What Are Managed Security Service Providers?

In basic terms, a managed security services providers is a company that manages some or all of your IT security on your behalf. Here is a basic guide to what you need to know about managed IT security so that you can decide whether or not it’s the right choice for you.

Managed Security Service Providers

Managed IT security is about management, not incident response

Possibly the single, most important point to understand about managing IT security is that it is focused on preventing security incidents rather than remedying them. A managed security service provider may well have the capability to remedy both identified vulnerabilities and live security breaches. It’s more than likely. They will, however, probably see this this as an add-on service and charge accordingly.

This means that you will either need to keep an in-house IT team to deal with any issues the MSSP flags up to you, or have funds in place to pay someone else for help (usually your MSSP). These days, many SMBs opt for the latter approach, since it’s usually simpler than having to recruit and retain skilled IT professionals. If SMBs budget for sinking funds and insurance, they will have a reasonable level of protection against the financial shock of having to deal with an unexpected cyberattack.

1. Managed IT may or may not be offered as a pure, standalone service.

It is fairly common for MSSPs to recommend, or even insist, that their customers use products and/or services selected by them. In and of itself, this is often fair enough. Legitimate MSSPs will choose these products and services for a good reason. 

This reason may well be that the chosen product or service does a good job for what the MSSP considers to be a reasonable price and the MSSP wants to keep all its customers more or less on the same page to make its life easier. This approach limits the number of tools MSSP’s staff need to learn to use and hence the amount of training they need and hence can lower the MSSP’s costs, hence allowing it to pass on lower prices to its customers.

Where it can become a problem, however, is when an MSSP uses this strategy to increase its revenue at your expense. Even if the products and/or services are perfectly solid options, if you are paying over the odds for them, then you will not be able to get maximum value for them. What’s more, if an MSSP is inflating its pricing through opaque methods such as forcing customers into overpriced secondary purchases, then there is a risk that you will be tricked into making an unfair comparison with an MSSP that does have a transparent pricing system.

2. MSSPs vary greatly in their level of flexibility

MSSPs can be anything from young companies that were founded with the sole purpose of providing managed IT security services to long-established managed IT service providers, who’ve realized that there is a particular demand for managed IT security services and so are spotlighting that aspect of their business. Each of these companies will have its approach to providing managed IT security services and, in particular, the degree of flexibility they will offer for you to customize services to your own needs, wants, and budget.

Usually, you will only find this out either by talking to other customers or, better still, by talking to an MSSP directly. As a tip, however, it’s often a mistake to assume that younger companies will automatically be more flexible and adaptable than older ones. Younger companies may have a compelling need to keep their cash flow looking good and hence have minimal room to maneuver. Older companies may be under a lot less financial pressure and hence be in a better position to accommodate requests for a more customized service.

3. MSSPs should be able to support any relevant legal and compliance requirements

This is one of those points which should be able to be taken as a given, but it never hurts to double-check, especially if you’re thinking about going with an international provider or you work with international customers. For example, if you’re collecting data from EU nationals, then you’ll need to comply with the EU’s GDPR laws.

Before choosing an MSSP (or indeed any other type of managed IT partner), you should ensure that you thoroughly understand any legal requirements regarding where and how sensitive data can be stored (again, especially if you are dealing with sensitive data from EU residents) and that any potential MSSP can meet these requirements.

Managed IT Services