How COVID-19 has changed the conversation between MSPs and IT leaders
- By Dan Stroman
- Dec 15, 2020
Leaders in every sector experienced a whirlwind this year, scrambling to get remote employees online and determining how essential workers could still access offices safely. In many cases, these deployments weren’t completely new, but rather accelerated versions of much longer roadmaps. Now, despite most people and processes working again, leaders still have the worries of security and compliance.
Just as the most of the workplace disruption from COVID-19 is over, so is the way government IT leaders have engaged with managed service providers. Agency needs and capacity have changed, and MSPs have adjusted and adapted. Ensuring the security and compliance of any new system is imperative, and it all starts with knowing what to listen for during vetting.
The new conversations between MSPs and the public sector
With accelerated timelines and a rush to implement, how closely were vendors scrutinized during the last MSP engagement? Were they asked the right questions about their track record on security, compliance and certifications? Did the stakeholders in the room know what red alerts to listen for? Were the right stakeholders even in the room?
These critical questions aren’t new, but now they have different answers and implications. Here are four best practices and considerations for how to approach this new conversation with MSPs.
1. Expect competitive bidding. MSP competition is heating up in the public sector. Previously, procurement drove new technology acquisition -- often, the lowest bid won out, and, as such, the answer to requests for proposals from MSPs were often non-specific. Not anymore. Managed technology service providers are getting very specific in their proposals, often drilling down into application specific offerings and alignment with the organization’s needs. Because of this, agencies will likely have more than one finalist for a project and must dig deeper into the details to make a decision. What to listen for: Inside RFPs, look for named vendors, knowledge of the competitive ecosystem and a robust outline of security and compliance specifications. The more specific, the better.
2. Get more voices involved. Government IT leaders already do a good job of collaborating and knowledge sharing via a host of industry conferences and a large professional network. However, more is needed. First, consider reallocating budget where possible toward attending more of these events -- the pandemic has turned most of them virtual and more affordable -- to meet with peers and discuss common challenges. During the pandemic, many MSP decisions were made in a vacuum. Peer insight, whether gathered at an event or by reaching out directly, can lead to better decision-making and potentially uncover better strategies for vetting. What to listen for: Agencies have likely seen very good and very bad RFPs from vendors: learn from both. Ask if other agencies are willing to share a list of the best vendors or ones that just missed the cut. Also, ask them to identify any vendors they found that had big security red flags. This will help narrow down the next RFP stack.
3. Ask for a “proof of technology.” In the cloud era, technology demos have changed significantly. With many MSPs, it’s now possible for an agency to see its own data at work within applications. While standard practice used to be a small proof of concept or seeing a demo with dummy data, today’s MSPs are coming prepared to show their capabilities in real time, with real data. What to listen for: A proof of technology is a great way to see security features of a product firsthand. During the demo, be thorough when asking about how the system complies with regulations and point out anything that doesn’t seem right. If there’s a red flag during the demo, it may become an ongoing concern if all of the agency’s sensitive citizen and employee data is handled by that vendor.
4. Remember, it’s all about modernization. A common misconception public sector IT leaders have about MSPs is that the engagement requires significant outsourcing. Not so. Instead, think of it all as modernization: The MSP is simply helping existing staff do things more efficiently and at greater volume. Agencies aren’t giving up total control over their data, and if they have the right partner, they shouldn’t need to worry about it being secure and in compliance with regulations. What to listen for: Look for a vendor who can see beyond current needs and offers a roadmap for improvement. Additionally, keep an ear out for MSPs that share information about the future state of their own products. This indicates a partner who will continuously refine their product to work better.
The public sector’s rollercoaster of change may be coming to an end, but picking up the pieces of technology plans still remains. Whether an agency had to condense its pre-COVID-19 rollout, modify it piecemeal or abandon it completely, there’s still modernization that needs to happen. As IT leaders look to their next steps in working with an MSP, they should ask the right questions and listen for the best responses: The security and stability of the agency is on the line.
Dan Stroman is senior director of public sector with CloudCheckr.