By Cheryl Nelan
Managed Security Service Providers or Managed Service Providers
What’s the difference?
Where does one end and the next begin?
Which does your business need?
Defining Managed Service Provider
In our last blog, we talked about New York Managed IT Services. Gartner told us that was defined as
“A managed service provider (MSP) delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center. MSPs may deliver their own native services in conjunction with other providers’ services (for example, a security MSP providing sys admin on top of a third-party cloud IaaS). Pure-play MSPs focus on one vendor or technology, usually their own core offerings. Many MSPs include services from other types of providers. The term MSP traditionally was applied to infrastructure or device-centric types of services but has expanded to include any continuous, regular management, maintenance and support.”
Defining Managed Security Service Provider
Conversely, Gartner defines a Managed Security Service Provider (MSSP) as:
“A managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.”
MSP or MSSP
Managed Service Providers have traditionally focused on keeping the IT infrastructure running smoothly, protecting against threats and providing support for end users. IT Security has always been an element of their services but they are generally more focused on the bigger picture. They include elements to protect the IT infrastructure but they also work to help their clients run productively with the right technology in place.
On the other hand, Managed Security Service Providers dive deeper into security. 24×7 monitoring and detection. SEIM/SOC services, Penetration tests, IT compliance audits, etc.
So, which does your small business need?
Most likely both. Unless you have your own IT department, you need an Managed Service Provider to help design your IT infrastructure, implement it, protect it, manage it. You likely need support for your end users and backup services.
A Managed Security Service Provider comes in to play depending on the budget and security requirements you might have. A good MSP should be able to advise you on these services. In most cases, MSP’s and MSSP’s work together to provide a complete IT picture for their clients.
Overlap of Services
Today, there are some overlap of services between MSP’s and MSSP’s.
A strong partner should help guide you across both sides of the IT spectrum. CMIT Solutions, an MSP for example, has MSSP’s as partners – this enables us to consult with our clients and guide them to the levels of security services that are a good fit for our clients’ individual businesses.
We can work to help our clients understand the many levels of security and make recommendations that align with their budgets and security risk level. And, in many cases, we can provide the security services they need. Or, we bring in our partners directly when the clients’ requirements demand higher levels of advanced security and they have the budget to support those needs.