How to Choose a Managed Services and Security Provider

In this episode of Tech Tuesday, Dave Hodgdon sits down with John Maher to talk about how to choose a managed services and security provider. He explains what to consider when making your choice and touches on the importance of choosing an MSP with security experience and expertise.

John Maher: Welcome to Tech Tuesday, brought to you by PCG, a managed services and security provider in Portsmouth, New Hampshire. I’m John Maher, and with me today from PCG is Dave Hodgdon. Welcome, Dave.

Dave Hodgdon: How are you doing today, John?

Differences Between Managed Service Providers, Managed Service and Security Providers, and Resellers

John: Good, thanks. So Dave, today we’re talking about how to choose a managed services and security provider. What are the differences between a managed service provider or MSP and a managed services and security provider, and then also a reseller?

Dave: Those are great questions, John. Most of us in this industry have evolved. In the old days, you were known as a break fix shop, you were kind of done hourly.

Managed Service Provider

Dave: A managed service provider term kind of came into play around 2007, that you kind of had more of a predictable or recurring revenue model instead of just waiting for the fire to come out. You kind of got more proactive. You started monitoring. You started showing up on a regular basis. So the managed services platform has been around for about 15 years. In the last five years, they really have adopted many clients. Many people in our industry are moving to what’s known as a managed services and security provider.

Managed Service and Security Provider

Dave: Security is a very big component to all managed services. We feel that’s probably the fastest-growing and one of the most difficult to deal with and to manage. But without that, I feel if you’re not playing in the managed services and security environment, you as a managed service provider are not going to grow in business. You’re going to start losing some of your clients, because that’s a key aspect, to make sure your clients are secure.


Dave: Resellers, really just selling products. There’s a lot of people out there. You’ve heard of PC Connection, Newegg. There’s a lot of people that just sell products. In the old days, yes, we sold products. We were known as a reseller. You just resold Apple, you resell HP, you resell Dell, but you don’t really have the service side connected to that. There’s nothing wrong with that model, but you’re just churning products at a lower margin. Our focus is to be a managed services and security provider, giving our clients everything they need.

What Type of Security Does a Managed Service and Security Provider Offer?

John: When I think of a security company, traditionally I’m thinking of the locks on the doors and maybe security cameras and things like that, but are you talking more about cyber security and things like that?

Dave: Exactly, John. From the gateway, the firewall, having a written information security plan in place, from doing a risk assessment. And the risk assessment, of course, will bring out what’s necessary to mitigate those risks for a ransom attack, and that’s everything from multi-factor authentication, from a password manager, to doing a web gateway, to a mobile device manager, to having email encryption. There’s many components to secure your data.

How to Differentiate Between MSPs

John: Now, if I’m looking for a managed services and security provider, maybe I’m looking online and I’m seeing what they do, and they all kind of seem like they do sort of similar things. What are some ways that I might be able to differentiate between managed service providers?

Dave: That’s a great question, John. It’s similar to when you go shop for a car. You know what you’re going to get. It’s not vapor. A lot of things, when you’re doing services, a lot of it to me kind of seems almost invisible and indistinguishable. You guys all sound the same, so how can you really differentiate what they’re doing, an apple or an orange?

It’s not as transactional, like when you buy your house or car, so you really need to understand some of the terms and ask some key questions to really find out what this managed service provider can provide. Are they truly a managed services provider that has a proven track record? Do they have blueprints in place? Do they have a good list of clients that have been around for a while? How’s their technical staff? There’s many things you can dive into, what really makes a true managed service provider.

What Is an OML?

John: What is an OML and why should this matter when you’re talking to your MSPs?

Dave: OML stands for operational maturity level, and they kind of rate you where you are at 1, 2, 3, 4, 5. And as you start adopting and you start practicing and you’re putting processes in place, you start going up the ladder in the maturity level. It’s showing that you care about your process. You care about making money. You care about your people. If you’re doing those things and you follow a certain track or blueprint, you will have success, and it’s very evident that the clients you’re taking care of, they can feel the difference.

Questions to Ask Potential MSPs

John: You mentioned a couple of things that you could ask an MSP, if you’re sort of interviewing them, if you will, and trying to figure out whether they’re right for you. What are some of those other questions that you should ask of a potential MSP?

Getting to Know the MSP

Dave: That’s a good one, John, because not all managed service providers are equal. There’s many things that you can ask about to find out what’s different… Do they have a security stack? Do they have the cloud and Azure? What’s their depth of their technical skillset? You want to make sure that person before you hire has a proven track record, they have a great client retention, they’re knowledgeable and they communicate with you. We’ve always come up with questions that we want them to ask of us that we can answer. I think it’s important to ask, if they’re looking at other providers, what they would do.

Learning About Their Experience and Capabilities

Dave: Some examples, John, how many years have you been in business? There’s a big difference between 25 and two. How many employees are on your technical staff team? That can kind of show you your response time. If you’re three or four versus 15 or 20, how can you do exceptional response rates on 100 clients with a small staff? How can they possibly get onsite? So, knowing how many are on the technical team. Do they have a true 24 by seven help desk. In today’s world, we know that’s an important thing. How many managed clients do you have right now? Is it three to four? Is it a couple hundred? You can start doing the math. If they’ve got a couple hundred and there’s only three or four people, that’s a red flag warning that, how are you going to get that customer service?

Asking About Their Processes

Dave: Do they have blueprints in place for certain things that they do on a repetitive basis for adding a new user, adding a new PC system, adding a new firewall? As you do these things day in, day out, you improve your processes to get these down. How will you help with my IT strategy? Could you offer risk assessments? What is your actual response time? A lot of people say it’s unknown that when you put in a ticket, their ticket might say they responded in two minutes, but when do you, John, when do you actually speak to a person? They could be waiting a day right there.

Finding Out About Their Success Strategies

Dave: I think the biggest value you can bring to the business is having that communication, that dedicated client success manager, and really helping them with their roadmap. I can’t tell you, John, how many times I ask when I’m speaking to new prospects, do you have a current technology plan? Do you mind sharing that with me? 90 percent don’t have a plan and they can’t share. It’s kind of like sailing your ship right there. If you don’t know where you’re going and your compass, does that just mean that there’s no budget? You don’t know where you’re going.

Our goal is to help that business get to where they want to go. If we know where they want to go, we can help bring that technology to them. We don’t want them to spend $1 without knowing what it means. There’s no reason for them to buy X if they don’t need it.

What Differentiates PCG From Other MSPs?

John: What are some of the things specific to PCG that you feel like differentiate you from other MSPs?

1. PCG’s Hiring Process

Dave: Well, I think it starts with… everyone promotes their people, but our hiring process, it’s important that our techs have a competency level that meet or exceed what we’re looking for. It’s dramatically changed, John, our security practice. You have to have good security and practice in place. We work very hard with our clients on the number one thing the staff or employees see in a business.

2. Blueprints for Success

Dave: if you’re setting up a new PC. If you can’t nail down that process of what they need, all the applications, the printer. You’re doing it day in, day out, and if a different person shows up, they do it differently than the other person. You need a blueprint, because if that goes well, they’re not going to make the noise to their point of contact.

3. Consistent Solution Stack

Dave: I think it’s important to have a solution stack that you’re consistent with. You can’t support everything under the sun. You have to stay so you know you’re going to give them the level of service they want, and you can’t support 10 firewalls. Just like when you go to a car dealership, they’re not selling 10 types of cars. They might sell used cars on the side, but their primary focus is their primary line of cars. That’s what their sales staff know. That’s what their techs know.

4. VCIO Meetings

Dave: But I think the number one thing, John, the differentiator, as we call it, is our VCIO process. We kind of break it down to the IT strategy. It is clearly defined as having a technology plan, having a roadmap, having a budget, and having a timeline. And also adjusting as business changes, like last year during the COVID situation. A lot of businesses had plans. They changed from what they originally thought, but they had a plan to work from instead of just guessing and throwing darts at it.

5. Using Experience to Improve Processes

Dave: But I think it’s very important, John, as you become more mature, your processes get better. Your internal people understand the system. It’s much easier to onboard people. When we have a new employee start here, it’s not chaotic for them. We clearly define what we expect of them in the first month, and we make all our efforts to make sure that person’s onboarded, because they’re part of the family and they’re part of the team supporting our clients. If we don’t onboard them correctly, it’s difficult to support the clients.

What Happens When a Business Transitions to a New MSP?

John: So most clients are probably kind of worried about change and they’re just maybe dealing with their current issues. They don’t really have that plan in place, like you said, and they’re kind of burying their head in the sand. Maybe they don’t even want to talk to a new MSP, because they’re afraid of all of the problems that are going to be uncovered or whatever. How does PCG kind of help to handle the transition to a new MSP for their clients?

Dave: That’s a great question, John. Change is tough and it doesn’t matter whether your provider or your contractor or even changing your internet provider. You have to think that out through. I think it’s one of the hardest projects for us to do for our client and vice versa. There’s a lot to learn, but we’ve worked very hard on this onboarding process. It’s our blueprint.

Everything it takes from the initial meetings, from how it’s going to happen, how we communicate with the outgoing MSP, what the cut-over date looks like, how we’ll train your staff, how you get access to us, how we’ll be there hand-holding you for the first few days. Here’s your dedicated client success manager that’ll be your liaison between the two groups. And then after 30 days of the onboarding process, we’re pretty much in good shape.

We’re going to come back to them, John. How did we do? What was missing? Here’s the few critical issues. Because when we take on, they don’t know everything either, and we could be finding something when we set up. No wonder why you had all these problems. They just kind of, I’m putting a bandaid on it, that we might see two or three things that we need to address. The ultimate goal is if they’re not submitting tickets to us, we’re doing a great job. If they can work and not submit tickets, we’re doing our job. So the more we can document, the more we can get them properly onboarded in a timely manner. Change is tough and the first few weeks we’re learning about their systems, but when they see our blueprint to how it works, it’s just the ice cream on the cake.

How Does PCG Prioritize Clients’ IT Concerns?

John: You probably come on board with clients too who have about 90 things that have to be done, and everything kind of seems like a priority. How do you help to sort of prioritize, “All right, this is what really has to be done in the first month, and these are the things that could be put off for a few months or six months from now”?

Dave: I’m glad you just asked that right there, because I think the reason they’re making a change, there’s been a lot of projects or ongoing issues. It’s very difficult to build your house without plans, or even an addition. There’s certain things you have to go through from not only getting approval through the city, and if you need a site review or you need something different regarding the home. You need to get on board with what they have. You need to know what’s going on. It’s very difficult for us to tell them to do X until we understand that, John. So when we tell them 30 days, we don’t want to change. “Let’s get you onboarded, then we’ll have that conversation.”

Then we’re going to go to that roadmap you and I were speaking about, the VCIO. Then we’ll prioritize those, because we might’ve uncovered something that’s more important than what they thought the problem was. It could have just been a bandaid. We’d rather fix the root of that. And then all projects cost money, so we want to make sure that there’s a budget in place. We’ll prioritize those, because some projects should be done before another project. “Well, you really can’t do this one until we address this one.” But they do like having that communication. It is their skin in the game. We want to know their goals, their issues, their problems, because we’re here to help them.

Contact PCG for Managed Services and Security Today

John: All right. Well, that’s really great information, Dave. Thanks again for speaking with me today.

Dave: My pleasure, John.

John: And for more information, you can visit the PCG website at or call (603) 431-4121.