Fundraising
Knowledge Article
Client Stories
Your IT Provider Holds the Keys — But Do You?
Jesse Myers
A cautionary look at how small IT shops lock clients out of their own systems — and what happened when one apartment community lost their provider overnight.
There's an uncomfortable truth in the world of small-business IT: many providers, whether intentionally or not, make themselves very hard to replace. Not through superior service or ironclad contracts, but through something far simpler — they never give you the passwords to your own systems.
It's a practice that's so common it's become normalized. Your IT person sets up your firewall, your cloud accounts, your security cameras, your business internet service. They use credentials they create. They store them wherever they store them — a spreadsheet, a personal password manager, a sticky note on a monitor in their home office. And as long as everything's running fine, it never comes up.
Until it does.
When the worst happens
We were recently called in to help a property management company overseeing a multi-complex apartment community. Their longtime IT contractor had passed away unexpectedly. It was a genuinely tragic situation, and our deepest sympathies go to his family.
But the business reality was immediate and unforgiving: the property management team woke up with no access to almost anything.
What they lost access to
Server and workstation administrator accounts. Security camera systems covering the entire property. Network equipment including routers and switches. Their Cox Business account — which had been registered in the contractor's personal name. Vendor portals and software licenses tied to the contractor's email address.
Regaining access was not a quick process. It took weeks of working through vendor verification processes, proving business ownership, and in several cases, escalating through multiple layers of Cox Business support to reclaim an account that legally belonged to the property management company but was functionally locked to a deceased individual.
Several systems had to be fully wiped and rebuilt from scratch because there was no path to account recovery. The security camera system — critical infrastructure for a multi-building residential property — was offline during portions of this process. Every day of disruption had real operational and safety implications.
"The contractor didn't do anything malicious. He simply never considered what would happen if he wasn't there."
This isn't just a tragedy story — it's a structure problem
The same scenario plays out, in less acute forms, every time a small business tries to switch IT providers. The outgoing vendor "doesn't have time" to hand things over. The new provider discovers that half the accounts are tied to email addresses they don't control. The firewall admin password turns out to be something nobody wrote down. It can take months to fully untangle.
Some providers do this deliberately. It's a retention strategy — not one they'd ever advertise, but an effective one. If leaving costs you three months of pain, you're a lot less likely to leave. Others simply don't think about it. They're reactive, not structured. Documentation isn't their strength, and credential management feels like overhead when you're just trying to keep the lights on.
Either way, the client pays the price.
How Safire Business Services does it differently
From day one with every client, we treat credential ownership as a foundational principle: your accounts belong to you, and you should always have access to them.
The Safire standard
- All passwords and access credentials are stored in enterprise-grade encrypted password management systems
- Clients have their own access to that credential vault — it's not locked behind us
- Business accounts (internet service, software licenses, cloud platforms) are always established in the client's name with the client's contact information
- Multi-factor authentication methods are documented and the recovery mechanisms belong to the client
- If we ever part ways for any reason, you walk away with full access to everything we managed on your behalf
This isn't just good ethics — it's good business practice. A provider who is confident in the value they deliver doesn't need to manufacture switching costs. We'd rather earn your continued trust every month than hold your infrastructure hostage.
Questions every SMB should be asking their IT provider
If you're currently working with an IT contractor or managed service provider — whether a solo operator or a small shop — these are questions worth asking today, before a crisis forces your hand:
Who owns the administrator accounts on my servers and workstations? Are my cloud and SaaS subscriptions in my company's name? Where are my credentials stored, and do I have access to that storage? What happens to my systems if I need to switch providers tomorrow? Is my internet service account in my name or my provider's?
If the answers are unclear, or if your provider seems reluctant to answer, that reluctance is itself an answer.
Technology should empower your business, not create hidden dependencies. You deserve a provider who documents everything, hands over access freely, and earns your loyalty through competence and service — not by making it painful to leave.
That's the standard we hold ourselves to at Safire Business Services. And it's the standard you should expect from anyone you trust with your infrastructure.
Safire Business Services
Oklahoma City's partner for transparent, client-first managed IT services. We build infrastructure you own — and relationships built on trust.
Safire Business Services is a part of the Safire Solutions family of companies that also includes Safire Home Solutions- providing Home Networking, Smart Home Automation and Home Security for families in the Oklahoma City vicinity.
