You’ve probably heard about the perk of benefits that come with Managed Service Providers (MSPs). The internet is awash with glowing reports of how businesses are reaping big from outsourcing their IT needs to an MSP. But MSP has an ugly and dark side. It’s time businesses look into these genuine concerns about MSPs and find an alternative. Here are some of the things that make MSPs suck:
Escalation Game With Managed Service Providers
Got an issue with a vendor’s service? Sure, they may be just a call away from you. But don’t expect the first call receiver to solve the problem there and then- Often, they have to escalate your issue over and over to get someone who can assist you. You may have to jump over more hurdles in this escalation game:
- Waiting on hold for too long: They may assign prolonged, canned elevator music to keep you company as you wait.
- Transferring your call to others constantly: A customer agent may end up transferring your call to the wrong person.
- No empathy: The customer agent may be rude and fail to understand your urgency and frustrations.
- Repetition: If the information on their clients is scattered, the customer care agents will fail to pull up your data. So they may ask you to repeat the whole of your account details to them.
Third-Party Agents’ Risky Access
The MSP may need privileged access to all of your workstations and mobile devices for them to do their job. However, installing third-party agents on all your corporate resources needs extra care- Make the oversight and access too lax, and your security posture will not be strong.
It’s often challenging to provide just enough access to the MSP while securing critical assets. Often, your managed service providers’ access needs may not be aligned with your privileged access objectives. Several inherent conflicts arise:
- You need to work with MSP agents on some projects, but granting them access could create security loopholes in your system.
- The IT firm must access some internal systems. If they don’t get access, they may have to depend on insiders to acquire the necessary information, which becomes inefficient and impossible to edit.
- You don’t trust other parties. MSP cannot do their job if the access is too restrictive.
Third-Party Agents’ Privileged Security
Third-party agents’ privileged security comes with a lot of challenges:
- Each agent needs access to core corporate systems, including browser-based and internal applications.
- Their firms may permit them to enjoy a certain degree of flexibility in how and where they do their job. They may work from their own mobile devices and laptops, increasing points of cyberattacks.
- The agents lack your enterprise’s email addresses and aren’t in your active directory. A lot of time goes into manually creating their accounts.
- Compliance and risk assessment crew need to gather enough data to ascertain that the MSP complies with remote access standards. This can be another time-consuming task.
- The authority mandated to onboard and off-board the outsourced company may lack sufficient checks, leading to loopholes in these processes.
- The MSP’s privileged account credentials may not be revoked even when a contract ends. The reason tend to be a lack of oversight or an expectation that your company will re-engage them in the future.
- An MSP’s employees can share privileged account credentials instead of each worker being granted unique access.
Constraints and Lack of Control
Once an MSP takes charge of a single IT task or the entire IT department, you no longer enjoy complete control of that function. The result? Loss of ability to respond to changes rapidly since there’s now an additional layer of processes and people to work through. It may even be impossible to perform simple IT tasks on your own, such as setting up a new device and adding users.
The profit that comes from providing services to clients is what solely drives MSPs. To them, the more the clients, the more the profits. So don’t expect them to strive towards achieving your own business standards, mission, and goals. Also, the thirst for more profits may drive your external vendor to slash down expenses (since prices are fixed), a move that may lead to below-par quality.
Some MSPs may also charge unwarranted price increases or use subcontractors to exploit your dependency. This mischievousness happens, especially if the contract fails to detail work specifications correctly.
Engaged an offshore vendor? The vast geographic distance may lead to challenges like poor performance monitoring and difficulties in communication. A projected flow could become crippled due to a lack of face-to-face brainstorming sessions. Cultural and language barriers are other nuisances.
The Wait May Be Too Long With Managed Service Providers
Submitting a ticket signifies that you need the MSP to solve an issue quickly. Sure, some problems can wait, such as asking for access to old login details. But others can literally halt everything- Your employees may not do anything productive until the problems are resolved. However, after escalations of an issue or submitting tickets to create users, you are stuck on the MSP’s time frame, not yours. It may take days or even weeks for them to get back to you. Also, every month may witness the number of pending tickets skyrocketing. This is common when an MSP is signing up more clients aimlessly, stretching thin their resources. And since understanding your business isn’t their priority, expect slower services.
You may take on an IT MSP hoping to secure and stabilize your IT spending. However, MSP invoicing is often overly complicated, leading to significant variations from what you expected. Some MSPs install tools and software without notifying you. The result is frustrations due to off-tracked budgets. You may also notice discrepancies between the services provided and those agreed upon. To make matters worse, your own staff may fail to wrap their mind around the complicated MSP arrangement. Additionally, an external vendor may convince you with a cheaper package that promises great value. They may rush to sign you up for the current plan before providing IT consulting. But let’s face it- you get what you pay for. Thanks to complicated invoicing, you may end up getting sub-par services, yet you paid a premium.
An Incentive for Managed Service Providers to Suck
Many MSPs’ employees have a break-fix mindset. They get paid to fix minor problems without any incentive to look at the root causes and stop the problem permanently. For instance, consider the guy who keeps unjamming a printer instead of replacing the component that causes the jam. In such cases, your IT loss is the provider’s gain. There’s no reason for them to participate in the future development of your operations. They know that if you got an infrastructure that couldn’t break in the future, they wouldn’t have any business left for them. The break-fix mindset denies your company access to best-in-class solutions. The guys cannot offer recommendations on how to propel your company.
Your IT MSP may promise to support and guide you on the path towards a scaled-up and transformed business. However, they may fail to live up to their words. Once you sign the contract, they move on to the next hunt or dish out cookie-cut products and strategies.
An excellent MSP will proactively check your IT systems (software, hardware needs, and security practices) and pinpoint areas that could use some improvements. They will then recommend customized solutions just for you. But with most managed service vendors, be prepared to follow up with them constantly for assistance.
If you’re not careful, things will stay where they are, with no real strategy for new capabilities, vulnerabilities, or better ways to approach business opportunities and challenges.
Supply Chain Attacks
MSPs are an increasingly lucrative target for hackers who see the potential to attack many organizations with a single target. Consider a ransomware attack that infected 4,200 computers through a single MSP in 2019.
The cybercriminals know that MSP contractors would aptly pay ransom to be up and running again for the public. Also, some of the MSPs lack robust backups and cybersecurity, making the game easy for hackers. Furthermore, paying ransoms only rewards criminals and incentivizes them to strike again.
Hackers invade MSPs by capitalizing on security lapses, such as the absence of two-factor authentication and weak passwords. Other exploitations include loopholes in “remote monitoring and management” software that MSPs employ to serve clients and install computer updates. The software is like a golden key that a criminal can use to distribute ransomware to clients in a few clicks. Even when the patches for vulnerabilities are available, some MSP firms delay updating their systems.
Insurance Liability With Managed Service Providers
Your corporate attorneys and IT crew may fail to consider insurance ramifications when negotiating contracts with MSP. They may forget to check the exposures raised in the agreement and compare them with your company’s insurance cover. Consequently, the gaps hidden in fine prints may continue to exist, and you can fail to recover losses from an offshore MSP’s insurance. Due to outsourcing-related exposures, you may have to purchase extra layers of insurance protection. These exposures include:
- Dependent business premises: Traditional property perils (think tornado, fire, and flood) can destroy a contractor’s dependent business premise, leading to the destruction of data, property, or information. You may need to purchase extra expense cover for this exposure.
- Security breach: Operational and legal exposures may arise in the form of disclosure, theft, or disappearance of crucial data such as intellectual property, trade secrets, proprietary knowledge, or private data. A general liability policy can protect you against a privacy lawsuit arising from the publication of non-public personal data. Other considerations include specialized media liability protection against intellectual property infringements and property policies against malicious programming.
Agile IT, A Solution That Doesn’t Suck
MSP-related challenges can drastically reduce your technological effectiveness. That’s why you need an alternative. Agile IT provides Microsoft cloud-managed environments that can reduce or eliminate the need for break-fix support. To find out how you can leverage your existing Microsoft licensing features to manage your IT needs, schedule a free consultation.