Why Manufacturing IT Is Different
Most MSPs are built for offices. Their engineers understand Windows environments, Microsoft 365, and firewalls for business applications. They are not trained to work around a production schedule, segment an OT network, or understand why you can't patch a PLC on a Tuesday without shutting down a production line.
The three areas where manufacturing companies need specialized IT expertise that generic MSPs almost always lack:
- OT/IT network segmentation — keeping factory floor networks separate from corporate networks
- ERP integration and support — manufacturing ERPs (SAP, Epicor, SYSPRO, Infor, Plex) have specific infrastructure requirements
- CMMC compliance — for defense contractors and subcontractors handling CUI
OT/IT Network Segmentation: The Most Important Manufacturing IT Control
Operational technology (OT) networks control physical equipment: PLCs, SCADA systems, CNC machines, conveyor systems, environmental controls. IT networks run email, ERP, and corporate applications. When these networks are connected — or worse, not separated at all — a ransomware attack on the corporate side can propagate to production systems.
This has happened at major manufacturers. The impact: full production shutdowns lasting days or weeks. Companies with proper segmentation typically contain attacks to one side without stopping production.
Real Example
Ransomware hit a precision parts manufacturer's ERP on a Thursday night. By Friday morning, the production scheduler had no visibility into active orders. Because OT/IT segmentation was in place, the attack stayed on the corporate side — the production floor kept running. The IT provider who built that segmentation probably saved over $2M in missed deliveries and contract penalties.
Proper OT/IT segmentation involves:
- A dedicated industrial DMZ or air gap between OT and IT networks
- Separate VLANs for production systems, corporate systems, and guest/visitor networks
- Firewall rules that explicitly control what can pass between segments
- No internet access for OT systems unless absolutely required (and then only through controlled jump boxes)
- Separate patch management processes for OT vs. IT — PLC firmware updates follow vendor schedules, not standard IT patch cycles
ERP Integration and Support
Manufacturing ERPs are complex, operationally critical systems. An MSP that doesn't know your ERP is a liability. The most common manufacturing ERP platforms and what your IT provider needs to understand:
| ERP Platform | Common Use Case | Key IT Requirements |
|---|
| SAP S/4HANA / SAP Business One | Mid-market to enterprise manufacturers | High-memory server requirements; HANA database infrastructure; Basis administration |
| Epicor Kinetic | Discrete and job-shop manufacturing | SQL Server performance tuning; multi-plant network latency management |
| SYSPRO | Process and distribution manufacturers | Citrix/RDS hosting; integration with MES systems |
| Infor CloudSuite Industrial | Industrial equipment manufacturers | Cloud connectivity; EDI integration infrastructure |
| Plex SmartManufacturing | Automotive and aerospace suppliers | Cloud-first; low-latency connectivity to Plex cloud critical |
| JobBOSS / E2 SHOP | Job shops and small manufacturers | Local SQL Server management; backup and recovery |
CMMC Compliance: What Defense Manufacturers Need
Any manufacturer that is a DoD prime or subcontractor and handles Controlled Unclassified Information (CUI) is required to comply with DFARS 252.204-7012 (NIST SP 800-171) and, increasingly, achieve CMMC Level 2 certification through a third-party assessment organization (C3PAO).
CMMC Level 2 requires implementing all 110 controls from NIST 800-171 across 14 domains. This is not something you bolt on at the end — it requires a full IT architecture review and, for most manufacturers, significant changes to how CUI is handled, stored, and transmitted.
What a manufacturing MSP with CMMC experience actually delivers:
- CMMC gap assessment against current NIST 800-171 posture
- System Security Plan (SSP) documentation
- Plan of Action & Milestones (POA&M) for gaps
- FIPS 140-2 validated encryption implementation
- Multi-factor authentication across all CUI systems
- Incident response plan with DIBNET portal reporting procedures
- Audit logging and monitoring for CUI access
- Pre-assessment readiness review before C3PAO engagement
Production-Aware Maintenance: The Operational Constraint
Every manufacturing IT decision has an operational dimension that generic MSPs ignore. Standard IT practices — reboot after patch, maintenance windows during business hours, emergency access to production systems — need to be rethought in a manufacturing environment.
Questions your MSP should answer before you engage them:
- How do you coordinate patch deployment with production schedules?
- What is your process for emergency changes that affect production systems?
- Have you worked with manufacturing shift supervisors or plant managers before? How do you coordinate with them?
- What's your escalation path when an IT change breaks production equipment?
Common mistake: A generic MSP patched PLCs on the same schedule as laptops — which caused two production stoppages in a year. A manufacturing-specialized MSP immediately recognized the difference between OT and IT patching cycles. No production disruptions in 18 months after the switch.
What to Ask When Evaluating a Manufacturing MSP
- How many manufacturing clients do you currently support? What's the largest plant floor you've managed?
- Have you designed and implemented OT/IT network segmentation? Can I see the architecture?
- Which ERP platforms have you supported in production environments?
- Do you have CMMC experience? How many clients have you taken through CMMC Level 2?
- How do you coordinate maintenance windows with production schedules?
- What's your after-hours SLA? Many plants run 24/7 shifts.
- Do you have engineers who are OT-certified (GICSP, CSSA, or similar)?
Pricing: Manufacturing IT Support Costs
Manufacturing IT support typically runs:
- Standard managed services (office staff + basic production network): $125–$175/user/month
- With OT/IT segmentation management: $175–$250/user/month or per-device pricing for production equipment
- CMMC compliance buildout: $50,000–$200,000+ as a project, depending on current posture and user count
- ERP implementation support: typically project-based, $20,000–$150,000 depending on ERP and complexity
Frequently Asked Questions
What is OT/IT network segmentation and why do manufacturing companies need it?
OT (operational technology) networks run PLCs, SCADA systems, and industrial control equipment. IT networks run business applications and email. Segmentation keeps them separate so ransomware on the corporate side cannot reach production systems. Without segmentation, a single phishing email can shut down an entire plant. Most generic MSPs have never segmented an OT network.
Do manufacturing companies need CMMC compliance?
Any manufacturer working as a DoD prime or subcontractor that handles Controlled Unclassified Information (CUI) needs to comply with DFARS 252.204-7012 and achieve CMMC Level 2 certification. If you bid on DoD contracts, check your contract language — the DFARS clause will specify your obligation. CMMC Level 2 requires third-party assessment and 110 NIST 800-171 controls.
How much does IT support cost for manufacturing companies?
Standard managed IT for manufacturers runs $125–$200/user/month. With OT network management or CMMC compliance work, expect $175–$250+/user or project-based fees. ERP implementation support is typically billed separately as a project.