The Liability of Not Using a MSP
I wrote an article back in 2000 about the value of using an MSP to perform routine IT work so your internal IT department could focus on other things. Using an MSP in this fashion still applies today, just as it did back in 2000.
Today, however, we should view MSPs as more than just entities who can perform mundane or routine IT maintenance. MSPs now have a different role to play in the world, and that role is becoming more critical.
IT Management Skills
MSPs are still useful for managing IT. The idea that an MSP can better perform IT management services for an organization is still valid, even three decades after the beginning of the managed services movement.
Today, it is even more critical to outsource IT management since the complexities and risks associated with IT usage have increased dramatically. Very few organizations have fully staffed internal IT departments who possess sufficient people, tools, and knowledge to perform essential IT management services. Internal IT departments have been shifting towards strategic IT development and outsourcing IT management to firms such as MSPs.
Although regulated customers have long used MSPs to manage their IT usage risks, the number of regulated organizations has grown over the years. Also, the existing regulated organizations have realized that it is impractical to manage and secure IT resources using only internal IT. This realization likely has come from increased attention on regulated organizations as lucrative targets for cybercriminals, most notably banks, insurance companies, and healthcare providers.
For a long time customers who were not in regulated markets only cared about IT management when it impacted uptime and functionality of their IT. If you were a non-regulated organization, your tolerance of unplanned downtime when directly related to how that outage affected your operations.
Today, in the United States, Canada, and the European Union, all organizations trafficking in personal data can be categorized as "regulated" due to data breach notification (and other) laws. These laws transcend any regulated industry and focus on any business or organization possessing certain data and treat them as responsible for the safety and security of the data.
Common excuses for not managing IT resources no longer are valid in these geographies. Every organization possessing this data is responsible for safeguarding it, under penalty of making a data breach disclosure, and the other associated pains which go along with presiding over a data breach; some of these pains now include financial penalties and lawsuits.
In twenty years, the managed services profession has come a long way. Each passing year brings MSPs closer to being a business requirement, instead of a good idea for managing your IT.
What is your reason for not using an MSP?