When it comes to IT security and IT management for your organization, there's a significant difference between the types of professionals you can choose to hire. IT professionals typically fall into one of two categories — IT services and IT security — and there's a HUGE difference in their knowledge and skill sets. To make a decision about which type of professional to hire, you need to look at what is it you’re trying to accomplish and figure out which expert will best fit that role.
Something we frequently do with prospective and new clients is help them understand the differences between an organization that's a managed service provider (MSP) and one that's a managed security service provider (MSSP) and what each role entails. Although these two services sound very similar, there is a stark contrast between the responsibilities that each of these professionals address.
Understanding the difference between these different types of IT service roles is essential to improving the performance of your network as well as addressing your cybersecurity defense. Ultimately, the difference boils down to what you need to effectively run your IT systems versus what you need to secure them from internal and external threats.
Monitoring for Performance vs. Monitoring for Breaches
Managed Service Provider
In a nutshell, a Managed Service Provider (MSP) is the IT professional who helps to ensure your network’s performance and its uptime remain at an optimal level. This is the sort of company that performs a variety of traditional IT-related functions such as:
- addressing end user helpdesk support requests
- performing server monitoring, maintenance, and administration
- ensuring all resources are available and performing optimally
- performing server and workstation patching and updates
- performing firmware upgrades of core network components
Network monitoring helps to ensure that your systems remain up and running, so you don’t experience costly downtime.
Managed Security Service Provider
A Managed Security Service Provider (MSSP), on the other hand, is an organization trained, staffed, and experienced in everything cybersecurity. Their focus is to provide security as a service; they identify and address any gaps in your cyber defenses as well as other information security-related threats to your organization. Their job function, which is to ensure to no one except your employees and customers can access your systems and data, is to prevent, detect, and respond to threats across your network. These security responsibilities include:
- monitoring your network for security intrusions
- managing your Intrusion Detection and Intrusion Prevention Systems (IDS/IPS)
- implementing and managing your Next Gen Firewall;
- implementing and managing your malware prevention solutions
- managing Email Security
- performing internal and external Network Penetration Testing
- performing vulnerability assessments and management
- creating and implementing cybersecurity policies and procedures
- ensuring IT security compliance with industry specific regulations
- providing End User Security Training throughout your organization (to Increase Employee Cyber Awareness)
- email phishing testing
Security incident and event monitoring (SIEM) is network security monitoring that is used to identify potential security breaches. Security engineers look at your network from a hacking, penetration, and intrusion perspective rather than a performance or uptime perspective like an MSP would.
The difference between these two professions is like looking at the difference between a doctor who is an ear, nose, and throat guy versus a podiatrist - they both went to medical school, but they're both providing similar yet different services. It’s not that one is necessarily better than the other; both job functions are essential. It’s that one — the MSSP — is more specialized in a particular area (security) than their counterpart. However, both types of services are needed to ensure that your organization is up and running in the best condition possible and that your data (and that of your clients) remains as secure as possible.
Now to add to the confusion, there are a number of MSPs these days who are moving into the security world calling themselves MSSPs. Just because they're familiar with security related issues, doesn't make them a full-fledged MSSP. At the same time, having both capabilities (like FPA) certainly adds significant value to you as a client. There's no finger pointing, it's more cost effective, and you get to the end result faster.
When your in-house team is overloaded with IT-related jobs, or if you don’t have the in-house staff to handle your IT services or IT security needs, you may seek to hire a third-party Managed Service Provider to perform these functions. However, this can be cumbersome because many companies only handle one job or the other — they may only perform tasks relating to the management of IT services and ensuring your IT programs and networks are in good working order, or they may just handle the security side of things to ensure the necessary cyber protections are in place to protect your business.
Many companies don’t handle both — and, increasingly, the ones that do don’t have people with the right expertise in place to perform the roles adequately.
When you partner with FPA as your IT Service Provider, you’ll have access to a dedicated team of professionals who can meet both of those needs. Our knowledgeable and experienced experts include both IT services and IT security professionals who specialize in their particular areas. As such, they are equipped to perform their specific tasks so they can resolve your issues quickly and efficiently.
At the end of the day, the most important thing to know is that there is a (significant) difference between the two functions and capabilities between an MSP and an MSSP, ensure that you're aware of the capabilities of the company you're hiring, and are clear on what it is you're expecting from them to perform. Is it about performance, is it about security, or is it both?
So what do you think? Have you run across this situation as you're evaluating a new partner to work with? Has this information been helpful? Be sure to share your thoughts on this topic in the comments section below. Or, feel free to reach out to speak with me directly if you’d like to discuss the roles of MSPs and MSSPs more in-depth.
See how your business or organization rates concerning the condition and security of your technology. Download our free Technology Report Card now...