Skip to content ↓ | Skip to navigation ↓
Home » News »
In my previous post, I discussed some of the reasons why organizations decide to partner with managed service providers (MSPs). Organizations need to be careful when deciding to work with a specific provider, however, as not all MSPs are the created the same. Part of the reason why is because MSPs come in four varieties.
Let’s discuss those types below.
Standard MSPs are responsible for managing a customer’s information technology (IT) including their infrastructure and people. Towards that end, MSPs deliver services cover customers’ systems and network infrastructure, applications, and security requirements. They specifically provide ongoing monitoring, maintenance, administration, and support.
MSPs aren’t bound to deliver those services in a certain way, however. Indeed, an MSP can provide both remote and on-site resources. They can also host infrastructure and assets in their data center, a third-party data center, or with a public cloud provider.
According to AT&T Cybersecurity, a managed security service provider (MSSP) is “an IT service provider that focuses on delivering outsourced cybersecurity monitoring and management services to organizations.” This functionality sets an MSSP apart from an MSP. The latter takes on the task of servicing an organization’s entire IT environment, which means that most MSPs can provide only a basic level of security to customers. By contrast, the former adopts the specialized mission of upholding its customers’ security requirements in face of the evolving threat landscape. Many MSSPs do this by offering 24/7 network monitoring services along with other continuous security functions such as vulnerability management (VM) and security configuration management (SCM).
The different missions of MSPs and MSSPs don’t preclude organizations from having both at the same time. In fact, the two can complement one another in the event of a security incident. Here’s OSIbeyond with an example scenario:
When a security analyst employed by the MSSP detects a security threat, he or she creates an incident alert and comes up with a remediation plan. This information is then sent to the MSP, whose job is to carry out the remediation. In other words, the MSSP uses its expertise in cybersecurity to make a plan, and the MSP executes it.
Organizations can thereby use MSSPs and MSPs together to detect digital threats and address infrastructure issues in a timely manner. Both purposes are essential for enabling long-term success and growth of the business.
The next type of managed service provider is a co-managed IT service provider (Co-MIT). This MSP uses an arrangement that differs from the “pure” relationship between client management and a traditional MSP, as noted by Tech Decisions. Instead of that model, Co-MITs blend client management, MSP offerings, and internal IT teams.
The logic behind Co-MITs is that internal IT teams understand their company’s value-adds better than an MSP can. Co-MIT arrangements can then use that knowledge to agree upon goals, terms, and standards for the service(s) to be offered. By leveraging internal expertise with MSPs’ knowledge of the industry, customers can get the best of both worlds.
Finally, there’s managed detection & response (MDR). This type of MSP involves services that search for, identify, and alert on current or incoming threats, according to deepwatch. MDR providers commonly rely on 24/7 monitoring features that include artificial intelligence and machine learning as a means of monitoring for security incidents.
MDR sounds a bit like the services rendered by a MSSP. The main difference there is that MDR is proactive in nature, per deepwatch, whereas the latter helps an organization to respond to security events and defend against vulnerabilities. An MSSP issues alerts when it comes across a threat, but unlike MDR, it does not investigate them.
By no means do the above explanations explain all the benefits of each type of MSP. Nor do they cover all the ways in which these types of providers can potentially complement one another.
To learn more about these categories, download your copy of Tripwire’s eBook “Exploring Managed Cybersecurity Services: Mission Control for Security, Compliance, and Beyond” here.
Managed Service Providers (MSPs) – What They Are and Why Organizations Go with Them
Categories Security Controls
Tags compliance, managed services, MSP
has contributed 1,760 post to The State of Security.
Skip to content ↓ | Skip to navigation ↓