Choosing the Right MSP

To understand how your Managed Services Provider (MSP) stacks up from a security standpoint, here are some levels, observations, and questions to identify what you may currently have.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Choosing the Right MSP

Security is hard. The reason security is hard is that it is both a losing battle and requires constant vigilance and maintenance; there is no silver bullet. From experience when pressed, most IT providers will acknowledge that they are in fact, not security companies. Security requires both a commitment and a clear explanation of responsibility, which is not typical. 

To understand how your Managed Services Provider (MSPs) stacks up from a security standpoint, here are some levels, observations, and questions to identify what you may currently have. 

Installs Security Technology 
Most MSPs can meet this level of security. The security technology that they install is well-considered, rich in features, and highly functional. The question is, what output do you get? If there is no engaged profiling meeting, limited reporting, alerting is non-existent or a business engagement to determine how to best tune settings is not evident, your MSP functions at this level. This is not necessarily bad, but for the protection of your business, you must augment your MSP with a security provider. 

Installs Security Technology and Enables Features 
MSPs that are a notch better will bring expertise to the table to properly configure key security features. The engagement will be interactive, and the function of the baseline will be highly effective from a security perspective. This level of MSP is talented and a valuable partner, but will likely lack the ongoing reporting, will have limited alerting, and beyond the initial setup, will have a very simplified business engagement model. This model is typified by quarterly meetings and generic content is available for your experts to access. This model is well suited for a company with an internal security team that drives outcomes. 

Installs Security Technology and Maintains it as a Business Partner 
MSPs that are security partners to organizations will help select the best technology, conduct a session to interactively define and tune the security features, and explain carefully what they do NOT do. This is an important distinction evident in security organizations. Security is a very broad field, and the best companies are quick to establish the guardrails around responsibility.  

What should be expected is regular engaged meetings to interactively review output, establish business engagement and incident response processes, and provide an ongoing partnership in security maintenance. This model is a very good fit for companies with limited security staff and a desire to have a more comprehensive approach to security.  

A good security-focused MSP will also contribute its network of focused and more specialized solutions to enable a more comprehensive, solutions-based approach in your environment.

Systems vs. Software

Finding an out-of-the-box software to resolve gaps in your current cyber security state appears easy. The hard part is ensuring the systems and people are in place to do the work.

Read More »

Choosing the Right MSP

To understand how your Managed Services Provider (MSP) stacks up from a security standpoint, here are some levels, observations, and questions to identify what you may currently have.

Read More »

DIY Security: Know When to Call in Experts

Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?

Read More »