How to Choose a Managed Services Provider

Posted by & filed under List Posts.

What is an MSP?


In the interest of information security and staying focused on core competencies, many companies choose to work with managed services providers (MSPs). An MSP is an organization that manages the computing needs of customers. Services are performed at a distance and often funded by a subscription, a fee charged each month, although other billing models (such as hourly rates) are sometimes available.


It is also common for credible managed service providers to supply potential customers with a service-level agreement (SLA), a legal document listing parameters of the business arrangement, such as quality and performance expectations.


7 Tips to Choose the Right MSP


There are plenty of companies in this market, so you’re sure to find many options when you need a managed service; but working with the right partner can impact not only security but also key growth factors such as reliability and scalability. Beyond the prerequisite of an SLA, what other criteria do managed services providers need to meet to earn your business? Here are a few tips for selection:


#1 – SLA should be based on performance.


One main benefit you have with a managed services provider is that you can make demands: the MSP has to live up to the stipulations of the contract (i.e., the SLA). Service providers are used to the fact that businesses want the level of control of knowing that they are protected if the services are not provided at a reasonable level of quality. Service providers that are serious about serving their customers will not flinch at having to reimburse customers if their services fall below the levels stipulated in the contract.


#2 – Thorough range of services


There is by no means a rule that you must get all your IT managed services from one provider. However, with the excessive administrative, communication, and other maintenance needs of additional relationships, and with the growing concern of cloud sprawl, it’s nice to know that you can get a full range of services through one catch-all partnership.


Along similar lines, a provider should be able to manage systems manufactured and developed by a spectrum of vendors. With that breadth of knowledge, a highly qualified MSP will be able to customize what it provides as a trusted advisor to each individual customer – handling each one’s diverse elements and concerns.


#3 – Security


A high-priority concern for businesses, data security is also a primary area of computing investment. What is the scope of that concept of security? Here are five of the main areas that must be monitored to maintain a legitimately secure environment:


  • User security – Involves the end users (customers, employees, etc.) accessing your network; their email use and other actions; and their login details
  • Data security – Involves all your information that is in archives or storage (mapped drives, file shares, emails, etc.)
  • Endpoint security – Involves the company’s smartphones, tablets, laptops, workstations, and servers
  • Infrastructure security – Involves the infrastructure and network components (beyond the servers), ranging from firewalls to switches to routers
  • Physical security – Involves physical access to your grounds, facilities, and data centers or technology areas.


The best indicator that a company has sufficient checks and balances in place to achieve a broad range of data protections is the achievement of compliance with respected third-party standards. The most meaningful form of compliance that you can see in a provider is Statement on Standards for Attestation Engagements No. 16 (SSAE 16) Type 2, “Reporting on Controls at a Service Organization,” a standard developed by the American Institute of CPAs (AICPA).


#4 – Preventive management


A managed services provider should not just be keeping your company safe moment-by-moment but give you a strategic stance so that you’re protected for the future. Beyond simplistic monitoring of your system, an excellent MSP will leverage advanced predictive analysis, scanning failure patterns throughout environments and processes. Seeing that your provider is using cutting-edge methods and technologies, such as combining hands-on monitoring with automated programs to control quality, tells you that you are safeguarded and that the provider is continually refining its systems.


A strong provider will be of more use to you if they have a specialized understanding of their niche that clarifies the market – and may even help point the way to new business for your firm.


#5 – Financial stability


Relying on another company for IT services is common, but it is always scary – because you don’t know if they will be around next year. Check how many years the company has been in business. Similarly, make sure that it is backed by people with strong experience. A transparent presentation of authority through leadership biographical information gives you a sense of who is in charge and what kind of track record they have in making decisions related to managed services.


#6 – Use of best practices & expertise


Just as you can get a sense of controls and security through a third-party SSAE 16 audit, you want to know that the MSP is following standardized procedures and best practices in areas such as problem management, capacity, configuration, and report generation.


The provider should have knowledge that extends beyond conventional operating system maintenance. They should understand and be able to help you with cloud, virtualization, mobility, integration, security, high availability, networking, middleware, and databases.


#7 – Consolidated service portal


The managed services provider should give you paperwork related to policies and procedures. They should also have a library of knowledge based on previous customer issues and solutions so that fixes can be implemented immediately in the event of a crisis. You also want a user interface that shows you all your services through one intuitive admin panel.


Example Security Challenge: Law and Change


Since improved security is a core reason that companies use managed service providers, it helps to look directly at that aspect with a sample scenario.


One industry in which companies tend to take a particularly strong defensive posture toward data breach (for obvious reasons) is law. However, even in that highly confidential field, firms have trouble getting complete sign-on with security protocols.


Fundamentally, security improvement requires operational changes. Safeguards slow down the flow of business, which is why the typical reason someone will argue against a protection is that it is tedious or inconvenient.


One specific change that a law firm might put into place is two-factor authentication (2FA) so that there is an additional step beyond the password to log in. That could be a temporary, unique token, or a short numerical code from your smartphone. 2FA is a perfect example of security steps slowing down the process just a bit – which it why it’s important for users to understand why the decrease in speed is worth it.




Given the concern with security and general ease of doing business, many companies decide that they want to work with a managed services provider. Does that describe your organization? Hopefully, the above advice smooths this transition.


If you want to look at a potential MSP partnership now, you can review our offerings. At Total Server Solutions, with an entire platform of ready-built and custom-engineered services that are powerful, innovative, and responsive, you can trust that all our decisions are driven by our relentless desire to help you succeed. See our individual managed services.