What’s the difference between “outsourced” IT and “managed services”?
Rosenfeld: Managed services is a subset of IT outsourcing and describes a relationship with the following characteristics: first, managed services is usually predictable, monthly, fixed spending—often per user, per seat type of pricing. Second, managed services is typically a bundling of technology, people and processes. So, what you’re really buying is a platform, not just discrete services.
Lastly, with managed services, there’s an implied management responsibility on the part of the provider. For example, if you have a provider providing email hosting or server and network management, they can upgrade, manage and troubleshoot that technology at their discretion.
What are some of the trends or business imperatives that are moving small and middle-market businesses toward managed IT outsourcing?
Rosenfeld: The typical drivers are saving money, improving the reliability of IT services and addressing a lack of in-house talent and expertise. And, oftentimes, outsourcing to a managed-services provider allows existing in-house IT staff to focus on strategic projects. Additionally, you get access to new technologies.
Some companies are going to managed services outsourcing to improve their security posture and compliance levels. Lastly, flexibility is important for a company. So, with a good managed-services contract, you’re able to shrink and grow. For a high-growth company, having the ability to turn things up and down as needed definitely has business benefits.
What trends are driving the expertise and services that are often needed from an outsourced managed IT provider today?
Rosenfeld: We’re certainly seeing a trend toward globalization—even small companies are interacting with partners and customers across the globe. This level of globalization is introducing new IT challenges. Secondly, we’re seeing a labor shortage for IT professionals. It’s really hard to find and retain good IT talent. We’re also seeing the growing influence of artificial intelligence, [meaning] we’re starting to see computers doing things that are normally done by people.
Lastly, the “consumerization” of IT is really having an impact on the companies we talk to. A lot of the business innovation today is being driven by things such as the “BYOD”—bring your own device—phenomenon, cloud technologies and social media. CEOs are asking me how they can take some of the same technologies they’re using every day in their consumer life and apply them to their business.
Here’s an example: a CEO of a pretty large restaurant chain was recently overseas and used an iPhone app that helped him manage the family’s entire vacation. Upon his return, he asked me how he could apply that type of technology to his 12 restaurants in Boston. It’s an example of how business executives are looking for the next big thing—a lot of times, that’s driven by consumer technology.
Cybersecurity is an ever-growing threat for all businesses. What security advantages does a managed IT service often provide?
Rosenfeld: Unfortunately, everyone is a target for hackers today. And regulatory and statutory requirements around cybersecurity are becoming more oppressive. They’re constantly evolving. The penalties related to a breach are very severe and you need to be working with an outsourcing partner to build a layered security program. That includes both technical and administrative safeguards, plus security awareness training for your staff.
A managed-services provider is instrumental in ensuring a strong security posture. What does that mean? It means you’ve got a sound security-information program and policies. You’re performing ongoing vulnerability scanning. You’re performing, at least annually, end-user security awareness training. You’re actively monitoring security events. You’ve got a sound business continuity plan.
It’s very hard to do this all internally because of the lack of expertise and time.
Often it’s driven by customers. I work with a 50-person market research client in Boston. That’s a relatively small firm, but they deal with very large clients and, therefore, they undergo rigorous security audits from large financial companies. They rely on us as their managed-services provider to make sure that the technical and administrative safeguards are there and are in compliance with industry standards.
Given all the changes, a firm really needs to be working with somebody who has that industry security expertise and has a team of people constantly evaluating how those laws are changing and how to translate those changing laws into additional security measures or administrative safeguards.
Listen to the other episodes in our outsourcing podcast series
Learn how outsourcing certain key functions can help you meet your finance, accounting, technology and compliance requirements and needs.
Listen to this podcast to learn how organizations are using internal audit outsourcing to help address and meet compliance requirements.
Learn how finance and accounting outsourcing can help you manage your back-office allowing you to focus on the core of your business.