FAQ: Common Business IT Questions for Sky Terra Tech

The word “outsourcing” simply means sending a project or function to an external resource instead of to your internal team or staff member. The outsourcing of IT services can take a couple of forms.

• Outsourcing IT projects: This is when your company decides to send a particular project or component to a third party rather than doing it in-house. Examples are when you hire a vendor or contractor to migrate to a cloud, hire an after-hours help desk, contract for a set number of support hours per month or some other task. Referred to as “break-fix” solutions, these solutions are designed to fix a problem or fill a specific need. They’re good as a temporary measure but they are not proactively serving the IT and cyber security needs of your business.
• Partnering with a managed service provider (MSP) for your IT support needs is more encompassing because it includes a help desk and project expertise. As such, it actively works to keep your network free of problems.

Outsourcing your IT needs to a managed service provider gives you, in effect, a highly efficient IT team of cyber security experts for typically less cost than an in-house team.

MSPs work round the clock 24/7/365 to prevent breaks or breaches from happening, allowing your business to achieve its goals. Learn more about the different approaches for outsourcing of IT services.

When the term “IT help desk outsourcing is used,” it typically refers to only help desk support instead of the complete services that a managed service provider (MSP) can provide for a more comprehensive solution to support your in-house team.

In either case, the help desk tech service provides 24/7/365 support from an external vendor. The techs who take these calls (or chats or tickets) do their best to fix the immediate problem of the caller. The tech support for your team includes:

• Running diagnostics
• Escalating the issue to someone with a higher level of expertise
• Installing, repairing and/or making changes to computer hardware and software
• Followup with customers to ensure issues are resolved

When the help desk is part of an MSP, instead of a standalone, the help desk team becomes intimately knowledgeable about your business and IT infrastructure and in essence becomes a part of the team actively working to prevent issues. As a standalone IT help desk outsourcing provider, the tech team assisting you usually does not have that level of insight into your business or the ability to help prevent similar issues from coming up.

IT project outsourcing is similar except it’s for a specific job within a given period of time and therefore has limited scope of your IT needs. The project might include the development of products, services or solutions and involve multiple parties within and outside of your organization.

Examples of IT outsourcing projects are migrating from an in-house service to the cloud, migrating email from G-Suite to Microsoft 365 or integrating multiple systems together.

Because internal IT teams don’t have the expertise or bandwidth to take on the project, IT project outsourcing is often a company’s first experience. Some managed service providers also offer IT project outsourcing while others only complete IT projects for existing managed IT clients.

A managed service provider (MSP) supports your company’s network, infrastructure and other technology needs. To use a metaphor, it does the heavy lifting so your in-house team can focus on improving and growing your business. Some offer an all-in-one platform and others customize the services to fit the client’s business.

MSPs proactively work to keep your network up and running 24/7/365 without interruption. MSPs can fix breaks and create solutions for avoiding them. Partnering with one will get the most productivity out of your business.

Managed Service Providers:

• Start with the setting up of your ITIL (internet technology infrastructure library)
• Monitor and protect all your endpoints (devices, computers), data and infrastructure (servers)
• Proactively monitor and patch manage to prevent disruption
• Trains your team about cyber security
• Gives you technology leadership guidance

A cloud managed service provider is a third-party company which offers a cloud-based platform, infrastructure and application. It bundles cloud services into a managed service agreement which means you are not just buying the cloud services, but getting the expertise and support you need to keep it optimized and secure. Think of it as you would a utility company — you pay only for the services you use, in this case cloud services.

Cyber security services providers (CSSP) offer cyber security to other businesses as a service. Working with a CSSP allows companies to leverage a more robust set of security protocols than they could with an in-house team. A cyber security provider can run tests to find vulnerabilities, monitor networks for intrusions and even respond to incidents. But not all cyber security service providers offer the same set of services and their methods and costs can vary greatly.

A managed cybersecurity service provider (MSSP) bundles cyber security services into a managed service agreement. So for a flat monthly fee, you get proactive monitoring, infrastructure expertise, response and remediation in addition to a help desk, training and other managed service components.

A cyber security managed service provider provides outsourced monitoring and management of security devices and systems. It is also called a managed cybersecurity provider or MSSP. It differs from a CSSP because the security services are provided as part of end-to-end IT coverage, including:

1. Monitoring your system and supporting your team 24/7/365
2. Making sure your infrastructure is secure by searching for risks/gaps and identifying other vulnerabilities
3. Closing any gaps and providing recommendations to implement specific security and productivity improvements
4. Proactively responding to attacks, usually blocking them before they breach your system
5. Provide ongoing training for the number one weakest link (your staff) in any security chain

Cyber security managed service providers package these into a flat rate monthly fee allowing you to plan your company’s technology needs in a faster and better way.

Cloud computing benefits for small business include, but are not limited to:

1. Improved manageability. By expanding your technological infrastructure resources as it is needed, cloud computing adds flexibility. You will no longer need to figure out how much data storage you need in the next year nor how many locations will be needed to access that data. Cloud solutions eliminate the need to know those answers now, or months in advance. Data storage size can be scaled up or down depending on your needs.
2. IT infrastructure costs are considerably less. Instead of infrastructure costs from capital expenditures (purchasing servers) you only need to plan cloud services operational expenses because:
   • You only pay for what you use (usage-based pricing).
   • You need fewer IT hours to implement and manage your data.

3. Limitless accessibility. If you’ve got an internet connection, there are no limits to being able to access your data from anywhere. Another advantage is that multiple users can work on the same data simultaneously so work gets done more efficiently and usually quicker. 
4. Significantly less maintenance. No longer will you need to install applications on every user’s computer. All the applications are in the cloud. There’s also no need to update or patch every endpoint’s computer. Again, all that happens on the cloud as well.
5. Better response during peak demand. Resources are shared across a large pool, therefore peak load capacity increases and there is more efficiency for systems that are less utilized.
6. Backup redundancy. Most well-designed cloud solutions use multiple redundant sites so that your data is protected and available even if one site is compromised.
7. Security. Cloud security, if implemented properly,  is as good as (or better) than traditional systems. 

Co-managed IT service, sometimes called hybrid IT services, is when your business keeps an IT staff in-house but supplements its internal resources with some services from a managed service provider (MSP).  When your business is large enough to maintain an in-house IT team, co-manager services can be the best of both worlds: you decide what you want from an MSP and what you want from your in-house team. 

There are many ways co-managed IT services can work. Here are three:

1. Your in-house IT team leans on the expertise of a managed service provider for advice and assistance but handles the day-to-day IT maintenance
2. The MSP becomes your outsourced CTO (sometimes called a virtual chief information security officer or VCISO) while your internal IT team executes plans and manages your systems
3. Your IT leadership is in-house but directs an outsourced managed IT team to execute strategies

Cyber security assessment services refer to any number of tests used to address any cyber security risks which might be on your infrastructure. The type of tests needed depend on your type of business, size of your company and your risk tolerance — but all are advantageous. Every business should conduct some level of cyber risk assessment.

Common cyber security assessment services include:

• Vulnerability assessment. This test finds existing and potential weak spots throughout your network. It examines them for what might post a possible area for cybercriminals to exploit.
• Penetration test. Cybersecurity experts (aka “white hat hackers) are hired to perform a simulated cyber attack on your business. Though rarely needed for most small businesses, it does identify risks. It is an involved and expensive test. 
• Network audit and access review. Do you know exactly what is on your network and who has access to what? That’s what the network audit and access review reveals. It can find unauthorized software or hardware as well as performance or licensing issues. It looks at who has permissions to access and make changes to your network and who does but should not, which will prevent future issues.
• Compliance audit. Compliance audits look both at what is happening inside your business as well as with any external partners or vendor relationships that impact your compliance. It assesses how well your company is obeying the compliance rules, regulations and laws that relate to your particular industry. It could be a niche for defense contractor requirements or as common as the PCI compliance required by any business that accepts credit card payments.

IT managed service providers can range from large national firms to the guy down the block who does it in his garage. The trick is not in finding one but finding the perfect managed service provider for your company. 

Whether you are looking anywhere in the U.S. or anywhere in Canada, the right IT managed service providers for your company should:

1. Monitor and support 24/7/365.
2. React quickly to your “help” call. A fast and reasonable resolution time should be based on the level of impact the issue is having on your business. If they say, “We got your message and are working on it,” ask them how soon it will be resolved.
3. Ask them about their customer satisfaction rating (CSAT). It should be high and be shown over several years. Get the client references which back up the rating.
4. What is their experience with your unique business (industry, environment or requirements)? Can they back that up with client references?
5. Are they willing and able to be on-site in your offices when needed? Do they schedule regular on-site visits to review equipment or train staff?
6. What about the time terms of their contracts? Long-term contracts are not advisable. You should be able to cancel all or part of your services with them with 30 days’ notice. Ideally, you want a managed service provider who earns your business month after month, not locks you into a long-term contract. 

Multi factor authentication (MFA) and two factor authentication (2FA) are often used interchangeably, but they are really not the same though close. Both verify that you are who you say you are. However, 2fa specifically needs only two forms of authentication while MFA requires two or more. Both are MFAs but both are not 2FAs. Clear? 

It does get confusing especially since one of the “factors” in both cases is email/password. People often think that email/password is already two factors but it is not.

Comparing multi factor authentication vs 2fa, is really considering how many forms of authentication you want to use. Two is the minimum, three is safer and more than that gets in the way of productivity. 

Remember the last time you logged in to a website? You were asked to provide a username and password. Again, that is really only one factor of authentication. 2FA takes this a step further by asking for one more factor, such as answers to previously asked security questions. These all fall into the “something you know” category.

Most MFA requires you to provide a “something you know, have or are” answers:

• “Something you know” — your father’s middle name, your favorite book/movie, etc.
• “Something you have” — The most common “have” is your cellphone. The website you are trying to get into will send a text or push notification. Enter that code and you have access. There are more secure methods, such as using an authenticator app or token device. They provide an additional layer of security over simply providing information.
•  “Something you are” — Biometrics like a fingerprint scan or face scan are the most common in this category.

It really does not matter which term, multi factor authentication vs 2fa, you use. The importance is using a powerful, tough authentication method to protect your business.

You’re halfway there if you acknowledge that MFA is the right move for your business and that you realize roll out multi-factor authentication your business is a given. Realize also that change brings some fear and some resistance. 

Here are some tips to mitigate both fear and resistance. 

1. Gather your entire IT team to the table, internal IT team as well as any managed service provider (MSP) you are using. Inform them MFA should and will be rolled out across your networks and systems for all users.
2. Let them know that the transition is mandatory and will include end-user training and support for the entire team. Training coupled with empathy are the only ways to successfully roll out MFA without stressing your team or impacting their ability to do business. 

   The MFA might feel to some like learning a new language. That’s especially where the training and empathy comes in. It will help them understand why it is so important and that they will get the support they need to feel comfortable with the new protocols.

3. Inform your vendors and partners and require that each also have MFA enabled.  If any don’t offer MFA security or don’t want it, consider switching to a provider that does. 
4. The monitoring of access attempts is important to improve your cyber security. There should be no invalid accesses. This is especially critical now that employees are working from outside the actual office location. 
5. If and when current employees are locked out and unable to authenticate, provide quick support options. If not, they might try to “work around” the system. Also make sure that your MFA rollout has as little impact as possible on productivity.

Whether you’re a small, mid-sized or large business, you might need some help with setting up multi factor authentication setup as well as ongoing support to train teams and monitor access attempts. So, get help from a trusted IT partner. 

Even companies with in-house IT teams often find it more cost effective to partner with a managed service provider (MSP) to support their internal teams. Contact us for a no pressure consultation.