“Outsourced IT management” is one of those phrases that sounds precise until you’ve talked to four providers and realized each of them means something different. One is selling a help desk bolted onto monitoring software. Another is selling strategic oversight with no hands-on work. A third wants to replace your entire stack and call it managed. They all put the same term on the proposal.
The confusion costs you. Choose the wrong model and you either pay for capabilities you don’t need or discover, nine months in, a gap you didn’t realize existed. Here’s how the actual delivery models break down, and which fits which stage of a growing company.
Model 1: Co-managed IT
This is the fastest-growing flavor of outsourced IT management, and for good reason. It assumes you have some internal IT — one or two people, maybe an accidental IT manager — and the provider fills in the gaps.
Typical split of responsibility:
- Internal: Day-to-day help desk, user onboarding, minor changes, institutional knowledge.
- External: Advanced engineering, security operations, after-hours coverage, backup and disaster recovery, tooling.
Co-managed fits companies where the internal team is capable but overloaded, or where it’s smart but generalist and needs depth in specific areas. The risk to plan for: if your internal person leaves, co-managed often has to convert to fully outsourced overnight. Build that contingency into the contract from day one.
Model 2: Fully outsourced IT management
Exactly what it sounds like. The provider owns the entire IT function. You have no IT employees. The provider is your IT department, for practical purposes.
This fits when:
- You’re between 20 and 100 employees.
- The cost and risk of hiring a first IT person outweigh the convenience.
- You want predictability more than you want deep institutional IT knowledge.
The trade-off is that everything runs through the provider’s processes, not yours. That’s a feature when your internal “processes” are an inbox. It’s a bug when you have specific, non-negotiable ways of working that don’t map to the provider’s standard playbook.
Model 3: Project-based outsourced IT management
This one gets miscategorized constantly. Project work — a Microsoft 365 migration, a new firewall deployment, an ERP rollout — isn’t really ongoing management. But many companies use the same provider for both, and the economics matter.
A healthy pattern looks like:
- Ongoing management on a flat monthly fee.
- Projects quoted separately, with fixed scope, fixed fee, and a clear definition of done.
Where this gets dangerous is when a provider starts “bundling” projects into the monthly fee with fuzzy boundaries. You end up paying for project hours you didn’t use, or you discover your “unlimited” plan has a cap buried on page 14 of the contract.
Model 4: Strategic IT management (vCIO or advisory only)
The least understood model, and honestly the one most undervalued by growing companies.
A virtual CIO or strategic advisor doesn’t run your IT. They help you make good decisions about it. They review vendor contracts, build your three-year technology roadmap, run your security governance, and sit in on executive meetings so strategy doesn’t drift away from technology.
This fits in two very different situations:
- Companies big enough (100+ employees) to have an IT manager but not big enough for a real CIO. The advisor becomes the strategic layer above the manager.
- Companies small enough to still use break-fix, but wise enough to want someone in their corner for build-vs-buy decisions.
Strategic-only engagements are usually a few thousand dollars a month for a set number of advisory hours. It’s the highest ROI engagement in the category, but also the hardest one to sell — the value is indirect, and the work is hard to see until something would have gone wrong and didn’t.
How to pick the right model
The right choice comes down to three factors: whether you have internal IT today, how much strategic technology decision-making sits on this year’s plate, and how much unpredictable cost you’re willing to absorb.
Rough matches:
- Small, simple, stable: break-fix or project-based.
- Small, growing, no internal IT: fully outsourced.
- Mid-sized with internal IT: co-managed.
- Mid-sized making major platform changes: fully outsourced plus a strategic advisor.
- Larger with an IT director: strategic advisory only.
Graduation paths (because you’ll outgrow the first model)
The mistake most companies make is picking one model and treating it as permanent. Almost nobody stays in the same outsourced IT management arrangement for more than three years. Growth forces change.
Typical transitions:
- Break-fix → Co-managed as you hire your first IT person.
- Co-managed → Fully outsourced when that IT person leaves.
- Fully outsourced → Co-managed when you’re large enough to hire internally again.
- Any model → Strategic advisory only once you have a real internal team.
Plan for the transition before you need it. Good providers will tell you when you’re about to outgrow them. The ones who don’t are the ones you’ll most need to leave.
The real question
The most useful question to ask any outsourced IT management provider isn’t “what do you do?” It’s “which model am I buying, and what will we do when I outgrow it?” The answer tells you whether they’re thinking about your business or just selling you a contract.
