When it comes to IT management and IT support, there's an often overlooked aspect to addressing this. Simply put, it's how securing it comes into play. And while there's a significant difference between these two activities, it's all too often glossed over or seen as a necessary evil (if at all). IT professionals typically fall into one of two categories — IT services or IT security — and there's a HUGE difference in their knowledge and skill sets. To make a decision about which type of professional to hire or which type of company you should align yourself with, you need to look at what is it you’re trying to accomplish - and then figure out which expert will best fit that role.
Something we frequently do is help people understand the differences between an organization that's a managed service provider (MSP) and one that's a managed security service provider (MSSP) and what each role entails. Although these two services sound very similar, there is a stark contrast between the responsibilities that each of these professionals address.
Understanding the difference between these different types of IT service roles is essential to improving the performance of your network, increasing its stability, and addressing its cybersecurity defense posture. Ultimately, the difference boils down to what you need to effectively run your IT systems versus what you need to secure them. And, unfortunately, too many MSPs don't incorporate the appropriate approach and level of expertise around security for their MSP clients.
Monitoring for Performance vs. Monitoring for Breaches
Managed Service Provider
In a nutshell, a Managed Service Provider (MSP) is the IT professional who helps to ensure your network’s performance and its uptime remains at an optimal level. This is the sort of company that performs a variety of traditional IT-related functions such as:
- addressing end user helpdesk support requests
- performing server monitoring, maintenance, and administration
- ensuring all resources are available and performing optimally
- performing server and workstation patching and updates
- performing firmware upgrades of core network components
Network monitoring helps to ensure that your systems remain up and running, so you don’t experience costly downtime.
Managed Security Service Provider
A Managed Security Service Provider (MSSP), on the other hand, is an organization trained, staffed, and experienced in everything cybersecurity. Their focus is to provide security as a service; they identify and address any gaps in your cyber defenses as well as other information security-related threats to your organization. Their job function, which is to ensure to no one except your employees and customers can access your systems and data, is to prevent, detect, and respond to threats across your network. These security responsibilities include:
- monitoring your network for security intrusions
- managing your Intrusion Detection and Intrusion Prevention Systems (IDS/IPS)
- implementing and managing your Next Gen Firewall;
- implementing and managing your malware prevention solutions
- managing Email Security
- performing internal and external Network Penetration Testing
- performing vulnerability assessments and management
- creating and implementing cybersecurity policies and procedures
- ensuring IT security compliance with industry specific regulations
- providing End User Security Training throughout your organization (to Increase Employee Cyber Awareness)
- email phishing testing
Security incident and event monitoring (SIEM) is network security monitoring that is used to identify potential security breaches. Security engineers look at your network from a hacking, penetration, and intrusion perspective rather than a performance or uptime perspective like an MSP would.
The difference between these two professions is like looking at the difference between a doctor who is an ear, nose, and throat guy versus a cardiologist - they both went to medical school, but they're both providing similar yet different services. It’s not that one is necessarily better than the other; both job functions are essential. It’s that one — the MSSP — is more specialized in a particular area (security) than their counterpart. However, both types of services are needed to ensure that your organization is up and running in the best condition possible and that your data (and that of your clients) remains as secure as possible.
Now to add to the confusion, there are a number of MSPs these days who are moving into the security world calling themselves MSSPs. Just because they're familiar with security related issues, doesn't make them a full-fledged MSSP. At the same time, having both capabilities (like FPA) certainly adds significant value to you as a client. There's no finger pointing, it's more cost effective, and you get to the end result faster.
When your in-house team is overloaded with IT-related jobs, or if you don’t have the in-house staff to handle your IT services or IT security needs, you may seek to hire a third-party Managed Service Provider to perform these functions. However, this can be cumbersome because many companies only handle one job or the other — they may only perform tasks relating to the management of IT services and ensuring your IT programs and networks are in good working order, or they may just handle the security side of things to ensure the necessary cyber protections are in place to protect your business.
Many companies don’t handle both — and, increasingly, the ones that do don’t have people with the right expertise in place to perform the roles adequately.
When you partner with a company like FPA as your IT Service Provider, you’ll have access to a dedicated team of professionals who can meet both of these needs. Everything we do on the management and support side has an integrated cybersecurity approach built in to it. Our knowledgeable and experienced experts include both IT services and IT security professionals who specialize in their particular areas. As such, they are equipped to perform their specific tasks so they can resolve your issues quickly and efficiently.
At the end of the day, the most important thing to know is that there is a significant difference between the functions and capabilities of an MSP and an MSSP. Ensure that you're aware of the capabilities of the company you're hiring, and are clear on what it is you're expecting from them to perform. Is it about ensuring your network resources are up and running or is it about cybersecurity? Our belief is it should be both.
So what do you think? Is your current partner addressing both aspects? Have you run across this situation as you're evaluating a new partner to work with? Be sure to share your thoughts in the comments section below. Or, feel free to reach out to me directly if you’d like to discuss the roles of an MSP and an MSSP in more detail.