Recently, an owner of a small Managed IT Services Provider (MSP) near Atlanta, GA was arrested for shutting down access to a customer’s data due to non-payment. This is a truly unfortunate situation for all involved. The MSP should not be expected to provide services for free, and the customer should not lose access to their data – which is essentially their property.
In a perfect world, both parties would have understood the ramifications of non-payment, remediation would have been mandatory, and ownership of data clauses would have existed in the contract so that no legal questions or comebacks exist. In this example, the owner of an MSP was arrested and the business was embarrassed with having its non-payment of services advertised to potential clients and vendors in the local news.
There are a lot of considerations when contracting with a technical services provider - whether MSP or CSP (some are both). Testimonials, number of technical staff available for assistance, years in business, client retention rate, service costs, average time for resolution, etc. should all be a part of the equation. As important as the outlined terms, cost, and services provided is the topic of ownership of data. If you are looking at an MSP/CSP that does not outline this clause, this should be a vivid red flag. Just like some consumers of MSP/CSP services do not filter each vendor contract through an attorney, not all MSP/CSPs have contracts drafted by attorneys. When terms are not precisely identified, issues are bound to occur. And, it may come 3 months into the relationship or could be 10 years. Managing the expectations and understanding of what is being provided, at what cost, and the terms of the agreement is as important as the quality of the service.
Questions that should be asked prior to engaging a MSP/CSP are:
- Where will be data physically reside?
- Will I have physical access?
- How is data transferred away from the MSP/CSP?
- Will the MSP/CSP provide the final systems’ snapshots upon contract termination?
How does the cloud fit into this?
Now, if you are thinking about moving to the cloud and are satisfied with the ownership of data issues, there are still considerations. Moving to the cloud is a decision that many companies continue to wrestling with. There are significant capital costs benefits with moving to the cloud. For the most part, the primary concern we hear from small business owners with moving to the cloud is security. There is still an inherent suspicion related to “the cloud” as it pertains to security. The philosophy of the small business owner is that they are small enough to “fly under the radar” of a directed hacking attempt, so it would be better to host physical servers onsite rather than the hosting provider. This is woefully inaccurate. Hackers know that small businesses often times have the weakest security, yet still maintain very valuable information. Imagine yourself a burglar. Would you prefer to hit a hardened target and risk likely arrest or walk through unlocked doors until you find pay dirt?
If your business maintains data, it is safe to assume that the data is valuable. If it is valuable, be sure to protect it both from external threats, as well as poorly drafted hosting and Managed IT Services agreements.