Here's a question I ask every prospect we sit down with: do you own your firewall?
Most of them say yes without hesitating. It's sitting in their server room. Their IT company set it up. Their employees use it every day. Of course it's theirs.
Then we pull the contract.
A firewall is not a glamorous piece of equipment. It's a box on a shelf that most people could not pick out of a lineup. But it is the device routing every byte of internet traffic through your office. It controls what gets in and what gets out. Your VPN runs through it. Your security policies live on it. Your network infrastructure depends on it.
And at a surprising number of companies, it belongs to their IT provider — not to them.
This piece is about two things that often travel together: hardware rental (where your IT provider retains ownership of your infrastructure) and hardware markup (where they sell you equipment at 20 to 50 percent above what it actually costs). Both cost you money. One of them costs you a lot more than money when you eventually decide to leave.
Hardware Rental: The Clause Nobody Reads
Infrastructure rental usually is not called 'rental' in a contract. It shows up as 'equipment lease,' 'infrastructure as a service,' 'managed hardware,' or sometimes just as a monthly line item with a hardware model number and a fee. The language is deliberately vague.
What it means in practice: your IT provider purchases the firewall, the managed switches, the wireless access points. They install them in your office. You pay a monthly fee to use them. You never take ownership. If you leave, they take their equipment back.
The gear that most commonly ends up in these arrangements is not your laptops or desktops. It's the infrastructure that runs the building:
These are not items you can swap out over a lunch break. Replacing a firewall means reconfiguring network policies, VPN settings, security rules, and in some cases, touching every device on your network. A server transition can take days. For a law firm in the middle of a case or a medical practice with a full schedule, the timing of an unplanned infrastructure replacement is catastrophic — not inconvenient, catastrophic.
That is not an accident. The rental model is designed to make leaving painful enough that most clients stay.
What Happens When You Try to Leave
Let me walk you through what this actually looks like in practice, because it's worth understanding before you're in the middle of it.
You decide to switch IT providers. You give notice. Your current provider acknowledges the transition. Then, depending on your contract, some version of the following happens:
First, they send an offboarding invoice. We covered this in our previous post on hidden IT costs — these fees run $1,000 to $3,500 or more, billed for documentation and credential transfers that should have been maintained properly all along.
Second, they schedule pickup of their equipment. The firewall. The switches. The access points. Depending on what you've been renting, this could be everything that connects your office to the internet and connects your employees to each other.
Your new IT provider shows up on day one to find a network that does not exist anymore. They have to start from scratch: spec new hardware, order it, install it, configure it from the ground up. That process takes one to four weeks under normal circumstances. During that window, your business is either running on a stopgap setup or it is not running at all.
Fig. 1: The typical offboarding timeline when a provider owns your infrastructure. The real cost of the rental model is not the monthly fee — it is the exit.
The math on this is not complicated. A 30-person firm billing $250 an hour per attorney does not need much downtime to turn a transition into a five-figure problem. A medical practice that cannot access patient records is not seeing patients and not generating revenue. The disruption is the point. It's the provider's leverage, and it works.
Hardware Markup: The More Common Problem
Rental is not universal. Some IT providers do not rent infrastructure at all. But hardware markup on sales — that we have not come across an exception to yet.
Markup works differently from rental but produces a similar result: you pay more than you should for equipment that should have been straightforward to price.
When your IT provider recommends you buy a new server, a firewall replacement, or a batch of network switches, they source the equipment through their distribution channels and resell it to you. The markup on that transaction typically runs 20 to 50 percent above vendor cost, sometimes more. On a $3,200 server, that's $640 to $1,600 in margin your provider pockets on a single purchase. On a full infrastructure refresh for a 25-person company, the markup alone can easily run $3,000 to $5,000.
This is not disclosed at the point of sale. You receive a quote with a price. You approve it. The markup is already built in.
Fig. 2: Markup amounts on a typical 25-person company infrastructure refresh at 30-40% above vendor cost. Total markup on a single refresh cycle: $3,900+.
Setup fees are often stacked on top. A per-device configuration fee of $150 to $250 is common — charged separately from and on top of the markup already built into the sale price. You're paying twice: once in the margin on the hardware, once in the setup fee for putting it in place.
There is no industry regulation requiring disclosure of reseller margins. The practice is technically legal. That does not make it right — particularly when the same provider is supposed to be advising you on what equipment to buy and how much to spend.
The 36-Month Math on Rental vs. Owning Outright
Here is the simplest version of the rental calculation. A business-grade firewall with wireless access points and a managed switch runs approximately $3,200 to purchase outright from the manufacturer. A typical infrastructure rental rate for that same package runs $125 to $165 per month.
At $145 per month, you break even against the purchase price at month 22. By month 36, you have paid $5,220 — $2,020 more than if you had simply bought the equipment. And you still own nothing. When you leave, it goes with the provider.
Fig. 3: Rental vs. outright purchase over 36 months. At month 22 you have spent more than the purchase price — and still own nothing.
The overpayment compounds over the life of the relationship. A client who has been with a provider for five years on a rental arrangement has paid for their infrastructure two to three times over and is no closer to ownership. Then they try to leave and lose the equipment entirely.
Buying hardware outright is always the better financial decision unless your capital constraints make a purchase genuinely impossible. Even then, a business loan at 6 to 8 percent costs less over three years than a rental arrangement designed around provider margins.
How to Find Out What You Actually Own
You should not have to guess whether your infrastructure belongs to you. Here is how to get the answer quickly.
First, request an asset inventory from your current provider. A competent IT company maintains documentation of every piece of hardware on your network: make, model, serial number, purchase date, and ownership. This is basic IT management. If they cannot produce it within a few days, that is itself a problem worth noting.
Second, look at your contract for the hardware and equipment sections. You are looking for language about who holds title to installed equipment, what happens to hardware at termination, and whether there are any lease or rental provisions. If you signed an agreement that includes the word 'lease' in relation to network infrastructure, you are likely renting.
Third, look at your invoices. A monthly line item for a specific hardware model at a fixed monthly rate is a rental. A one-time charge with a setup fee is a purchase — though it may still carry markup.
Fourth, ask directly and in writing: 'Which equipment in our office do you retain ownership of?' A straightforward answer is the right answer. Anything vague or evasive tells you what you need to know.
Why We Do Not Do Either of These Things
We do not rent hardware. Every piece of equipment we recommend and help you purchase belongs to you from the moment you buy it. Firewalls, switches, access points, servers — yours. If you leave us tomorrow, you take everything. We help your incoming provider get up to speed, and that's the end of it.
We do not mark up hardware. When you need a piece of equipment, we tell you what to buy and point you to where to buy it — at vendor cost, through our partner channels if that gets you a better price, or direct from the manufacturer. We make no margin on hardware sales. Our revenue comes from the managed services relationship, not from equipment transactions.
Our setup time for standard workstations is two hours. Infrastructure installs take longer, but the point is the same: setup is part of what you're already paying us for. It is not a separate line item.
The reason we operate this way is not complicated. Clients who own their infrastructure are not hostages. They stay because the service is good. If the service is not good, they should leave — and leaving should not cost them their network.
We have seen the alternative enough times to know exactly what it looks like. Clients who come to us after a bad provider exit often show up with a combination of an offboarding bill, missing documentation, and an office that needed emergency infrastructure work. The switching cost was not $0 and it was not $3,000. It was closer to $10,000 to $15,000 once you added the downtime, the emergency hardware purchases, and the rushed onboarding.
That does not happen if you own your equipment going in.
Already with a provider? Ask them in writing whether you own your firewall, your switches, and your access points. The answer to that question will tell you a lot about how the rest of the relationship is structured. If you want help reading what you get back, send it to us.
Frequently Asked Questions
How do I know if my current IT provider is renting me infrastructure?
Pull your contract and search for the words 'equipment,' 'lease,' 'hardware,' and 'termination.' Look for language describing what happens to installed hardware when the contract ends. If the provider retains title or retrieves the equipment, you are in a rental arrangement. A monthly line item on your invoice tied to a specific hardware model is also a sign. When in doubt, ask directly in writing and request a full asset inventory.
Is hardware markup standard practice in the IT industry?
Yes, hardware markup is standard practice among most managed IT providers. Reseller margins of 20 to 50 percent are common, and they are rarely disclosed at the point of sale. Markup is not illegal or technically hidden — it's built into the quoted price. But 'standard practice' does not mean you should accept it. There are providers who pass hardware at cost; it is worth knowing whether yours does.
What is a fair per-device setup fee?
For a standard workstation, $0. Setup should be included in your monthly managed services rate — it is not a separate billable event. For complex server installs, firewall configurations, or multi-site infrastructure deployments, a project fee is reasonable if it is scoped and quoted upfront. What is not reasonable is a per-device setup fee stacked on top of hardware that was already marked up.
Can I negotiate to own the equipment my provider installed?
Sometimes. If you are currently in a rental arrangement, the equipment has a market value your provider can quote you. That buyout number is worth knowing. In some cases, particularly as equipment ages, the buyout price is low enough to make the purchase worthwhile just to eliminate the rental exposure. Ask for the buyout terms in writing before your next contract renewal.
What should happen to my IT documentation if I switch providers?
Your IT documentation — network diagrams, credentials, configuration files, vendor contacts, asset inventory — should transfer cleanly to your incoming provider at no additional charge. This documentation should have been maintained throughout the relationship. Charging to hand it over at offboarding is charging you for work that should already have been done. If your contract includes an offboarding or transition fee for documentation, that is worth challenging.