How to find good IT (Security) Providers

The pandemic as a digitization accelerator, global skills shortages in IT and the ability to work location-independently with technology skills. Just some of the factors that are leading to more and more administrators, programmers and consultants working from anywhere – while at the same time companies are finding fewer and fewer experts to hire permanently and have to look for agencies and freelancers.

But where can you find reliable IT support, and at what signs should your alarm bells ring?

It is not so easy to find competent technical support. Many traditional sources such as the Yellow Pages cannot help with more specific queries, and search engines such as Google in turn display far too many results. Even those who are actually looking for local contacts who can also drop by the office or home office quickly often end up with larger companies from other regions. Only the advertisements have been localized.

Furthermore, “IT” means everything and nothing – and even for specialized areas such as IT security, there are once again numerous specifications and subcategories.

What should you look for?

  1. Generally, every company that does not have its own IT department should cooperate with an IT administrator or an IT system house. The respective contact person(s) provide support for the IT architecture, the setup of new devices and software solutions and, in the best case, also create a structured documentation of the entire infrastructure.

  1. If your company operates a website, an online shop and/ or industry-specific systems, you should carefully check whether 1. can also help here, or whether it is more valuable to look for one or more additional specialized service providers.

  1. Often customers assume that 1. and 2. also automatically deal with data protection and IT security standards, train their employees, set up the systems accordingly secure and are available around the clock in case of emergencies. Unfortunately, in reality this is often not the case. In addition, it can be useful to obtain a second opinion on topics related to data and risk management or to keep the overall strategy up to date with the help of external consultants.

What service providers don’t like to admit

Especially in current times, the success stories on websites and social media often have little to do with the real client pipeline. In addition, not every company takes the training of its own employees too seriously, as long as any services can still be sold. As a result, and due to the shortage of skilled workers that also exists for specialized providers, the respective expertise of a team is often not too clear.

Also, I have seen offers that were deliberately set far below market price – in order to get the order. Such offers are then frequently on a so-called Upselling put on. For example, important functions and long-term support are missing from the website creation for the customer. Thus, further orders and additional costs arise automatically.

A serious bid can only be made by someone who already knows the people to implement the project. In recent years, the bad habit of sub-sub-sub-contracting has become widespread. In this case, a “business development manager” pretends to be the contact person or sales contact of an agency. In the end, however, this agency does not consist of a permanent team, but rather individual freelancers are sought together on relevant websites when orders are placed. These often live in low-wage countries, have never worked together as a team, and both expertise and work experience are not traceable. The same applies to the whereabouts of customer data. Because the model can be continued indefinitely. Until no one knows who is doing the actual work and who is responsible.

If a service provider is particularly eager to sell the software solutions of only one particular provider, you should also become suspicious. Here often flow in the background commission payments. The primary concern is not what is right for your company, but how the order pays off twice over. Such models are particularly annoying in the areas of IT architecture and infrastructure, for example when oversized or outdated systems are sold. Because once all the data has been moved, your company will only get out of it again with twice the effort and additional costs.

Once the customer has bitten, many service providers try to retain him for as long as possible. This works, for example, by concluding software contracts not between customer and provider, but between service provider and provider. In the past, it was more common to use so-called agency solutions, where service providers had an overall view of their portfolio of customer websites, for example. If the customer only wanted to change a small passage of text or an image, he always had to contact the agency – and received an additional invoice.

How to find reliable partners

No matter what technical challenge you’re looking for a suitable service provider for, you’ll find plenty.

Take the time to research and contact several companies for a task. You will find showcase customers and reviews on each website. These testimonials are not always genuine. Rather play it safe and ask for sample customers and project reviews. Especially when it comes to the top3 tasks from the beginning of this article, you can also ask business partners from your industry. Chances are they have already found suitable service providers – or you can search together.

As soon as you have suitable contacts, arrange initial meetings and insist that, in the case of larger projects, these take place not only with a sales employee but with project stakeholders or management.

A good conversation should briefly cover the services offered. Then both sides can ask questions. If your potential future business partner has no questions about your business model, your IT infrastructure and your planned cooperation, but only steadily emphasize that they can help you in any case – end the call!

This is about selling, not solving your problems.

Look for a partner who not only wants to understand your situation and your business, but also explains from the start exactly what his team will implement for you. And if there’s technical vocabulary being thrown around, ask for a less technical explanation.

In addition, the service provider should be able to give you perspectives and options – especially for larger projects. How much does it cost now? And what are the annual costs in the long run, e.g., if a growing number of customers use the digital product? Does the favored implementation strategy match your budget and can your team cover the required preliminary work as well as regular feedback processes? Does the experienced service provider have their own suggestions that might better fit your business goals?

Be sure to agree on the long-term terms – from both sides – for a successful project and put them in writing. For smaller projects without data transfers in the form of quotes or emails, for larger projects insist on a service provider contract that also includes data protection and security standards.

Online soon: CyXperts

We know how difficult it is to find good service providers and software vendors that value privacy and IT security – or offer specific services in these areas.

That’s why we’re currently working on a database to introduce you to pre-selected potential business partners.

The first virtual coffee rounds with partners providing support and solutions around New Work will take place on 11/25/2021 (in English) and 11/26/2021 (in German). Sign up here for our newsletter and receive the meeting links.

Questions and ideas for further blogposts welcome via email to sales [at] or via Linkedin.

%d bloggers like this: