Co-managed IT and managed IT are two distinct outsourcing models. With managed IT, a third-party provider runs the firm's entire IT function. With co-managed IT, the provider works alongside an existing in-house IT team to fill specific gaps.
The right model depends on whether the firm already has internal IT staff and how much control leadership wants to retain.
Your firm has already decided it needs outside IT help. That's the easy part. The harder question is structural: should the provider replace your IT function entirely, or extend the team you already have?
The answer depends on your firm, its size, its staff, and how much control leadership wants to keep. Tabush Group offers both traditional managed IT services and Edge Co-Managed IT Services, so what follows is a balanced comparison.
In this blog, we break down how each model works, who each model is built for, and give you a checklist to pick the right answer for your firm.
What Is Managed IT?
Managed IT means a managed IT service provider (MSP) owns the IT function end-to-end. The firm either has no internal IT staff or chooses not to use them for daily operations.
Tabush Group's Managed IT Services include 24x7x365 monitoring, on-site support availability, after-hours support for business-critical issues, AMP automation, a Premium Security Suite, and scheduled maintenance and audits.
Tabush Group's Managed IT model pairs each client with a dedicated client manager who serves as the firm's Virtual CTO (vCTO). They provide proactive strategic guidance and align technology with business goals so that your leadership gets more than a support desk; they get a tech advisor.
For an extra layer of security, Guardian SOCaaS provides 24/7 threat monitoring, automated isolation, and managed detection and response on top of the core managed IT stack.
Who picks managed IT? Firms with no in-house IT, firms that have lost their IT lead, or firms that want a single accountable provider.
Managed IT works when the firm wants the entire IT function handled by a trusted third party.
What Is Co-Managed IT?
Co-managed IT means the external provider works alongside the firm's existing IT team. Your internal team keeps control and visibility. The provider supplements them with tools, expertise, and coverage they can't sustain alone.
Tabush Group's Edge is the co-managed offering. Every Edge client receives three services as part of the base engagement:
- Advisory Services - quarterly strategic reviews drawing on Tabush Group's 25 years of industry experience
- Comprehensive Reporting - regular KPI reporting across every service line, giving your leadership full visibility
- Education and Training - quarterly live cybersecurity training and ongoing testing
On top of that base, firms select from eight customizable service lines: Infrastructure Monitoring and Maintenance, Patch Management, Guardian Managed Detection and Response, Backup and Business Continuity, Flex Professional Services, M365 Governance, End User Assist Services, and IT Empowerment.
Who picks co-managed IT? Firms with a small IT staff, firms whose internal IT lead lacks specialized expertise in security or M365, or firms whose IT team is on call 24/7 without relief.
Co-managed IT works when the internal IT team is good but undermanned.
The Key Difference Between Managed IT Services And Co-Managed IT Services
|
Dimension |
Managed IT |
Co-Managed IT (Edge) |
|
Who runs IT day-to-day |
Managed Service Provider |
The firm's in-house IT team, supported by the provider |
|
Best fit for |
Firms with no in-house IT staff |
Firms with a small IT staff who are stretched |
|
Control |
Leadership delegates fully but retains visibility |
Leadership keeps control through the internal IT lead |
|
Typical scope |
Entire IT stack and lifecycle |
Specific gaps: monitoring, patching, SOC, M365 governance, after-hours, project surge |
|
Service-level commitment |
Tabush Group's contracted SLA across the full scope |
SLA scoped to each selected service line |
|
24/7 system monitoring |
Included (24x7x365) |
Included when the firm selects Infrastructure Monitoring |
|
24/7 SOC threat monitoring |
Available via Guardian SOCaaS |
Available via Guardian SOCaaS |
|
Strategic advisory |
A dedicated client manager serves as Virtual CTO (vCTO) |
A dedicated client manager serves as Virtual CTO (vCTO) |
|
Cybersecurity ownership |
Provider owns the program; Premium Security Suite included |
Shared — provider supplies tools and SOC |
When Co-Managed IT Wins
Not every firm needs the same structure. Co-managed IT is the right call when the conditions below sound familiar.
The Firm Has Good Internal IT, But Only a Small Team
Even strong IT directors burn out covering helpdesk, after-hours, security, and M365 admin simultaneously. Co-managed restores margin without growing headcount.
It lets your IT focus on more strategic work while your provider handles operational tasks.
The Firm Needs Specialized Expertise It Cannot Economically Hire
Senior security engineers and M365 architects in major metros command compensation that mid-size firms cannot justify for a single full-time hire.
Cybersecurity engineers command a salary of about $144,000, while senior specialists can get about $190,000, according to the 2026 Robert Half Salary Guide.
A mid-size firm can't justify that spend for a single full-time hire. Co-managed gives access to that expertise on a fractional basis through services like Guardian or M365 Governance.
The Firm Is Failing A Security Questionnaire Or Cyber Insurance Renewal
Insurers and Fortune 500 clients increasingly require documented 24/7 monitoring, enforcement of multi-factor authentication (MFA), and an incident response plan. A co-managed partner can deliver these capabilities without the firm having to rebuild its program from scratch.
When Fully Managed IT Wins
For many firms, managed IT is the stronger fit. Review these conditions below and see how your firm lines up.
The Firm Has No In-House IT Staff At All
A small or growing firm without an IT lead doesn't have a team to extend. Building one is expensive and slow, with new IT directors taking months to onboard into your systems and workflows.
Outsourcing fully is faster and produces a documented IT function from day one.
The Firm Lost Its IT Lead And Isn't Replacing Them
Rather than rebuild an internal team, a process that takes months, fully managed IT absorbs the function and gives leadership predictability. This also helps your firm avoid any accompanying onboarding risk.
Leadership Wants A Single Accountable Provider
One contract, one phone number, one SLA, and one accountable partner. For firms that value simplicity over complete control, Tabush Group’s managed IT services deliver.
When something goes wrong in the middle of the night, you don’t have to spend time tracking down who is responsible in order to fix it. Your provider is, and they’ve already begun fixing it.
The Firm Operates Across Multiple Offices Or Time Zones
Managed IT vendors are staffed for around-the-clock monitoring and rapid response to business-critical issues. A small internal IT team cannot match that widespread coverage.
Fully managed IT works when the firm wants to hand the entire function over and stop thinking about it.
A Decision Checklist
Answer yes or no to each question and tally your points.
- Do we have at least one full-time in-house IT person?
- Does our internal IT lead want to keep day-to-day control of the firm's technology?
- Are we struggling with 24/7 monitoring, after-hours support, or M365 governance specifically?
3 Or More "Yes" Answers
Your firm should get co-managed IT. Your firm has the internal foundation; it needs the right partner to extend it.
3 Or More "No" Answers
Fully managed IT is best for your firm. Your firm either lacks internal IT staff or doesn't need to retain day-to-day control.
Mix of Answers
A mix means your firm is in a transition window. A 360 IT Assessment can help map the right structure before you commit.
How This Plays Out Specifically for Law Firms
Mid-size law firms (20–150 attorneys) almost always have one or two IT staff. That’s the prototype co-managed candidate.
ABA Model Rule 1.6 imposes confidentiality obligations that make 24/7 SOC monitoring effectively mandatory, even at firms that don't have it today. Client data in iManage or NetDocuments, email flowing through Microsoft 365, endpoint devices accessing privileged information from home offices, all of it requires continuous threat monitoring and rapid incident response.
The numbers are stark. The 2026 Tabush Group Survey on Law Firm Technology found that data breaches at law firms more than doubled from 6% in 2025 to 13% in 2026. Co-managed IT is one of the cleanest ways to close that security gap without doubling IT headcount.
Services like Guardian SOCaaS, Backup and Business Continuity, and Flex Professional Services layer directly onto what your internal team already manages, filling the gaps that keep firm leadership up at night.
FAQs
What is the main difference between co-managed IT and managed IT?
The main difference is who runs the firm's IT day-to-day. With managed IT, the external provider runs the entire IT function. With co-managed IT, the firm's in-house IT team runs day-to-day operations, and the external provider supplements them with tools, specialized expertise, and coverage the internal team can't sustain alone.
Which model gives the firm more control?
Co-managed IT keeps more control inside the firm. The internal IT lead remains the decision-maker, with full visibility and override through shared tooling, dashboards, and ticketing.
The external partner provides expertise, after-hours coverage, and specialized services like managed detection and response, but the firm's IT lead stays in charge. Fully managed IT moves control to the provider, which is the right tradeoff for firms without internal IT staff who want a single accountable partner.
Can a firm start with co-managed IT and move to fully managed later?
Yes. The cleanest transitions move from co-managed to fully managed when the internal IT lead departs. Because the co-managed partner is already inside the environment, the handover is faster and lower-risk than onboarding a brand-new provider.
Does co-managed IT mean the in-house IT team loses control?
No. Co-managed IT is structured so the internal IT lead keeps full visibility and override through shared tooling, dashboards, and ticketing.
The external partner provides expertise, after-hours coverage, and specialized services like managed detection and response, but the firm's IT lead remains the decision-maker. Most internal teams find that co-managed IT improves their day rather than threatening it.
Which model is better for a law firm?
It depends on whether the firm has in-house IT staff. A firm of 70+ attorneys with one or two internal IT people almost always benefits more from co-managed IT; they keep institutional knowledge and add specialized coverage where it's thin.
A solo or small firm without dedicated IT staff typically does better with fully managed IT. Both models can be structured to meet ABA Model Rule 1.6 confidentiality obligations when the provider operates 24/7 threat monitoring (such as Guardian SOCaaS) and follows SOC 2-aligned controls.
Get The Model That Works For You
See how peer firms are sizing their IT investment, security posture, and team structure in the 2026 Tabush Group Survey on Law Firm Technology. The data covers AI adoption, outsourcing trends, and the cybersecurity gaps that are catching firms off guard.
Still deciding between the two models? A 360 IT Assessment gives your firm a clear, no-pressure evaluation of your current IT structure and maps the path forward, whether that's co-managed, fully managed, or a phased transition between the two.
