Managed IT Services: What Good IT Support Looks Like

Managed IT services is the outsourcing of the IT function of a business to an external firm who can provide better results for less annual cost than the business could internally. While at first glance the definition looks pretty concise it leaves room for interpretation by the managed IT service provider and so there is a vast delta in the deliverables and results provided within managed IT services.

The IT function needs to consist of several different roles:

• Support to get users back working when there are issues.
• Management to monitor the network for issues and implement patches to help protect it.
• Proactive audit and alignment to best practices to prevent issues from arising.
• Guidance and direction on an IT plan and budget for what to do next to help your business do more with less.

Results from managed IT:

• Improved response time
• Fewer issues, clearer guidance
• Lower risk
• Greater operational efficiency
• Increased staff productivity.

While less annual costs doesn’t always mean it costs less than what you are spending today, in fact it may cost more. The real annual costs savings are realized in the benefits of the results above. In fact managed IT services, when executed properly, should cover its entire cost within the first 12 months.

The importance of managed IT services

By outsourcing to a managed IT service provider, companies can focus 100% of their time on the things that matter most to their business: growing revenue and delivering their service/product.

Managed IT service providers focus 100% of their time on delivering the same result across all their clients in a repeatable way. In order to do so they create a disciplined process, best practices, and roles to fulfill all the duties required. In this way costs that would otherwise need to be burdened by each company can be spread across all companies.

Issues affecting one client can be developed into best practices which are implemented across all companies to prevent the issue from ever happening. Likewise workflow and reporting inefficiencies solved once can be replicated across all clients instead of each client needing to uniquely solve on their own through trial and error.

Types of managed IT services

When we boil it down there are really two types of managed IT services: reactive and proactive.

With reactive managed IT services, the provider focuses on keeping the day-to-day running whether that be on premise, in the cloud, or a combination.

In contrast, proactive managed IT services the provider focuses on helping the business run more efficiently, while it still keeps the day-to-day running, the service brings you into alignment to best practices and guides your entire technology spend which eliminates issues before they start and allows your business to do more with less. In this way the proactive provider helps you with all things technology including are we using the right business applications, paying too much for them or not getting the results we should.

First, let’s start with defining an IT strategy. On the surface it may only seem like a roadmap of IT initiatives and budgets for the next 1-3 years. More importantly an IT strategy is a comprehensive plan that outlines how technology should be used to meet the goals of the business. In the section above, we introduced the two categories IT strategies fall into: reactive or proactive.

Now, let’s take a closer look at how each differs in approach.

Differences between a proactive IT and reactive IT strategy

In a reactive strategy, IT is viewed as an expense that has minimal returns, so it must be cost controlled and overseen by finance. The business value, keep it running. Software and hardware is replaced on a refresh schedule or after it fails. The internal or outsourced IT group is charged with, you got it—keeping the technology running.

Since IT doesn’t have the time or skill to help the business, the burden is on each department head to seek out new technology to help their business unit. While their selections work for them, they often aren't the right change for the whole company or solutions selected aren’t enterprise class. Which then takes more time and cost than it should to keep the technology running. There is always too much work to do and so internal groups ask for more people, and external groups become overwhelmed and responsiveness suffers.

In a proactive strategy, IT is viewed as an asset that has a substantial return. It’s invested in and often overseen by the Executive Team so it aligns with the company’s mission and vision. The business value helps the business run more efficiently, doing more with less.

Software and hardware changes are made based on the hours of time they can save the company each month and are the right long term change for the entire business. The internal or outsourced IT group is charged with not just fixing but preventing issues happening and providing guidance on the technology changes that should be made to make the business more efficient.

The adoption of new technology to help the business is done collaboratively with all department heads: CEO, Sales, Operations, Finance, and IT. Changes happen only after they have been evaluated by all department heads as the right long term change for the whole business and the return on investment has been quantified. Fewer but larger changes are implemented with success, allowing staff to do the same work in less time.

Why a proactive IT approach is needed

Doing more with less is imperative for every business to be successful, to keep costs down, and to remain competitive because it is not always possible to find the right people to fill positions. Technology holds the promise of helping companies get there but most businesses never obtain it for two reasons.

• 90% of technology approaches are reactive only focused on keeping the day to day running.
• IT is thought of as G&A not a functional area so it is treated like an expense and put under finance to be cost controlled.

IT is now a fully functional area that contributes to all other functional areas and requires a proactive approach. There is tactical, operational, and strategic work to be done.

Yet when operating an SMB often there isn’t enough room in the budget to bring on all the different people needed to cover 24/7 support, proactive tool management, network administration, system administration, security administration, strategic planning, budgeting, and implementing new innovation. SMB leaders expect those duties and responsibilities to be stretched across a couple team members or a managed service provider—whose programs were never designed to deliver everything needed. This is the main contributing factor to why the IT retention rate of internal people and outsourced providers is just 2.5 years. The net result—as the SMB grows, it does so less profitably.

What a proactive IT approach looks like — from start to implementation

Now let’s break down what a proactive IT looks like by diving into support, monitoring, audits, and IT planning.

24/7 support to get users back working when there are issues.

• Help portal (request support, view status, and request a change)
• Self-help center for instant instruction to common questions to keep users working
• Move or Add Changes to management
• Manage technology vendor relationships

24/7 management to monitor the network for issues and implement patches to help protect it.

• Network and performance monitoring and management
• Predictive hardware failure monitoring and management
• Microsoft and 3^rd party remote patch/ service pack management and remediation
• Realtime virus, spam, malicious content identification, and protection
• After hours workstation and server optimization

Proactive audit and alignment to best practices to prevent issues from arising.

• Dedicated role and process for developing technology standards
• Continual audit and alignment to standard best practices
• Areas outside of alignment are reviewed for business risk and costs to remediate as part of CIO steering meetings
• Manage firmware and minor application releases
• Documentation: WAN, LAN, Applications, Passwords, Procedures, Remote Access, Virtualization

Guidance and direction on an IT plan and budget to help your business do more with less.

• Named Chief Information Officer
• Monthly steering meetings with your executive team
• Known multi year IT roadmap, productivity initiatives, risk, and budget
• Guidance on all technology: hardware, software, services warranties, versions, and other important parts of proactive IT lifecycle planning and management

Most companies have great command over the metrics in their business when it comes to sales, operations and finance, but not when it comes to IT. Below are the top IT metrics to track and why.

The IT metrics businesses should be actively measuring

Tickets created

Tickets created each month from users and monitoring give you a sense of the disruptions that happened. On average each ticket submitted equates to 2 hours of loss productivity—the total time of futzing with it, asking others, waiting for help, and verifying a resolution.

Tickets responded to same day

This lets you know how many user requests were responded to by IT the same day they came in. Responsive support is key to user satisfaction with IT.

Tickets resolved same day

This metric lets you know how many user requests were resolved by IT the same day they came in. Quick resolutions are key to getting users back working and productive.

Tickets solved first touch

Lets you know users are getting the help they need without much hassle. Solving the ticket on the first attempt means your IT team has the right skill set to have command over the problem and eliminates endless escalation.

User satisfaction

This metric shows how happy users are with their IT experience. Your people spend a lot of their working day on a computer, so it can be a perk or detractor of the job as it contributes to their overall job satisfaction.

Alignment to best practices

Where your IT environment is compared to IT best practices for networks, applications, security, etc. this helps the executive level see the risk and make informed business decisions before it creates a disruption for the business.

Hours saved

By recording hours saved per computer user in the last year, you should be able to look back and see the tangible return your IT investment has provided to the business.

IT staffing and tool costs

This includes looking at all roles: helpdesk, network/system administration, business analyst, database admin, reporting writing, business application expert, IT manager, and CIO.

Spending too little limits your IT strategy to being reactive. A reactive strategy means you won’t obtain the benefits of a proactive IT strategy. On the other hand, spending too much means you are overpaying because there are things way far outside of best practices and you won’t obtain the benefits of a proactive IT strategy.

The standard industry measurements — what to compare their metrics to.

Now that you know what to track, it is important to know what to benchmark against. Reporting and reviewing metrics on a regular basis can help companies ensure they are on track to realizing all the benefits IT is meant to create for their business. Below are IT industry benchmarks that are used to gauge IT effectiveness for the business.

• Tickets created per month: 20% of total computer users. 100 computer users = 20 tickets/month.
• Same Day Response: 100%
• Same Day Resolution: 75%
• First Touch Resolution: 70%
• User Satisfaction: 98% Positive
• Alignment to Best Practices: 95%
• Annual Hours Saved per Computer User: 160 Hours
• Annual IT Staffing and Tool costs: $1,800/ computer user

What should be in an IT plan and budget

When it comes to technology plans and budgets, IT teams guide the tangible IT tools and hardware like computers, switches, servers, firewalls, and software like Office 365. Most internal and outsourced IT providers put their focus here, but that feels reactive and outdated. Before we get into budgeting, let’s take a step back and define technology first.

Technology is everything in your company that provides voice, data, print, or information. It is all the business specific software programs used to enter and retrieve information, all the machines that are programmed to serve a specific function, and all the services like phone, internet, cloud too. All of this must work in tandem together to optimize your team’s productivity. There are technical and workflow implications to all technology that significantly degrade the productivity of your team when best practices are not followed.

With this new definition for technology, take a look at your technology plan and budget that IT isn’t guiding. A reactive plan leaves this important part out—a proactive plan encompasses all technology.

The cost of ineffective IT planning

Now that we have explored why IT planning must include all technology, let's dive into the cost of ineffective IT planning.

First, making technology purchases you don’t need.

We’ve all seen this scenario: a purchase is made and somewhere along the way, during or after implementation, the purchase is scrapped. The cost and investment didn’t turn out. This is by far the easiest to see.

Common reasons for making poor purchasing choices:

• The solution didn’t meet the intended need.
• Users reject the change from lack of training, planning, or management.
• The cost of product adoption and to integrate with other programs was too high to sustain.
• The purchase was nearsighted, thinking replacement instead of big picture and seeing the whole technology landscape while identifying a solution.

Second, over paying for technology solutions (like business applications).

Business applications are just one example of technology solutions that are priced based on the value they can deliver. So the delta in cost for applications that seemingly serve similar purposes can easily add another zero to price tags, turning a price of$10,000 to $100,000. Watch out for solutions that look to be right long-term, but up charge you for each additional piece of functionality your team needs.

Common reasons for purchasing the wrong business applications :

• Lack of training and understanding of the solution.
• Lack of initiative on adopting more of the product to solve additional business needs.
• Fear of additional changes, company culture may not be innovative or doesn’t handle change well.

Third, the need to customize to align with current processes.

Every technology change is an investment that must hold a tangible return. A successful change must be seen in company process and productivity.

Let’s use business applications as our example again. The best business apps are written for your specific industry. They have spent more hours in R&D learning about your industry than any one company ever will. In doing so they have discovered common problems and defined how to most efficiently work in your type of business. With that knowledge created software to streamline your operations. Yet too often SMBs feel the need to customize their applications or reports, which comes at a heavy cost not jut one time but on-going.

Common reasons for application and report customization:

• The business application is too generic, it wasn’t created for your business.
• Trying to fit the new application into your old way of doing business instead of adopted new processes. Being resistance to change, this is the way the process has always been done.
• When you’re a programmer everything can be a custom written application, when you’re a report writer everything can be a custom report. They can so they do and at the same time it builds additional job security for them​.

How to effectively IT plan

Business and technology are ever-changing — your IT plan should too. The fact is, technology today helps make every other function in your business more effective and efficient, which also increases the revenue each employee can support. Consider these key points when IT planning:

You need an IT leader that understands your business and technology strategically. Not a manager or director but a Chief Information Officer (CIO).

The CIO needs to be strategically guiding and directing all things technology. Hardware, software, business applications, and services all need to work in tandem together for your business.

The CIO should hold recurring IT steering meetings with all functional leaders of the business. Evaluating the existing IT plan against the changing business needs, to ensure they are still the top priorities and identify new business needs to explore in the future.

IT plan initiatives need to be quantified in business terms. For example, hours they could save the business a month, or the revenue at risk.

New productivity initiatives to further support your business plan should be provided by the CIO based on their analysis of how each function works.

New business plan risk should be presented based on in-depth analysis of your current technology footprint outside of IT best practices.

Challenges and threats to IT Security

Cybercrime is growing exponentially and will continue to here is why: In the early days of cybercrime, you needed to be an expert in technology to be a cybercriminal. It took a lot of knowledge and time and so only the most lucrative companies were targeted.

Today there is a mature marketplace on the darkweb, where anyone with $20 can go and rent access to 1,000 already compromised computers, then buy an already written ransomware exploit kit— a program designed to hold a computer for ransom unless the computer user pays to unlock and at the same time scrape the computer for personal information. Essentially the computer is held ransom, until the pays to get their computer back or ultimately lose all their data. The ransom amount pales in comparison to what the cybercriminal now has full information for 3 credit cards worth $30 each and 10 online payment service logins worth $20 each. Totaling $390 from just one compromised computer.

Now just think of the damage they can cause if they infect a company computer—they could get access to 100 driver licenses worth $20 each, if not more highly sensitive information. From there the cybercriminal can sell them on the dark web to the highest bidder.

Today, cyberattacks have evolved and can now be easily launched by anyone regardless of expertise. Targets have changed from the largest companies to any and everyone—especially small to midsize businesses who have tons of data and weak security.

How businesses can know they are really secure with managed IT services

Most business leaders feel like their IT is reactive, they’re overwhelmed with keeping the day-to-day running. This not only leaves little to no time to guide the company’s IT strategy and help drive efficiency. It also doesn’t leave any time to really secure the IT environment. So what does it mean to be really secure?

Being really secure goes beyond having a firewall that is actively detecting and preventing intrusions, installing Microsoft security patches, filtering spam, blocking malicious sites, security awareness training, and complex passwords. These are the basics.

To really be secure means that you have implemented all the policies and procedures to meet one of the cybersecurity frameworks. For example, the NIST 800-171 a Federal standard has over 220 controls that must be in place and regularly reviewed to be considered compliant. The CIS Controls from the Center for Internet Security have just under 200 controls. The FFIEC Cybersecurity is another such framework. Proactive managed IT service providers have the experience and skillset to help you implement and maintain such controls. In fact a managed IT service provider who cannot provide third party proof they have implemented and follow such controls, really can’t secure your business as they themselves are not secure.

Where IT security is heading and what the future looks like for small to midsize companies

With the exponential growth in cybercrime and growing technology reliance in the day-to-day processes of small to midsize companies, more needs to be done to protect our data. Many believe Artificial Intelligence holds part of the answer.

AI leverages the benefits of Big Data to identify malicious patterns and can make the connection when suspicious activity occurs across multiple systems. In this way they can preemptively block an attack before it starts or gains a foothold. In fact proactive managed IT service providers are already using solutions that leverage Big Data and AI to provide their clients such benefits.

The other part of the answer is regulation. With the tremendous gap in proactive IT leadership, most businesses unfortunately are not taking the prudent steps needed to secure their companies. While the FFIEC has been in place for financial institutions to follow for some time. As recent as a few years ago manufacturers who are part of the DoD, General Services Administration (GSA), NASA or other federal or state agencies’ supply chain, must implement the security requirements included in NIST SP 800-171.

Another recent regulation that affects all companies in the European Union and who hold information of people of the EU is GDPR. GDPR takes a slightly different approach in that it focuses on ensuring the secure handling of personal information by a business.

ROI differences in the managed IT service providers approach

As we discussed earlier, a reactive managed IT service provider focuses on keeping the day-to-day running. The ROI comes from the speed at which tickets get solved without your staff’s involvement, knowing what hardware to replace each year, and software license to renew. They are focused on the tactical doing of the work.

On the other hand, a proactive managed IT service provider focuses on helping the business run more efficiently. The ROI comes from the substantial (8x) reduction in issues, so your staff stays working. ROI is also seen in the guidance on all things technology, including business applications so you can (most quickly and cost effectively) accomplish your business initiatives. The continual identification of risk and productivity improvements will keep your business protected, while doing more with less. Proactive managed IT service providers are focused on the strategic, operational, and tactical of the work. The real difference in ROI here is the impact on the annual revenue that can be supported per employee. Proactive approaches allow companies to support $20,000 more in annual revenue per employee, per year than the same business with a reactive approach.

Cost differences of managed IT services

You might be thinking, “What kind of costs can I expect to pay for managed IT services?”. As you can imagine, the cost of simply fixing what is broke takes significantly less time than the combination of fixing what’s broke, preventing issues from happening, and guiding a successful IT strategy. So it is good to understand the ballpark costs you should expect.

In a reactive managed IT service model you can expect to pay around $100 per computer user per month. The average computer user with a reactive IT approach has 1-2 tickets per month equaling about 1-2 hours per month when it comes to IT. This leaves a little room in the budget to pay for tools and not enough to pay for proactive prevention or strategic guidance.

In a proactive managed IT service model you can expect to pay around $150 per computer user per month. The average computer user with a proactive IT approach has 0.25 tickets per month equalling about 15-30 minutes per month for IT. This leaves room to pay for tools, proactive prevention, and strategic guidance. In fact 90% of your $150 budget is now focused on proactive IT and meaningful ROI including preventing issues, keeping your people productive and guiding strategic improvements across all your business technology.

Delivering managed IT services

As you have learned there is a vast difference in approaches and results between reactive and proactive managed IT service providers. With managed IT service providers focusing 100% of their time on delivering the same result across all their clients in a repeatable way. All processes, best practices, and roles are created to fulfill either reactive results or proactive results—not both.

Other anomalies to look for are managed IT service providers that provide multiple plans. A truly proactive managed IT service provider has one plan and 100% of their clients are on it.

Another question to consider is: what is the percentage of a company’s revenue that is focused on delivering proactive managed IT services? Are they really a project company first and managed IT service company second? Or a copier dealer first and a managed IT service company second?

The pain of switching providers

The idea of changing IT providers is daunting for most small to midsize business executives. The current provider knows all your passwords and how to install your software. In reality, we find that there are just a staff members at the reactive managed IT provider who know this information and switching isn’t as stressful as you may think

Here’s what a switching from a reactive IT provider to a proactive IT provider looks like.

In week 1 security information is captured and in week 3 it is published into an electronic portal for all members of the proactive IT service provider to use and update.

Additionally in week 3, documentation to setup and deactivate users and setup new computers or printers is created. This process is repeatable which makes it easy for your time, everytime.

The real time commitment needed of business executives are:

• What is your business plan?
• Who can make purchasing and security changes?
• Do you have vendor contact info?
• 30 to 60 minutes each month, in structured forward looking IT planning.

In the onboarding phase, your proactive IT provider will work with you to make a smooth transition.

Onboard

• Week 1- Gather Info
• Week 2- Install Tools in Silent Mode
• Week 3- Build Documentation
• Week 4- Tools and Support Go Live

Once onboarding is complete, you’ll have around-the-clock support moving forward.

Ongoing Initiatives

• 24/7 support to get users back working when there are issues.
• 24/7 management to monitor the network for issues and implement patches to help protect it.
• Proactive audit and alignment to best practices to prevent issues from arising.
• Guidance and direction on an IT plan and budget for what to do next to help your business do more with less.

What makes a good IT project?

A good IT project is one that is worth pursuing. It is the best use of IT’s time, employees time, and companies funds—when compared to the return on that investment over the expected life of the technology change. We all want to be doing “Good” IT projects, so how do we get there?

First and foremost, we need to make sure the IT project is the right long-term change for the business. To do so there should be a forward-looking business plan that articulates where the business is headed over the next ten years. It will have a more defined picture of what the business will look like three years from now and have annual goals (the most important next steps to take in the business to get to the three year picture.) Next the company’s executives, including the CIO need to start carefully planning and lay out the IT initiatives that are needed to support the business plan.

Now that we have initiatives that are the right-long term change, we need to quantify the ROI. This is the cost of the project in terms of time and product including the costs of employees' time in adopting and making a change in any behavior needed. Return, recurring product or vendor costs savings but also internal efficiencies like employee time savings each month. Taking this into account we can look to eliminate those with poor ROI and prioritize the IT projects with the greatest ROI.

Next we need to look at the best use of IT’s time. Does the IT team have the capability to implement this kind of project in terms of skillset and project management methodology. Not all IT teams have the resources and skillset to successfully implement.

Getting IT projects done on time and on budget

Now that we have IT projects worth pursuing, let's dive into keeping them on time and on budget. In order to achieve those goals we need a good project management methodology.

First, we need a clear scope of work that will attain the desired business results.

Next, we need engineers with the skillset to execute the scope. From there we need to add project management and coordination for organization.

Third, we need clear communication of changes to all employees so they know what is needed of them, including any training to set them up for success.

Fourth, consistent status updates so leadership knows the current state and estimated completion of the project.

Fifth, the identification of out of scope requests in advance so that they can be communicated to leadership ensuring only the valuable out of scope requests are pursued.

Sixth, thorough documentation of the change and hand-off to the IT helpdesk so they can provide meaningful ongoing support.

The role of professional services in managed IT services

The professional services team is the function of IT that implements IT projects, allowing the company to realize the benefits of their IT initiatives. The professional services group of a managed IT service provider allows companies to have access to the expertise and capability when needed, while not having to pay for it when they don’t.

To balance this, a managed IT service provider will keep a backlog. This allows clients to realize the benefits of their project in short order, while allowing the managed IT service provider to retain skilled engineers as they know their jobs are secure.

A good professional services team inside of a managed IT service provider operates with laser precision and little to no surprises. The businesses realizes the benefits they expected from their project and it further builds confidence, accelerating technology adoption. In contrast a poor professional services team creates chaos, projects don’t meet the expected benefit. This deteriorates people’s confidence in IT and relying on it for essential business functions, diminishing the company’s appetite for further innovation.