Plenty of MSPs promise the world – Lateral Plains CEO says here's what to ask instead

Many Australian organisations rely on managed ICT service providers (MSPs), but there are thousands of MSPs offering similar-sounding services and it can be difficult for organisations to tell them apart.

Luke Fong, Lateral Plains

“The MSP market is noisy,” said Luke Fong, CEO of Ballarat-based MSP Lateral Plains, “and plenty of providers will promise the world for a cheap monthly fee.’

“The real differentiator isn’t who can reset a password fastest, it’s who helps you reduce risk, plan ahead, and sleep better at night,” Fong noted.

Lateral Plains is one of the MSPs invited by iTnews' sister publication techpartner.news, publisher of the MSP Index directory, to share their views about how organisations can choose and get more value from their MSPs.

Getting value

Q. What’s the most common area where you think organisations don’t often get full value from their MSP — and in your opinion how should they fix that?

Luke Fong, Lateral Plains: Too often, organisations only measure their MSP on how fast someone answers the helpdesk phone. Speed matters, but it’s the lowest bar. The real value comes from whether your MSP is helping you get ahead of risk, improve processes, and use tech strategically, not just picking up the phone when you need them. To fix it, decision makers should push their MSP beyond tickets: ask them what’s coming around the corner and how they’re preparing you for it.

Q. What’s one overlooked question end-user organisations should be asking MSPs before signing a contract?

Luke Fong, Lateral Plains: Ask “How do you make money from us?” If the answer is purely about billable hours or upselling, that’s a red flag. You want to know their business model rewards them for keeping you secure, productive, and growing, not for how many times your staff need to call in with problems.

Q. Where do you most often see clients assume something is “included” in their managed service — but it’s not?

Luke Fong, Lateral Plains: Cybersecurity controls. A lot of buyers assume “our IT is managed, so security is sorted.” Not the case. Things like patching, backup monitoring, MFA enforcement - these can all sit in a grey zone unless it’s clearly spelled out. Good MSPs are transparent on this; weaker ones let the assumption ride until an incident proves otherwise.

Partnership

Q. Some organisations might get frustrated about being ‘sold to’ rather than being genuinely heard and ‘advised’. What’s one practical way to tell if an MSP is acting in your best long-term interest?

Luke Fong, Lateral Plains: If they spend more time listening to your business goals than pitching shiny products, that’s a good sign. Also, check if they’re willing to say “No, you don’t need that.” An MSP that can walk away from an upsell because it doesn’t serve your strategy is acting in your corner.

Q. What’s a better way to assess MSP capability than reading a services brochure or checking certifications?

Luke Fong, Lateral Plains: Ask them to show you a roadmap they’ve built for another client (scrubbed of sensitive details, of course). You’ll quickly see if they’re just a reactive IT shop or if they can actually align technology with business outcomes. Brochures tell you what they sell; roadmaps show you how they think.

Q. If an organisation is reviewing their MSP or running a tender, what’s one question they should ask that will quickly reveal the difference between a commodity MSP and a strategic partner?

Luke Fong, Lateral Plains: “Tell me about a time you said no to a client, and why.” Commodity MSPs won’t have a good answer, they just do what’s asked. Strategic MSPs can explain where they challenged a client’s thinking for the client’s benefit. That’s the difference between order-taking and partnership.

Culture and communication

Q. What’s a sign that an MSP’s internal culture is likely to support - or undermine - your organisation’s goals?

Luke Fong, Lateral Plains: Look at how they treat their own staff. If they churn through engineers, you’ll feel it in your service. A stable, respected team behind the scenes means your business isn’t a training ground for someone else’s next job.

Q. Some MSPs offer monthly reports or dashboards, but clients might find them hard to interpret or unhelpful. What should meaningful MSP reporting look like in 2025?

Luke Fong, Lateral Plains: Reports should speak your language, not the MSP’s. Instead of dumping uptime graphs, show risk reduction, business impact avoided, and progress against your security roadmap. If the report doesn’t help you make a decision or sleep better at night, it’s noise.

Q. What’s one reporting or communication practice you’ve seen make a big difference to an organisation’s confidence in their MSP?

Luke Fong, Lateral Plains: Quarterly business reviews where the MSP brings data and recommendations. Not just “here’s what happened,” but “here’s what we should do next.” That mix of accountability and forward planning builds trust faster than any dashboard.

Accountability

Q. What’s one area where organisations often fail to hold their MSP to account — and how could they do it better?

Luke Fong, Lateral Plains: Security responsibilities. Too many businesses assume thei “MSP has it covered” but never ask where the line is. Hold your MSP to account by putting it in writing: who patches what, who restores backups, who responds first during an incident. Ambiguity is the enemy of accountability.

Q. MSPs often say “cybersecurity is a shared responsibility” — but where does that shared responsibility most often break down?

Luke Fong, Lateral Plains: It usually breaks down with user behaviour. MSPs can set up MFA, filters, and EDR, but if a CEO clicks on a dodgy link or refuses training, the chain breaks. That’s why awareness programs and exec buy-in are just as critical as tech controls.

Q. There can be tension between MSP accountability and their clients’ responsibilities— especially in areas like patching, backups and cyber incidents. In your opinion, how should MSPs and clients set and manage those boundaries?

Luke Fong, Lateral Plains: By treating it like any other business relationship: define it, sign it, revisit it. Boundaries should be baked into the contract and reviewed at least annually. Technology changes too fast for a “set and forget” approach — today’s shared responsibility might not be tomorrow’s.

Luke Fong is CEO of Lateral Plains, an MSP based in Ballarat, Victoria which provides managed services, cybersecurity and data centre services.

See the directory of managed service providers (MSP) at techpartner.news.

Disclaimer: The views expressed in this Q&A are those of the individual contributors and do not necessarily reflect the views of iTnews or techpartner.news. The content is provided for general informational purposes only and does not constitute legal, financial or professional advice.