What Does Managed IT Cost?

Whether you call it Managed IT, Managed Service Provider (MSP), IT Service Provider (ITSP), Outsourced IT, Technology Service Provider (TSP), IT Consulting, etc. Business managers, owners, and operators all want to know three things.#1. What exactly IS IT ? , #2 Why do I need it? and #3 What does it COST?

I decided to write this blog to help those business owners, operators, etc. understand the factors that create the cost of Managed IT. Although this blog is lengthy, I realize that finding a detailed breakdown of IT cost is significantly hard to find, but you deserve that explanation.

I will go over the two segments that Managed Service Providers aka “MSP’s” create their cost structure from.

Fluctuating Price Factors and standard Price Models

The Price Factors:

Price Factor #1:  What Services is the I.T. Company Providing?

I.T. Services consist of many types of services.  Here are the major areas of I.T. services commonly used:

1. Help Desk
2. Systems Administration (SysAdmin)
3. Network Operations Center (NOC)
4. Security Operations Center (SOC)
5. Professional services (I.T. Projects)
6. I.T. and Cybersecurity Risk Management
7. I.T. Management (Virtual CIO, I.T. planning, etc.)
8. Network Monitoring
9. Computer Monitoring
10. Backup Management (Cloud Services)
11. Incident Response
12. I.T. Asset management
13. I.T. Procurement
14. I.T. Project Management
15. Computer/Server Maintenance
16. Patch Management
17. I.T. Security services
18. I.T. Compliance management
19. Threat detection
20. Log Management (SIEM)
21. Firewall Management
22. Mobile Device Management
23. Penetration Testing
24. Vulnerability Management
25. Protection Services Management (Antivirus, Anti-ransomware, anti-exploit, etc…)
26. I.T. Change Management
27. I.T. Documentation/Procedure Management.

We realize that any non-IT or new to IT person might not know what each of these services actually means and/or entails, so if you would like to know, Click here.

Out of all these IT services, figure out which ones make sense for your business and which ones the IT company you are looking at provides. After determining this, ask for evidence that they do all of these services competently. The most common mistake businesses make when choosing an IT provider, is making the assumption that all IT providers offer the same services. Most providers do not offer all of the items above.  In fact, we have seen a substantial portion of providers that will falsely advertise that they do, simply because they know companies won’t ask for proof. These providers generally have a nice looking low-price that doesn’t align with the extensive hard work that goes into professional-grade, highly competent IT service. It takes a multitude of IT professionals and many tools for them to provide all these professional services. Only the best of the best will truly offer most or all of the services listed above. That being said, as a general rule; the more services provided, the better your IT experience will most likely be.

Price Factor #2: Size and Complexity of Your Organization

The size and complexity of your organization will affect the amount of effort needed to perform your IT services. Such as: 1. The number of locations your business has, 2. The number of network users, 3. The amount of data your organization has, 4. Which cloud services your organization uses, and the number of applications used.

The industry average scales a full-time IT person for every 65 computer users in your company.  The logic follows that if you have 30 computer users your estimated budget for I.T. labor should be roughly half the cost of a full-time IT employee.  Conversely, if you have 130 employees, your spending on IT labor will likely need to be for 2 full-time IT staff or the equivalent in outsourcing.

The complexity or relative simplicity of your environment can influence the I.T. labor needs as well.  Complexity is influenced by the number of locations, the number, and variety of devices, the number of applications, the I.T. security requirements, the performance requirements, etc. The simpler your setup, the less expensive it will be to manage, and conversely, the more complex the more time and expense it will be.

Price Factor #3: Regulatory Requirements or Industry Standards

Clients that are governed by specific compliance regulations often have additional IT requirements. These industries are typically Health Care, Financial Management, Aerospace, and Government Contractors.  These types of organizations require extensive oversight and compliance cycles that require more time and expertise from their IT support provider.

Factor #4: Location

Areas that have a higher cost of living make the cost to deliver IT service higher. The 4 factors listed above will fluctuate the pricing and are all taken into consideration when a price quote is sent. Now, Let’s discuss the 3 Standard Price Models. These price models are typically first selected and then adjusted based on the price factors.

The 3 Standard Price Models:

Managed Service Providers have a couple of different models for how they charge for services.  Most of them, these days, do a fully managed service.  This means a fixed cost amount, usually based on the number of computer users in your business.  The complication is that nobody has the same definition for what managed services should include.  Most MSPs do not include hardware, software, after-hours support, or projects in their fixed cost amount.  Also, they will each have their own mix of provided I.T. services (refer back to ‘Price Factor #1’).

There are three predominant pricing methods for a fixed cost managed I.T. service.

1. Price Model: Price Per User, Per Month

This method has become the leading method over the last 5 years.  It’s simpler to calculate and supports the user no matter how many devices they may have.  Pricing per user typically ranges from $100 to $250 per month. So, if you have 50 users in your company you can expect a total cost to be in the $7500 a month range, under this model.  Be aware that the vast majority of MSPs will price this service in the $150 range and only provide 30% to 65% of the services listed in ‘Price Factor #1’.

2. Price Model: Price Per Device, Per month

In this method, each computer, phone, switch, firewall, wireless access point, server, application, vendor, cloud service all carry a monthly fee.  Most I.T. Service Providers using this method are simply continuing to use the same method they have used for over 10 years. The overall pricing still ends up equaling about the same as the per-user method, it just takes more effort to count, audit, and make sure the pricing is correct.

3. Price Model: Block Time

This is commonly thought of as a retainer style.  The provider will estimate the number of hours they think your support will take on a monthly basis and set that as a monthly retainer amount based on their hourly rate ranging from $150 to $250 an hour. This can be a good model to use when you already have I.T. members that work directly within your company and you only need to outsource part of your I.T. services to a Managed I.T. Service Provider. This can also be a good model to use if you are a very small business. If in a month you use more than your prepaid block of hours, you will be billed for the overage.  Conversely, if the time is not used, it is banked for future use.

Are there any additional costs outside the I.T. provider’s service agreement?

Special Projects:

 Most I.T. service providers, at some point, are required to do work outside the managed services agreement. This is mostly for special projects. When these projects are being done, they are usually billed by the hour.

Often times I am asked, “What is the hourly rate?” Typically, across all managed I.T. providers, the cost ranges from $100 – $225 an hour. Be wary about determining a provider solely based on an hourly cost. For instance, one provider may charge $100 an hour but take 100 hours to do the work.  While another may be $175 an hour but only take 30 hours to do the same work. Due to the high level of incompetency within the I.T. industry. Lower hourly rates and lengthy labor time logs are something we are increasingly seeing more of. The better the I.T. technicians are, the more expensive they usually are and the less time they take to finish the work.

Cloud Service, Backup, Applications, Training:

The costs for cloud services, backup, and subscriptions to Software as a Service (SaaS) applications can really vary widely. Most providers will manage these things for you. To understand costs, you really have to evaluate the individual and specific mix of applications your organization consumes. Here are some high-level guidelines:

1. Backup: You usually want to make sure any servers are backed up in your cloud services. It is common that people do not back up their office 365 for instance.  This can be a big surprise to many organizations when they realize data has been deleted and they need access to it.

Generally, you can expect a total cloud backing cost from $350 to over $1000 a month. The amount within this range varies based on the amount of data, the number of servers, etc. So, the more you have, the more it can cost. Most small businesses pay on the lower end of that; however, it really depends on the amount of data you have. Keep in mind this cost range is for a full-service backup solution. There are some poorly designed, low-end backup solutions out there that are cheap. We advise being very skeptical of server backup systems that are cheap by comparison. They may not actually do what you want them to do, despite the claims of the MSP.

2. Antivirus, anti-exploit, and anti-ransomware, enterprise detect and response (EDR), managed to detect and response (MDR): These protection tools are typically charged by the user or computer per month. You will commonly see the pricing to be $4 to $15 a month depending on which of the services are included in the cost.

Here are some other costs you may want to incur along with your MSP services to properly support and secure your computers:

1. Firewall Security licensing
2. End-User Awareness Training
3. Threat Detection services
4. Security Operations Center (SOC) as a Service
5. Email Security
6. Device Encryption
7. Mobile Device Management
8. Dark-web Monitoring
9. Office 365
10. Dual Factor Authentication Service
11. Password Vault Solutions

And more..

Here at Snap Tech IT, this is how we price our services –

We offer two Managed IT Service Packages:

1. The Snap Simplicity Package (a Fully Managed I.T. Service) –

This uses the ‘Per User, Per Month’ price model. We price Snap Simplicity anywhere from $125 to $250 a user and our average customers are around $150.  The pricing factors as described at the start of this blog will influence this.

2. The Snap Boost Package (An I.T. Service Boost to Your Current Provider) –

This uses the ‘Block Time’ price model.  We evaluate your scope of work and estimate the hours.  Generally, we won’t know how many hours it will take until we know the number of computer users you have, your company complexity, and the extent we will be used to boost your current in-house IT staff or department.

Our Hourly Rate for Projects Outside of the Contracted Service Agreement:

We generally charge $175/an hour and offer a discounted rate of $160/an hour for contracted clients. For businesses outside of the major cities we operate in, our hourly rate will fluctuate depending on the location of the work. In our San Francisco offices, our base rate is $225/an hour with a discounted rate of $175/an hour for ongoing contracted clients.  The rate increase for that market is based on our higher costs for operating in that market.

Much of what we do is not charged by the hour, but these special projects are.  First. they are scoped out, explained in detail and then each is fully approved by our customers prior to execution.

Some examples for total costs:

Again, I want to emphasize that due to size, complexity, and other factors this can really change when uniquely adjusted to your organization.

‘Example Company’

• Has 50 users with 2 locations, 5 remote users, average complexity and average amount of data for backup: They select our Snap Simplicity Package:

Snap Simplicity Package 50 x 150 =                 $7500

Backup =                                                                $350

Protection SaaS items:  =                                    $400

Threat detection =                                                $500

(not offered by most MSP’s)

$8750 roughly a month all in.  At 50 users you are close to the full-time employee equivalent.  With common salaries for a jack of all trades I.T. person, you are pretty much in the same price range except our pricing includes the SaaS items, Anti-Virus, Anti-Ransomware, EDR, a ticketing system, all the monitoring services, and a deep bench of I.T. staff with many specialties.

In the marketplace, our pricing is usually in the top third.  The reason for that is that we offer more of the services listed than average and hence have a higher cost basis. I remember distinctly years ago when a company declined our services at $125 an hour to go with someone who said they could fix a single computer for $50 an hour.  A week later the owner called me to ask me to come and fix it.  I was confused, but come to find out, the $50/an hour provider proceeded to spend 23 billable hours to resolve a single computer and didn’t finish.  Our team then went on-site and fixed the issue in 1 hour.

Sadly, the I.T. industry is like this. Not all hourly rates carry the same value. Not all I.T. providers provide the same services. Many of them claim they provide more services than they do. It is a hard world to understand. I know this has been a long blog, but hopefully, this frank take helps you better understand the things that affect the cost and help you better evaluate what your I.T. costs should be to have a good I.T. experience and a safe I.T. system.

Additionally, here are a few extra tips:

When determining the cost to value, look at the risk management the MSP provides. This is an area very few MSPs have focused on. Yet shockingly, more and more of them are claiming cybersecurity expertise, but their claims are not verifiable.  When you have an MSP making claims to reduce cybersecurity risk, be sure to verify their claims.

One of the best ways to verify if the Managed Service Provider is good at security is to see their 3^rd party annual security audit reports.  Only about 2% of all MSPs even do a 3^rd party verification of their own security. The ones who do this verification, most will become SOC 2 Type 2 certified. Type 2 is far more comprehensive than Type 1.

If your MSP is verifiably better at security and can take risks out of our business, then they have added value. The ability for them to operate at a higher security level does take additional staffing, additional software tools, and better execution. This is an area where some additional costs can be justified.

Be aware of providers out there that follow the “Break/Fix” model of I.T. This has become mostly dismissed however, there are still some low maturity MSPs that will offer it.  Break/Fix is usually only charged by the hour and only for the hours you use.  The problem is that it means you wait until something breaks, call the MSP, they come and fix it.

This all sounds great until you realize that what that really means is stuff is breaking all the time. In fact, your MSP has zero incentive to prevent problems. They only make money if things break.

Managed IT or the “MSP” provider model has become the standard.  The MSP provides proactive and preventative IT services so you don’t have constant breaks and outages.