SMB MSP selection

Table of Contents

    Tim Mektrakarn

    May 1, 2024

    Key Factors SMB Owners Consider When Selecting an MSP and MSSP

    Introduction to MSP and MSSPs

    Small and Medium Businesses (SMBs) often navigate complex IT challenges. This is where Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) come into play. Selecting an MSP or MSSP has even more crucial ramifications now than ever. MSPs provide various services, from remote network, application, and system management to proactive IT support and maintenance. MSSPs also focus on security, offering services like firewall and virus protection, security audits, and incident response.

    An overview of Bright Defense’s cybersecurity compliance services for small businesses and startups.

    The Importance of MSP/MSSPs to SMBs

    For SMBs, the importance of these services cannot be overstated. In an era where digital threats are ever-evolving and IT infrastructure plays a critical role in operations, partnering with an MSP or MSSP can be a game-changer. These providers not only help in managing and securing IT infrastructure but also allow SMB owners to focus on core business activities without being bogged down by technical complexities and cybersecurity concerns.

    Main Objectives of this Article

    This article explores what SMB owners prioritize when selecting an MSP or MSSP. By understanding these key factors, SMBs can make informed decisions that align with their specific needs, ensuring their IT infrastructure is managed and evolves with their business. MSP and MSSP owners can also learn what SMB owners value the most when evaluating service providers. While writing this article, I had the chance to interview a handful of SMB owners to get their opinions.

    Understanding the Needs of SMBs

    SMBs often grapple with a unique set of challenges regarding IT and security. Limited resources, budget constraints, and a lack of specialized IT staff are common hurdles. These businesses need robust IT systems that are both efficient and scalable, yet they often lack the means to establish and maintain these systems internally. SMBs are frequently targets for cyber attacks due to perceived vulnerabilities in their security systems.

    Selecting an MSSP

    Key Factors SMB Owners Consider When Selecting an MSP/MSSP

    When SMB owners select an MSSP/MSP, several key factors come into play to ensure they make the right choice. These factors are critical in establishing a partnership that addresses immediate needs and supports long-term growth and security.

    1. Expertise and Experience
      SMB owners prioritize providers with a proven track record and industry-specific knowledge. Expertise in handling similar business models and understanding industry challenges is crucial. Experience in dealing with similar-sized businesses and familiarity with industry-specific technologies can greatly influence the success of IT and security strategies.

      Sudhir Khatwani, Founder of The Money Mongers states, “Trust is critical when choosing an MSP/MSSP. We want someone with a proven track record, not just impressive claims. Security is non-negotiable – our provider must be as obsessed with data protection as we are, transparent about their defenses, and fully compliant with regulations. If they fall short on security, they’re not for us.”

    2. Cost-Effectiveness and Scalability
      In a recent interview with Matthew Ramirez, who is a Forbes 30 under 30 Entrepeneur and Founder of Rephrase, states, “…Managed IT services are flexible. They can be scaled up or down as needed — and they can also be adjusted seasonally (for example, if you have a lot of employees in the summer but need fewer in the winter, you can adjust your service plan to fit your needs)…Managed IT services offer the same expertise — whether you have one computer or one thousand. With other services (like cloud hosting, for example), you get what you pay for. So with managed IT services, you don’t have to pay for things you don’t need or want.”

      Therefore, balancing quality services with budget constraints is a significant consideration. SMBs seek value-for-money solutions that don’t compromise on quality. Equally important is scalability – the ability of the MSP or MSSP to grow its services with the business, ensuring that IT capabilities expand (or contract) as the company does.

    3. Range of Services Offered
      The decision often hinges on whether the provider offers comprehensive services or specializes in specific areas. While some SMBs may prefer a one-stop-shop for all their IT and security needs, others might prioritize providers who specialize in certain key areas relevant to their business.

      Precious Abacan, Chief Information Technology Officer at, told me during a recent interview that “I strongly believe that reputable IT managed services partners should recommend solutions that are in our best interest, rather than what benefits them the most. This involves evaluating our existing technology assets to see how they align with our overall business strategy. They should either guide us on how to make the most of our current resources or suggest alternative solutions that are a better fit.”

    4. Security and Compliance
      Addressing cybersecurity threats and ensuring regulatory compliance is non-negotiable in the current digital landscape. SMBs require MSPs and MSSPs that protect against cyber threats and understand the legal and compliance aspects, especially in industries where data protection is paramount. Hasson Barnes, a civil and litigation lawyer based in Baltimore, MD reiterated this sentiment to me, “When selecting an MSP or MSSP, focus on their industry experience, adherence to legal and regulatory compliance, and quick response capabilities. Ensure transparent communication and regular reporting for informed decision-making.

      Abhishek Shah, Founder of Testlify, adds “We prioritize scalability, cost-effectiveness, and a robust track record of successful client partnerships. Our data indicates that SMBs value providers who offer flexible solutions, ensuring seamless integration with existing systems and adapting to evolving business needs. Additionally, transparency in pricing models and a demonstrated commitment to cybersecurity are paramount for SMBs assessing MSP/MSSP options.

    5. Customer Service and Support
      The availability, responsiveness, and quality of support offered by the MSP or MSSP are vital. SMBs need assurance that they can rely on prompt and effective support when issues arise, minimizing downtime and ensuring continuity of operations.

      Abacan from states, “Here’s a somewhat unpopular opinion among IT MSPs: technology should take a back seat to people. Technology without considering its impact on the end-users is irrelevant. No matter how advanced a technology solution may be, it won’t succeed if our teams do not embrace it. That’s why the best solutions begin and end with the people who will be using them. A true partner will invest time in meeting our teams, understanding their work processes, soliciting their feedback on what’s working well and what challenges they’re encountering, and assessing how they will adapt to change.

    6. Reputation and Client Testimonials
      Something that all interviewees had in common was that reputation and client testimonials are key. Word-of-mouth and client experiences play a significant role during the evaluation process. Positive feedback and testimonials from other businesses, especially those in similar industries or of similar size, can greatly influence the decision-making process.

    7. Technology and Innovation Staying ahead with the latest technology and innovative solutions is a key factor. SMBs benefit from providers that proactively adopt new technologies and practices, ensuring that their IT infrastructure and security measures are not just current but also forward-thinking.

      Khatwani from The Money Mongers also adds, “Of course, cost is a factor. We want value, not just a low price. It’s about the concrete benefits: reduced downtime, increased efficiency, and robust security. If they can demonstrate tangible improvements, not just flashy tech lingo, we’re interested. In summary, we seek an MSP/MSSP tailored to our unique needs – a trusted, secure partner poised for future growth.
    SMB owner selecting MSP

    How to Evaluate and Choose the Right MSP/MSSP

    Selecting an MSP or MSSP is a pivotal decision for SMB owners. The right choice can enhance operational efficiency, bolster security, and drive business growth. Here are steps SMB owners can take to assess and select a provider, emphasizing the importance of alignment with business goals and culture.

    1. Assess Your Business Needs and Goals
      Begin by thoroughly understanding your own business’s IT and security needs. Define what success looks like for these areas in the context of your overall business goals. This assessment will guide you in identifying the key services and expertise you require from an MSP/MSSP.

    2. Research Potential Providers
      Compile a list of potential MSPs and MSSPs through online research, industry recommendations, and peer referrals. Look for providers with experience in your industry and a proven track record in the services you need. If you need onsite support services, make sure the potential provider can service you!

    3. Evaluate Expertise and Experience
      Examine the qualifications, certifications, and experience of each provider. Ensure they have a solid background in managing IT and security for businesses similar to yours. Look for industry certifications from CompTIA, ISC, ISACA, and technology vendors such as Cisco, Microsoft and AWS.

    4. Consider the Range of Services
      Review the range of services offered by each provider. Determine whether they offer the comprehensive solutions you need or if they specialize in areas most critical to your business. For example, if your business is solely reliant on a Salesforce for your CRM and business operations, make sure the MSP has experience with managing and customizing Salesforce.

    5. Analyze Cost-Effectiveness and Scalability
      Evaluate the pricing structures of each provider. It’s important to find a balance between cost and quality. This ensures the services are affordable and offer room for scalability as your business grows. Are they billing you based off of time & materials, block of hours, or an all-you-can-eat model based on per employee?

    6. Check for Security and MSP Compliance Capabilities
      Ensure the provider has robust security measures and is knowledgeable about compliance regulations relevant to your industry. This is crucial for protecting your data and meeting legal requirements. Send them a comprehensive security questionnaire to review their answers and look out for the ones that mark Yes to everything. Ask your MSP/MSSP to comply with compliance frameworks such as SOC 2, HIPAA, PCI, ISO 27001 etc. so that you have more peace of mind that a third party auditor has also validated the firm’s compliance.

    7. Examine Customer Service and Support
      Assess the provider’s reputation for customer service and support. Look for reviews or ask for references to gauge their responsiveness and effectiveness in resolving issues.

    8. Align with Business Culture and Values
      The provider should not only meet your technical needs but also align with your business’s culture and values. A provider that understands and fits well with your business ethos can lead to a more productive and harmonious partnership.

    9. Request Proposals and Conduct Interviews
      Ask for detailed proposals from your shortlisted providers and conduct interviews or meetings to discuss your specific needs. This step provides a deeper insight into their approach and how they would handle your business’s IT and security.

    10. Make an Informed Decision
      After careful evaluation, choose the MSP or MSSP that best aligns with your business goals, offers the most comprehensive and cost-effective solution, and shares your company’s values and culture.

    By following these steps, SMB owners can make a well-informed decision, selecting an MSP or MSSP that not only addresses their immediate IT and security needs but also supports their long-term business objectives and growth strategies.

    About Bright Defense

    Tim Mektrakarn and John Minnix, founders of Bright Defense, are distinguished veterans in the MSP and MSSP industry, having previously spearheaded the successful operations of VPLS and VPLS Solutions. Their proven track record is highlighted by the strategic sale of both companies to Crestline Investors in November 2019, culminating in a merger with Evocative. This transaction not only underscores their acumen in business development but also their expertise in navigating complex compliance landscapes, including SOC 2, HIPAA, and PCI standards.

    Under their leadership, VPLS and VPLS Solutions achieved remarkable growth and scalability, largely attributed to the trust and credibility garnered through rigorous compliance with security frameworks and regulatory laws. This foundation of compliance and security expertise is now the cornerstone of Bright Defense.

    Bright Defense is positioned at the forefront of the industry, offering specialized continuous compliance services. These services are meticulously tailored to meet the unique needs of SMBs and MSP/MSSPs. With a focus on enhancing security postures, Bright Defense empowers these firms to safeguard their operations and sustain and elevate their service offerings over time. The depth of experience and industry insight that Tim Mektrakarn and John Minnix bring to Bright Defense is a testament to their commitment to excellence and a clear indicator of the company’s potential to revolutionize how SMBs and MSP/MSSPs approach security and compliance.

    Get In Touch

      Group 1298 (1)-min