adobe Creative Suite, AutoCAD)
    • Cloud services (Microsoft 365, Google Workspace, AWS, Azure, SaaS platforms)
    • Telephony systems (VoIP, PBX)

  • Determine Required Service Categories: Based on your inventory and pain points, specify the exact types of services you expect from an MSP.

    • 24/7 Monitoring & Alerting: For servers, network devices, and critical services.
    • Helpdesk Support: Tiers of support (L1, L2, L3), hours of operation, and communication channels.
    • Cybersecurity: Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), vulnerability management, security awareness training, dark web monitoring.
    • Backup & Disaster Recovery (BDR): On-site, off-site, cloud backups, defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
    • Cloud Management: Optimization, security, and administration of public cloud environments.
    • Network Management: Firewall rules, VPNs, Wi-Fi management, performance tuning.
    • Strategic IT Consulting (vCIO): Technology roadmap, budget planning, vendor management.
    • Compliance Assistance: GDPR, HIPAA, PCI DSS, ISO 27001, etc.

  • Establish Budgetary Guidelines: Be realistic about what you can afford, but also understand the cost of doing nothing or getting sub-par service. A good MSP is an investment, not just an expense.

Solution 2: Rigorous Vetting and Technical Due Diligence

Once you have a clear picture of your needs, the next step is to evaluate potential MSPs with a critical eye. This goes beyond a superficial sales pitch; it requires deep dives into their technical capabilities, operational processes, and client success stories.

Key Aspects of the Vetting Process:

  • Client References and Case Studies: Always request references from clients similar in size and industry to yours. Ask specific questions about their experience, particularly concerning issue resolution, communication, and proactive recommendations.

    • What was the most challenging IT issue you faced, and how did the MSP handle it?
    • How often do you have strategic IT review meetings (QBRs), and are they valuable?
    • Has the MSP helped you achieve specific business goals through technology?

  • Technical Capabilities and Tooling: A reputable MSP invests heavily in its technology stack. Inquire about the specific tools they use and how they leverage them.

    • Remote Monitoring & Management (RMM): Tools like ConnectWise Automate, Kaseya VSA, or NinjaOne are essential for proactive monitoring, patch management, and script deployment.
    • Professional Services Automation (PSA): ConnectWise Manage, AutoTask, or HaloPSA are used for ticketing, billing, and project management.
    • Endpoint Detection and Response (EDR): Solutions such as SentinelOne, CrowdStrike, or Microsoft Defender for Endpoint for advanced threat detection and response.
    • Backup & Disaster Recovery (BDR) Solutions: Veeam, Datto, Acronis are common for robust data protection.
    • Network Monitoring Tools: PRTG, SolarWinds, or specialized firewall monitoring.

Example Question to an MSP: “Beyond simply deploying an EDR solution, how do your security analysts manage, triage, and respond to alerts? Can you provide a high-level overview of your SOC/NOC operations?”

Example of a potential diagnostic output an MSP might use to demonstrate capability (hypothetical scenario): While not a command you run, an MSP might show you logs or reports generated by their tools. For instance, demonstrating network health monitoring:

  Network Device: Core-Switch-01
  Status: Online
  CPU Utilization: 12%
  Memory Utilization: 45%
  Port 24 (Uplink to Firewall):
      Status: Up
      Bandwidth In: 120 Mbps
      Bandwidth Out: 85 Mbps
      Errors/Drops (24h): 0
  Critical Services Monitored: DNS, DHCP, AD, ERP_DB
  Service Status: All services healthy.
Enter fullscreen mode Exit fullscreen mode

This demonstrates they monitor key metrics proactively, not just wait for an outage.

  • Team Expertise and Certifications: Ask about their team’s qualifications. Do they have certifications relevant to your technology stack (e.g., Microsoft Azure Administrator, AWS Solutions Architect, CCNA, CISSP, CompTIA Security+)? This indicates a commitment to professional development and deep technical knowledge.
  • MSP’s Own Security Posture: How does the MSP protect itself and, by extension, your data? Do they follow best practices? Are they SOC 2 compliant? Do they perform regular security audits on their own systems?
  • Reporting and Communication Frequency: How often will you receive performance reports? What metrics are included? How do they conduct Quarterly Business Reviews (QBRs) and translate technical jargon into business-relevant insights?

Comparison: Reactive Break/Fix vs. Proactive Managed Services

Understanding the fundamental difference between these two models is crucial when selecting an MSP. While break/fix seems cheaper upfront, its hidden costs and risks are substantial.
Feature Reactive Break/Fix Proactive Managed Services
Cost Model Hourly rates, per-incident charges; highly unpredictable and escalates with problems. Fixed monthly fee, predictable IT budget; includes proactive maintenance and monitoring.
Approach to IT Only intervenes when a system fails or an issue arises. Continuously monitors, maintains, and optimizes systems to prevent issues before they occur.
Impact on Downtime Potentially significant, as issues must occur and be reported before resolution begins. Minimized through preventative measures, rapid automated alerts, and swift resolution.
Strategic Value Minimal; no long-term planning, focus is solely on immediate repairs. High; includes virtual CIO (vCIO) services for technology roadmap, budget planning, and strategic alignment.
Security Posture Often an afterthought; security services are typically add-ons or only address immediate threats. Integrated, continuous threat monitoring, patch management, vulnerability assessments, and robust incident response.
Relationship Dynamic Transactional; focuses on fixing individual problems. Partnership; alignment with business goals, continuous improvement, and technology guidance.
Productivity Often hampered by recurring issues and unplanned outages. Enhanced by stable systems, optimized performance, and reliable support.

Solution 3: Deciphering Contracts and Support Models

The contract is more than just legal boilerplate; it’s the operational blueprint of your partnership with an MSP. Understanding its nuances, particularly Service Level Agreements (SLAs) and scope, is paramount to avoiding future disagreements and ensuring your expectations are met.

Critical Contractual Elements to Review:

  • Service Level Agreements (SLAs): These are non-negotiable. Ensure they are clear, measurable, and align with your business’s operational needs. Look for specifics on:

    • Response Times: How quickly will the MSP acknowledge a ticket? (e.g., 15 minutes for critical, 1 hour for high, 4 hours for medium).
    • Resolution Times: What are the targets for resolving issues based on severity? (e.g., 4 hours for critical, 8 hours for high).
    • Uptime Guarantees: For critical infrastructure (e.g., 99.9% network uptime).
    • Escalation Paths: A clearly defined process for escalating issues that aren’t being resolved satisfactorily.

Example SLA Configuration to expect clarity on:

  // Defined Service Level Objectives (SLOs)
  // Critical Incident (P1): System down, major data loss, business impact severe.
  SEVERITY_P1: {
      DESCRIPTION: "Critical System Outage / Data Loss",
      TARGET_RESPONSE_TIME: "15 minutes (Initial Contact)",
      TARGET_RESOLUTION_TIME: "4 hours (Best Effort for Root Cause/Workaround)",
      COMMUNICATION_FREQUENCY: "Every 30 minutes until resolved",
      ESCALATION_PATH: "Helpdesk Tier 1 -> Tier 2 -> On-Call Engineer -> Service Manager"
  }

  // High Incident (P2): Significant impact, but not total outage.
  SEVERITY_P2: {
      DESCRIPTION: "Major Functionality Impaired",
      TARGET_RESPONSE_TIME: "1 hour",
      TARGET_RESOLUTION_TIME: "1 business day",
      COMMUNICATION_FREQUENCY: "Every 2 hours",
      ESCALATION_PATH: "Helpdesk Tier 1 -> Tier 2 Lead"
  }

  // Low Incident (P3): Minor issue, workaround available.
  SEVERITY_P3: {
      DESCRIPTION: "Minor Issue / Request",
      TARGET_RESPONSE_TIME: "4 hours",
      TARGET_RESOLUTION_TIME: "3 business days",
      COMMUNICATION_FREQUENCY: "Daily"
  }
Enter fullscreen mode Exit fullscreen mode

  • Inclusions and Exclusions (Scope of Work): This is where many businesses get surprised. Ensure a crystal-clear definition of what is covered under the monthly fee and what constitutes additional, billable project work. Common exclusions might include:

    • Major hardware upgrades or replacements.
    • New software license purchases.
    • Development of custom applications.
    • Extensive project work (e.g., office moves, large-scale migrations).
    • On-site support beyond a specified frequency or travel radius.

Always ask for examples of what would be considered “in scope” versus “out of scope” for specific scenarios.

  • Onboarding and Offboarding Processes: A smooth transition is vital. Inquire about the onboarding plan – how will they learn your systems, deploy their tools, and integrate with your team? Equally important are the offboarding terms: What happens to your data, configurations, and documentation if you decide to switch MSPs? Ensure data portability and access to your historical records.
  • Contract Length and Termination Clauses: Be wary of overly long contracts (e.g., 3+ years) with punitive early termination fees. Look for reasonable terms, ideally with annual renewals or clear exit strategies. Understand notice periods for termination.
  • Billing and Payment Terms: Confirm the billing cycle, payment methods, and any late payment penalties. Ask about any potential hidden fees or charges that aren’t explicitly outlined.
  • Regular Reviews and Reporting: The contract should stipulate regular performance reviews (e.g., Quarterly Business Reviews – QBRs) where the MSP presents performance metrics, strategic recommendations, and budget discussions. This ensures ongoing alignment and accountability.

By meticulously defining your needs, diligently vetting potential partners, and thoroughly understanding the contractual obligations, you can confidently select a Managed Service Provider that truly acts as an extension of your team, driving your business forward with reliable, secure, and strategic IT support.

Darian Vance

👉 Read the original article on TechResolve.blog

Top comments (0)