5 Tips For Working With A Managed Service Provider

SMBs often rely on outside IT help. Here's how to get the most out of relationships with third-party providers.

By Kevin Casey, Information Week, September 13, 2011

It's no secret that smaller businesses often need a bit of outside help to get things done. That's why many of them outsource at least part of their IT function to managed service providers (MSPs) or similar firms.

But outsourcing doesn't--or at least shouldn't--mean forgetting about IT entirely. As with any other productive business relationship, small and midsize businesses (SMBs) can take some relatively pain-free steps to ensure they get the most out of their MSP. In an interview, Vince Plaza, VP of information technology at TeamLogic IT, served up five tips for doing just that. Plaza's firm is a national IT provider that focuses on SMBs.

1. Develop trust by asking questions. For some SMBs, the appeal of managed IT services is the ability to offload a critical business need and focus finite resources elsewhere in the company. But owners and executives that completely turn off their brain's tech sector are setting themselves up for frustration. Plaza said trust between company stakeholders and the MSP is key--and notes that trust is built, not bought. The most straightforward path to an honest relationship: Ask questions of any prospective MSP early and often.

What kind of infrastructure, applications, and other technologies do they typically support? What kind of tools do they use internally for things like helpdesk and other functions? Are their written agreements easy to read? How do they respond to different types of customer requests? And so forth. Don't just take answers at face value: Do a bit of homework (the Web makes this fairly easy) to ensure you understand and are comfortable with their approach. Don't worry--you need not get stuck in the weeds.

"I would like to find out from the partners I might be engaging with: What are you using to deliver this to me?" Plaza said. "I don't need the gory details."

An example: If you're potentially interested in desktop virtualization, ask prospective MSPs if and how they support virtual desktop infrastructure (VDI). They might only support certain vendors--say VMware, but not Citrix or Hyper-V--or might not have much VDI expertise at all. Better to find that out now. For some SMBs, the appeal of managed IT services is the ability to offload a critical business need and focus finite resources elsewhere in the company. But owners and executives that completely turn off their brain's tech sector are setting themselves up for frustration. Plaza said trust between company stakeholders and the MSP is key--and notes that trust is built, not bought. The most straightforward path to an honest relationship: Ask questions of any prospective MSP early and often.

2. Treat your MSP as a virtual CIO--even if you are the CIO. you are the CIO. For some SMBs, the decision to outsource is fairly simple because there is no internal IT department. For others--especially growing and midsize firms--there's likely at least one (if not more) people charged with managing the company's technology. Don't let that cause territorial fears around job security--this inevitability leads to negative outcomes.

Clearly define roles and responsibilities up front. A good MSP will be will be willing to defer to an in-house IT executive, without stepping on toes. Let them know how they can best do that. Plaza gave as examples work overflows, vacation coverage, and other supporting roles--or the "call on us when you need us" approach. Avoiding an adversarial position from the outset will give the MSP a chance to prove its value--and if it doesn't, you'll be able to make an informed, well-reasoned change.

3. Communicate on a regular basis. Speaking of open communication: Plaza recommends meeting on a regular basis. This doesn't mean daily or even weekly--you can still realize the upside in outsourcing and focus your energies elsewhere. But treat your MSP in a similar manner to an internal department. Keep them in the loop as appropriate about strategic plans, changes, and other information that could impact the company's technology needs. Doing so enables the MSP to anticipate and adapt rather than constantly play catch-up. Plaza suggested monthly or quarterly reviews, though the timetable will depend on your business. Speaking of open communication: Plaza recommends meeting on a regular basis. This doesn't mean daily or even weekly--you can still realize the upside in outsourcing and focus your energies elsewhere. But treat your MSP in a similar manner to an internal department. Keep them in the loop as appropriate about strategic plans, changes, and other information that could impact the company's technology needs. Doing so enables the MSP to anticipate and adapt rather than constantly play catch-up. Plaza suggested monthly or quarterly reviews, though the timetable will depend on your business.

"Make sure that things are running fine, the managed services are delivering what they're supposed to, and that any issues that have come up are addressed," Plaza said. "Also use that as an opportunity to discuss: What's the next phase of your business?"

4. Prioritize security. According to Plaza, one of the biggest technology risks inside SMBs today is security--or lack of it. Among other problems, this can lead to the MSP spending countless hours addressing security issues that result from a lack of awareness or care. They could be using those resources in more strategic ways on your behalf.

"The SMB owner has to have some level of comfort with security and wanting to bring to their business the type of security that typically you'd see in the large enterprise," Plaza said.

He doesn't mean you have to spend money like a larger company, but rather adopt similar policies and procedures. Even if you outsource some or all of your IT needs, smart security starts internally. (Don't know where to start? Consider these four basic steps toward better security.) According to Plaza, one of the biggest technology risks inside SMBs today is security--or lack of it. Among other problems, this can lead to the MSP spending countless hours addressing security issues that result from a lack of awareness or care. They could be using those resources in more strategic ways on your behalf.

"The SMB owner has to have some level of comfort with security and wanting to bring to their business the type of security that typically you'd see in the large enterprise," Plaza said.

He doesn't mean you have to spend money like a larger company, but rather adopt similar policies and procedures. Even if you outsource some or all of your IT needs, smart security starts internally. (Don't know where to start? Consider these four basic steps toward better security.)

5. Act fast if problems surface. Ideally, regular communication will minimize potential problems with your outside IT provider. But things never go perfectly to plan, do they? If issues do arise, address them immediately with the provider. "Bring it up right away so that the MSP has some way of looking at the situation--and the proper amount of time to provide answers and mitigate whatever it was," Plaza said.

Raising issues quickly and escalating--and giving them an appropriate amount of time to be resolved--will often lead to a positive resolution. And if it doesn't, you--and the MSP--will have hard evidence that it might be time to explore other options.

"Hopefully, it doesn't get to that point," Plaza said. "When it does, you've done what you can to ensure it's an amicable split and you can fire your MSP without incurring a lot of pain."

Ideally, regular communication will minimize potential problems with your outside IT provider. But things never go perfectly to plan, do they? If issues do arise, address them immediately with the provider. "Bring it up right away so that the MSP has some way of looking at the situation--and the proper amount of time to provide answers and mitigate whatever it was," Plaza said.

Raising issues quickly and escalating--and giving them an appropriate amount of time to be resolved--will often lead to a positive resolution. And if it doesn't, you--and the MSP--will have hard evidence that it might be time to explore other options.

"Hopefully, it doesn't get to that point," Plaza said. "When it does, you've done what you can to ensure it's an amicable split and you can fire your MSP without incurring a lot of pain."

http://www.informationweek.com/news/smb/services/231601302

We give you expertise at whatever level your business requires, and with our national  network, we give you the benefit of a deep knowledge base and professionals in many locations.  On the local level, we give you great customer care and communication. Piece of mind...isn't that priceless?

For more information, contact Jon Simms at  MountainViewCA@TeamLogicIT.com or visit  www.teamlogicit.com/MountainViewCA.

The Real Cost of System Downtime

by Jon Simms, President of TeamLogic IT of Mountain View, CA

If your computer systems stopped working at this very moment, how long would it take before your business operations came to a screeching halt? If your organization doesn’t have a quality technical resource, it wouldn’t take long. From the loss of email and Internet applications to a potential interruption in communications (i.e. phone, instant messaging and teleconferencing), a breakdown in computer systems can be extremely counterproductive and costly to your business.

 Outages are an Operations Cost

The day-to-day responsibility of these systems may lie with your IT team or service provider, but the ultimate accountability rests with a business’ management team. The company’s leadership needs to be committed to a proactive technology plan, with contingencies built in to ensure the organization remains productive at all times. By minimizing downtime, the organization can employ its people and resources more efficiently; which is especially crucial in competitive markets and industries. A proactive technology plan allows the management team to focus on parts of the business that will help grow revenue and profits!

How much does an hour of downtime cost your company? The exercise below starts with a calculation of the combined hourly wage (Don’t forget to include the benefit packages) of all the organization’s employees. This price may vary by hour of the day (shift staffing), so adding that step can be helpful. Then you can determine the hourly rate for other business expenses, by dividing those fixed and variable costs by the hours in your operating day. This information should be easy to obtain from your human resources department and accounting software (or accountant).



What is the Productivity Cost in $$?

When you consolidate these hourly rates into a single operations cost, it illustrates the business expense incurred by shutting down for the day but still paying all your employees. While a complete company shutdown is typically associated with a catastrophe or freak storm, a computer system failure could bring about a similar productivity loss. The calculated hourly operations rate is essential to understanding the value of proactive business system management. If a new service can reduce your downtime significantly, how much is that worth to your organization? That investment may be hard to justify unless you’ve experienced a severe outage in the recent past, but each business still should understand the potential liability of such a disruption. Here is an example of this calculation:

Business Expenses (all numbers monthly)

Employee wages/salary per month $30,000

Rent $7,000

Utilities $2,000

Other business expenses $7,500

Total $46,500
Divide by monthly hours of operation $46,500/200= $232.00 per hour

This example demonstrates the cost to your business if it is unable to operate for an hour. If the outage were an entire ten-hour business day, the expense associated with that downtime would be $1,650.00! This is an important figure to reference when you are evaluating the price of solutions that can reduce downtime of your business. But the opportunity cost (lost revenue) is actually much larger than this number, and needs to be included to give you the REAL cost of downtime. When your business is unable to operate, the ability to generate revenue is greatly diminished, whether you rely on foot traffic or phones and Web sales.



Develop a Plan for Your Business Crittical Systems

 Calculating that cost can be difficult to determine, but one simple method is to estimate the average income you lose for each hour of a shutdown. If the business’ average monthly revenue is $50,000 and the hours of operation are approximately 200 hours each month; the revenue the company generates is $250.00 each hour (the opportunity cost). If our example company is technology-dependent, it loses approximately $415.00 every hour its systems are down! Even if a computer failure doesn’t close the business for a significant amount of time, consider the lost productivity costs if it experiences a 50% reduction in network speed. In the example company— if this issue persisted for an entire workday—it would lose $2,075.00.

Whether a company experiences significant problems with its current systems or is just looking to avoid future issues, understanding downtime costs is essential. When implementing the latest technology or a new service, this figure helps a business understand the savings (or losses) associated with the project. Knowing those costs allows the organization to prioritize emergency response needs and evaluate future plans. It becomes truly critical when discussing response needs and service level agreements with providers who will support your critical systems.

If you would like to get a handle on computer downtime to protect your business and make it more productive, give us a call at 650-204-3150.  Our Business Continuity and Managed Services will give you the piece of mind that your data is safe, your systems are running well and your company is operating at peak performance.  Isn't your business worth that?

For more information, contact Jon Simms at  MountainViewCA@TeamLogicIT.com or visit  www.teamlogicit.com/MountainViewCA.

Finding the Right IT Services Provider

by Jon Simms, President of TeamLogic IT of Mountain View, CA

Dependability is Key in IT Service

When it comes to evaluating computer and network support options for your business, dependability is typically one of the top factors. The first measure of IT service quality is determining if your provider shows up when needed—and on time. With advancements in remote support services, providers are now able to proactively monitor your systems, which minimizes the need for expensive onsite visits and alters the dependability equation. Despite those developments, selecting an advisor for your computers, network, and support is still a matter of trust.

Finding a Qualified IT Professional

As technology continues to increase in complexity and your organizational needs escalate (along with a greater number of regulatory requirements), relying on a qualified IT professional is more important than ever. I’m not referring to individuals who can only repair computers when they break down, but skilled consultants who can effectively assess the needs of your business and suggest the best ways to address them. They should know how to implement, service, and repair your company’s current systems, and should be able to adapt (or upgrade) that technology to meet future growth goals.

A trusted adviser is a technology consultant who comprehends and executes best practices for organizations of all kinds. These individuals (and their organizations) should be capable of addressing the unique needs, goals, and opportunities of your company, realizing that no two businesses are the same. While the basic technology doesn’t differ significantly among organizations—laptops, desktop computers, servers, networks, email programs, and office applications—the way it's employed and the corresponding tools may differ significantly.

The Difference is a Trusted IT Adviser

For example, a financial firm and a large news organization might have similar computer systems, but a trusted adviser wouldn’t assume their technology was deployed the same way. He would spend time assessing the business goals of each company, using a professional protocol to determine the unique needs and goals of each. The financial firm may be planning to open a second office, which would require network enhancements to securely link each facility. The newspaper business, on the other hand, may need to minimize their computer costs to offset declining subscriber revenue. Proposing similar infrastructure enhancements for each company would not be in the best interest of either of these clients and the success of each, in part, depends on their ability to effectively leverage new technologies.

If you want to find a “trusted IT adviser”, you’ll be hard pressed to find a national or state-wide list using that term. There are association and regional directories for IT service providers, but discovering one with the knowledge and consulting skills that match your specific business needs will require some additional investigation. The methods required to find and validate qualified candidates may differ between industries and geographic areas, but the best way is to spend time with some top prospects and discuss how they will address your business needs.

Portfolio of Service

The first step when researching technology providers is to determine the specific services these companies offer, such as whether they provide proactive support and services. This is a determining factor for many businesses, helping them ensure system downtime is minimized and that the health of the technology infrastructure is maintained at acceptable levels at all times. While it’s not a deal breaker, a managed IT service (proactive support) allows the technical adviser to map your network-connected computer systems and provide specific performance details before suggesting any changes. It’s quite similar to the diagnostics a car repair shop uses to identify precise problems with your engine, rather than replacing parts until the knocking stops. In addition to computer assessment, managed services can monitor network and device performance on a continuous basis, allowing a provider to fix issues before they become serious enough to disrupt your business operations.

Building the Right Strategy for Your Business

The complete list of IT and business consultation services is too large to include here, but the following are several common areas to consider when evaluating an IT provider’s portfolio.

• Managed IT (proactive monitoring, remote remediation and support)
• Network (design, integration, optimization)
• Hardware (procurement, installation, support)
• Business systems (software consulting, selection, process improvements)
• Software applications (installation, patch management, removal)
• Security (assessments, firewall, desktop, network, email)
• Email management (servers, security)
• Disaster recovery (remote and on-site backup, restoration)
• IT support (help desk, warranty repair, printer repair) 

Due to unique industry or particular business needs, you may require a technical team with a specific expertise, such as a hospital needing someone to implement a medical records system, or a bank requiring support for its electronic checking solutions. Ask prospective IT partners to describe their expertise and understanding of your line of business, and be sure to ask for client references that back that up!

TeamLogic IT of Mountain View, CA is part of a nationwide network of computer consultation and managed services businesses providing outsourced IT services. Small- to medium-sized businesses rely on TeamLogic IT to handle a broad range of services from urgent computer repair and proactive maintenance to the installation of entire networks and more. For more information, contact Jon Simms at  MountainViewCA@TeamLogicIT.com or visit  www.teamlogicit.com/MountainViewCA.

Phishing a Significant Security Concern for Small and Medium-Sized Businesses

Theft of SS Numbers

As more small and medium-sized businesses make use of online services including email, banking, credit card merchant account management, or the manaagement of their company's website, thethreat of online identity theft or "phishing" may grow into a significant security concern for these businesses. In fact, according to the Anti-Phishing Working Group, a consortium of more than 1000 firms, including a majority of the top U.S banks and ISPs, phishing reports doubled from November 2004 through November 2005 from 8975 to 16882. In addition, the use of password stealing software applications used along with email phishing attempts quadrupled from 260 instances in April 2005 to 1044 in November 2005.

Furthermore, according to a survey conducted by the FBI with over 2000 organizations, 64 percent suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million just for those surveyed. In addition, the overall cost to Americans through identity theft reached $52.6 billion in 2004 compared to only $1 billion in telecommunication fraud. The survey also reveals that computer theft and computer-based financial fraud ranks second behind worm, virus and Trojan horse computer threats.

What is Phishing

The term “phishing” comes from the analogy that Internet scammers use email as bait to fish for password and financial data from the sea of Internet users. Since hackers have a tendency of replacing "f" with "ph,” the term phishing was derived. The term has also evolved over the years to include not only obtaining user account details but also access to all personal and financial data.

In practice, phishing is a form of Internet fraud that aims to steal valuable information such as credit card or social security numbers, user IDs and passwords. Generally, a fake website is created almost identical to that of a legitimate organization, typically a financial institution such as a bank, credit card or insurance company. An email is sent requesting that the recipient visit the fake website and enter their personal details, including security access codes and account information.

The Threat to Small and Medium-Sized Businesses

In the results from a survey conducted by Trend Micro, a provider of network antivirus and Internet content security software and services, 43 percent of respondents have experienced an email-based phishing threat and half of all U.S. businesses with less than 500 employees have encountered phishing at work. The survey goes on to state that at least one-third of these respondents said they lost personal information, experienced drop-offs in productivity or were victims of identity theft; one-fifth said they also lost company information. Respondents also reported the most increases in phishing attacks were among small-business users.

What Do Phishing Scams Look Like



Legitimate links go to Spoofed sites

Over the last few years, phishing scams have become more and more sophisticated. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate websites. To make these phishing e-mail messages look even more believable, the scam artists may use legitimate links that appear to go to the actual financial institution’s website, but actually take you to a phony scam site or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" websites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the phishers. They then have the ability to use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.
While there is no one solution to protect against phishing attempts, businesses should use and keep up-to-date antivirus and spyware protection as well as spam blocking software. In addition, businesses are urged to take great care when receiving email from insurance, credit card companies or banks, as few genuine financial institutions use email to communicate in this manner. Consider outsourcing. While ISPs offer security services for companies, a professional managed services provider can tailor their services specifically for the small and medium-sized business, providing similar levels of IT support previously found only in large companies.

Are you concerned about the secuity of your data?  Call TeamLogic IT at 650.204.3150 for a free consultation.  We use only the best tools available and can monitor your systems 24x7.  Whether it is virus protection, intrusion prevention, insuring regulatory compliance, or helping your company to establish and document your security policies, our trained security experts can help you through whatever security concerns you have.

Taking the worry out of your technology.