Do managed IT providers conduct penetration testing