If we could identify one question that we’re asked the most, it would certainly not be “is our IT company putting us at risk?” In fact, I am surprised time and time again at how rare this comes up in conversations. More than 70% of small and medium sized businesses outsource their IT function to a service provider like Cole Technologies (source). So quite literally, the IT responsibilities of nearly 3 out of every 4 businesses you might see while driving around the city or see in the ads lie not within the business at all – but with that of an IT service provider.
So what’s the risk or concern with that? Theoretically, nothing. But in reality, so many things.
Think about the last time you got a concerning or sketchy email from someone pretending to be Microsoft, Netflix, or even your financial institution. You opened the email, noticed that it looked fishy and immediately deleted it without ever clicking on a link or entering your credentials. You think, “I dodged another bullet with that one.” Maybe you even took an extra step and changed your password on all of your accounts that same day. Regardless, it’s probably safe to say that you don’t want others to have your password to your bank account, Facebook page, or anything else.
But if you’re a business owner or leader, do you represent one out of the nearly 75% of businesses who outsource their IT? How do you know that your IT provider is keeping your information not only secure but private as well? Do you know where your data resides? What about who can access that data? And if you do know enough to speak to all or some of these questions – are you OK with those answers?
Many managed service providers (MSPs for short) provide similar if not identical services and products. The antivirus solution you have, the firewall in your network closet, the backup system dutifully copying your mission-critical data at night — are all likely to be from the same handful of vendors regardless of the company actually selling it to you. Now, that in and of itself is not necessarily a bad thing. What you should be concerned about is the lack of transparency and more importantly – the lack of control and accountability that your MSP has in any of these solutions.
You see, the actual software companies that produce these products are very clever. Instead of selling their security software or backup solution directly to businesses like yours, they market and sell to MSPs like us. We’ll call them MSP-grade software companies. Most of us are sold on it, too. We think, “I can provide x service for all of my clients and hardly need to do anything? Sold!” And then we go about our day – feeling great about it. In theory, this is still not disastrous. You may even argue that it’s efficient and the only way to get solutions into the offices of America’s backbone, the small/medium sized business.
The harsh reality is that very few of these companies who make the MSP-grade software are best-in-class with regards to security, affordability, functionality, or innovation. Remember, they are selling to MSPs and therefore market to solve the problems of MSPs – not to solve your problems!
This calls to attention a series of cascading concerns, and therefore, questions. Really basic questions like: who has my data?
If your business is under any regulatory supervision (think healthcare, financial services, government contracting, etc.) then this question becomes even more critical. Compliance frameworks such as HIPAA, PCI-DSS, or CMMC impose stringent requirements on how data is stored, accessed, and protected. Even if your industry isn’t heavily regulated, data privacy laws like GDPR or CCPA might still apply to you if you have clients or users within their jurisdiction. These regulations impose steep penalties for mishandling sensitive data.
But here’s where the real problem lies: as a business owner, you may be trusting your IT service provider to handle all of this, without having any insight into the inner workings of the tools they’re using. They might be contracting with a vendor whose data centers are located halfway across the world, or who has a history of security breaches. And, worse yet, these vendors could have access to your sensitive data without your knowledge.
Ask yourself, do you know where your data is being stored? Have you verified that the tools your MSP is using comply with your industry’s regulatory requirements? More importantly, have you considered what happens if your MSP’s security posture fails? Do they have the proper incident response plan in place, or will you be left holding the bag if a breach occurs?
It’s not enough to trust your IT provider blindly. The right provider will be fully transparent about where your data is, how it’s protected, and who has access to it. They’ll have clearly defined contracts, including Service Level Agreements (SLAs) that outline their responsibilities in the event of a cyber incident. But most importantly, they’ll give you control—control over who can access your sensitive data and how it’s being managed.
This is where Cole Technologies differentiates itself. We believe that security, accountability, and transparency should never be optional. Our philosophy is simple: Better IT, Better Security. Guaranteed. Unlike many MSPs, we don’t just hand off your data to a third party without oversight. We own and manage the majority of the infrastructure that your data will be backed up to. We take the extra steps to ensure that our solutions are secure, compliant, and best-in-class—because your business deserves nothing less.
In today’s digital age, the stakes are too high to take chances with your IT. Partnering with the right provider isn’t just about convenience—it’s about safeguarding your business from potential threats, ensuring compliance, and maintaining control over your most critical assets. At Cole Technologies, we take that responsibility seriously. Because at the end of the day, it’s not just about IT. It’s about trust and accountability.
Ask us the difficult questions and we’ll give you an honest answer. Whether you are looking for an IT solutions provider or just want to know more about what your company needs, you can contact us using the form below and we’ll point you in the right direction.