by Scott Jack
Content Contributor, E-N Computers
More than a decade of experience in technical support including end user support, mobile device management, application deployment, and documentation.
You didn’t change your IT provider, but your IT provider changed on you. Maybe you were notified that a larger company was buying your MSP. And then you started noticing things: a different support person on every call, people who don’t know your systems, billing that doesn’t make sense, serious delays. And now you’re asking, what do I do?
You’re not alone. The managed IT services industry is undergoing big changes, with an overwhelming wave of consolidation by private equity firms that want to take all the regional MSPs and turn them into a “scalable” conglomerate. Usually, this means that the small, responsive, local firm you hired has become part of a much larger machine. And the focus is on serving investors, not you.
These private equity buy-outs are well known for centralized support, offshore help desks, higher staff turnover, and billing headaches. A deeper issue is the compliance and security risk that comes with ever-changing, offshore, nearly anonymous staff having access to your systems and data.
E-N Computers has been around since 1997 and we’ve seen more than a few regional MSPs gobbled up by private equity. We’ve heard the horror stories of prospects looking to escape the consequences of an MSP acquisition. This guide will walk you through the typical changes that happen after an MSP buy-out, what risks to watch out for, the right questions to ask, and how to decide when it’s time to make a move.
QUICK ANSWER:
What do I do now that my MSP has been acquired?
Start by asking your MSP direct questions: Where is your help desk now located? Who has access to my systems? Can you still meet my compliance requirements in writing? The answers will tell you a lot.
If service has already declined — billing problems, staff turnover, an offshore help desk that doesn’t know your environment — those are signs the situation is unlikely to improve. Your IT provider has access to everything in your organization, and that access needs to be held by people you can vet and hold accountable.
If your current provider can no longer offer that, you have better options, and switching is more straightforward than you might think.
What changes after an MSP acquisition
Not every MSP acquisition ends in disaster. But many do, and there’s a pattern. When private equity buys a regional MSP, they have one goal: increase profits for investors by any means necessary. So they cut costs and increase margins, giving you worse service at a higher price. They standardize and centralize operations.
The help desk moves and is less accountable.This happens soon after acquisition. Regional technicians are laid off, and an offshore call center takes their place. Response times become longer. Context gets lost, and more people touch each support ticket. You feel like you’re starting over with every call. You used to feel like you were talking to a colleague, and now you feel like you’re throwing all your money into a wishing well.
Your familiar contacts disappear. The people you built relationships with — account managers, technicians, and engineers who know your team and your infrastructure — don’t stick around. Some move on while it’s their choice and others get pushed out. The new people don’t know your history, your environment, or your priorities. You find it harder to keep track of who to talk to about problems because the turnover is so high.
Billing becomes a problem. If the help desk is bad, the back office is worse. Billing systems get merged or replaced, pricing changes, and errors abound. Invoices arrive late, duplicate charges keep popping up, and the people who should be able to fix it are new, overwhelmed, or both. One prospect shared that the new billing department was “outright hostile” and billed for new hardware so late that it was in a different fiscal year.
Everything changes at once. The most disorienting thing might be that all of this happens very rapidly. Service quality can feel like it dropped off a cliff the moment the acquisition announcement hit your inbox.
CMMC and ITAR risks after MSP acquisition
When you first heard that your IT help desk was being moved overseas, your initial thought may have been about service quality. But there’s a deeper risk that we think doesn’t get enough attention: who now has access to your data, and what accountability exists if something goes wrong?
Many of our competitors are outsourcing their support to the Philippines, Africa or elsewhere, said Ian MacRae, the founder of E-N Computers. ”One of the reasons why we are all onshore is because we feel that security is really important to our customers,” he said. “Some people have compliance reasons to have all onshore staff.”
Frameworks like ITAR (International Traffic in Arms Regulations) and CMMC (Cybersecurity Maturity Model Certification) exist specifically to control who can access certain categories of sensitive data. For defense contractors and their suppliers, even indirect access to controlled unclassified information (CUI) by foreign nationals can trigger a compliance violation — regardless of whether any data was mishandled. The violation is in the access itself.
This matters because your MSP has access to everything. When a private equity firm acquires your IT provider and consolidates support into an overseas operation, the people now logging into your systems, touching your files, and managing your network may not meet the legal requirements for handling your data. Your organization could be out of compliance without having changed a single policy.
You need to know whether your IT provider can still document and certify that your compliance requirements are being met.
The HR and legal accountability risks of offshore support
Even if your organization doesn’t have formal compliance obligations, the overseas support model creates a different risk: loss of legal accountability.
The United States has systems of accountability. Background checks, employment law, the ability to file a complaint, pursue a civil claim, or simply pick up the phone and talk to someone’s manager are all guardrails that make it safer to hand someone the keys to your organization’s infrastructure.
Those guardrails largely disappear across international borders. “There’s no rule of law,” Ian said. “It’s hard enough to have rule of law in the United States with the costs between jurisdictions and everything to actually file a case.” When your IT support team is overseas, the practical ability to vet, monitor, or hold individuals accountable shrinks to nearly zero.
And the stakes are high. Your IT provider has deep access to everything: financial systems, your email, your file storage, your security cameras. Someone in that position could effectively hold you hostage. Cutting off access is technically an option, but by then the damage may already be done.
This isn’t purely hypothetical. We have handled transitions involving bad actors. Whether the threat is internal or overseas, the people with access to your infrastructure need to be people you can actually hold accountable. Step one is knowing who they are.
Just learned your MSP was acquired? Ask these questions now.
Where is your help desk located, and has that changed recently? This is the most direct question, and you deserve a direct answer. If support has moved offshore, ask when that happened, who made the decision, and whether it was disclosed to clients. The answer, and the way it’s delivered, will tell you a lot.
Who specifically has access to our systems and data? Not “our team” or “our support staff.” Ask for specifics about the vetting process: are technicians background checked? Are they employees or contractors? Are they located in a country with data sharing agreements or legal frameworks that affect your organization?
Can you still meet our compliance requirements? If your organization is subject to ITAR, CMMC, HIPAA, or any other regulatory framework, put this question in writing and ask for written confirmation in return. A verbal “yes, we’re still compliant” is not sufficient. If they can’t document it, assume the answer is no.
What has changed since the acquisition in terms of staffing and leadership? High turnover after an acquisition is one of the clearest warning signs. Ask specifically who your account manager is today, who your primary technician is, and how long they’ve been in those roles. If the answer keeps changing, that instability will continue to affect your service.
How are billing disputes handled, and who do I contact? Billing chaos is one of the most common post-acquisition symptoms, and it often signals deeper disorganization. If you’ve already experienced billing issues, ask what’s being done to fix them and get the name of a real person who owns that relationship.
What would it look like for us to leave, if we needed to? This one catches people off guard, but it’s worth asking. A reputable MSP should be able to explain their offboarding process clearly and without hostility. If the answer is evasive, or if they make it sound difficult or costly to leave, pay attention to that. How a provider handles exits tells you a great deal about how they’ll treat you while you’re still a client. If those questions don’t get satisfying answers, or if the service deterioration has simply gone too far, it may be time to find a new provider. Here’s what to look for.
What to look for in a new IT provider
Local presence and real accountability. When something goes wrong, you want to be able to reach someone who knows your systems, knows your name, and has a professional reputation in your community to protect. For those reasons, E-N Computers has stayed intentionally local, Ian said. “We’re all onshore, which is something that’s a little unique these days.” For us, it’s about your security and being accountable to you. Meet the E-N Computers team.
Stable, named points of contact. One of the most consistent complaints from businesses leaving a post-acquisition MSP is the revolving door: a different person every time you call, nobody who knows your history, constant re-explanation of the same problems. Look for a provider that assigns you a dedicated account manager and a primary technician. Ask how long those individuals have been in their roles.
Compliance awareness built into the service model. If your organization has any regulatory obligations, or if you handle sensitive data of any kind, your MSP needs to know those requirements cold, not just react when something goes wrong. Ask prospective providers specifically about CMMC, FINRA, HIPAA or whatever frameworks apply to your industry. Their fluency with those requirements, or lack thereof, will tell you quickly whether they’re the right fit.
Transparent, predictable billing. It sounds basic, but after the billing chaos that typically follows an acquisition, it’s worth stating clearly: your IT bill should be simple, consistent, and easy to understand. Look for a provider with a fixed-fee model that covers day-to-day support without surprise charges. Ask to see a sample invoice before you sign anything.
A clear, fair offboarding process. This one is easy to overlook when you’re evaluating a new provider, but it’s one of the most important signals of how a company operates. A trustworthy MSP should be able to walk you through exactly what happens if you ever need to leave — how your data and credentials are returned, what the timeline looks like, and what costs if any are involved. A provider who makes exit easy has nothing to hide and nothing to fear. Here’s what to expect when offboarding from E-N Computers.
A long-term ownership mindset. Private equity acquisitions happen because MSPs are attractive investment targets — recurring revenue, sticky client relationships, and lots of room to cut costs. To avoid ending up with another MSP that will sell to private equity, ask prospective providers directly about their ownership structure and long-term plans. Ian tells prospective clients: “That’s not anything that I am interested in. If I were to retire, I’d like to give [the company] to my team.”
You have better options
You might feel like you’re left managing the consequences of your MSP being acquired. You’re not locked in.
You need to be able to trust your IT provider. That means being able to trust that the people with access to your systems are vetted and accountable, that someone who knows your systems will pick up the phone, that your bill will make sense at the end of the month.
You deserve a stable team that knows your name, someone who can answer compliance questions in writing, an account manager who calls you before problems escalate, and clear, predictable invoices. That’s your baseline. If your current provider isn’t achieving that, it’s time to look for something better.
The right IT partner won’t make switching feel scary. They’ll make it feel straightforward, because they’ve done it before, they respect your timeline, and they have nothing to hide.
Ready to start a conversation?
Not sure if you need managed IT services?
Take the IT Maturity Self-Assessment
In a few minutes, get actionable insights on your IT strategy, plus a free strategic consultation.
