What's the Difference Between an IT Service Provider and an IT Security Service Provider?

Author: Craig Pollack Date: Sep 18, 2018 Topics: How to Select an IT Company

For people who don’t deal with technology on a daily basis, let alone specialize in either IT services or IT security, the terms "IT Service Provider" and "IT Security Provider" may sound indistinguishable. However, there is a very stark difference between the two. It’s like running into a podiatrist at a dinner party and asking him questions about your heart murmur because he was introduced as a doctor.  Sure, they're both medical professionals, but I think you'd agree that they have very distinct areas of expertise.

The same can be said for an IT Service Provider (which is also sometimes known as a Managed IT Service Provider or a Managed Service Provider (MSP)) and an IT Security Service Provider (which is also sometimes known as a Managed Security Service Provider (MSSP)). The terminology typically depends on how each company delivers their services and charges for them — the “managed” part entails offering ongoing services for a monthly fixed fee.

With the recent growth in the cybersecurity area, many smaller MSPs are jumping into the security arena while truly being unprepared to deliver on the promises needed.  Some companies do offer both types of services, but they're the rare bread to have had years of experience in both areas along with the staff needed to effectively address both sides of the coin.  Most are likely to specialize in either IT services or IT security because they require different knowledge, experience, and skill sets. FPA is a company that bucks this trend — in that we have both the experience as we well as the dedicated team of professionals including both IT services professionals and IT security professionals.

In honor of National IT Professional Day on Sept. 18 (which is celebrated annually on the third Tuesday of September), we thought it would be great to shine a spotlight highlighting the differences between what it takes to be an IT Service Provider and an IT Security Service Provider.

What Is a Managed Service Provider?

At its core, an MSP is a professional IT service provider that works to ensure your network’s performance and uptime are optimal delivered under a recurring, fixed fee model. The focus is operational in nature — ensuring that your data is available and IT systems are in good working order for your employees, clients, and customers. As such, a Managed Service Provider performs a variety of traditional and essential IT services functions, including:

  • Ensuring optimal network usability and performance (making sure data and information systems are available to employees and customers)
  • Performing recurring patching and software updates
  • Monitoring network performance and uptime and addressing alerts before they become
  • more impactful issues
  • Performing general maintenance of your computers and other physical hardware
  • Addressing end-user helpdesk support requests
  • Performing network maintenance and administration services
  • Managing and overseeing base-level security components (running the firewall, anti-virus, and anti-spam systems)
  • Providing strategic IT planning and budgeting services

What is a Managed Security Service Provider?

Alternatively, a Managed Security Service Provider (MSSP) is your cybersecurity guru — the person or group of people who ensure that your cybersecurity protections are in place, up to date, and as effective as possible, all provided under a recurring, fixed fee model. While it’s true that they also perform network monitoring, it’s a different type of monitoring known as Security Incident and Event Monitoring (SIEM), which keeps an eye out to identify potential security breaches of your network.

Rather than focusing on system performance and uptime, a Managed Security Service Provider’s job is to ensure network resources and information are secure by identifying and addressing any gaps in your defenses or cybersecurity threats to your organization. Some typical MSSP responsibilities include:

  • Creating and implementing security policies and procedures
  • Ensuring IT security compliance within industry regulations
  • Managing your intrusion detection and intrusion prevention systems (IDS/IPS)
  • Providing end user training throughout your organization to increase employee cyber threat awareness
  • Managing email security
  • Performing internal and external network penetration testing and vulnerability assessments
  • Performing network security monitoring
  • Performing Dark Web Monitoring

Why Having Both Types of Experts on Your Team Matters

Both of these jobs are two different specializations and matter greatly to the success of your organization and the safety of your data. This is why it is important to have both types of experts available to monitor and care for your network, security defenses, and intellectual property. Don’t settle for one over another; both are equally important in different ways.

If you’re ready to reap the benefits of both an IT Service Provider as well as an IT Security Service Provider in one, be sure to contact us. With FPA, all it takes is one call to enjoy the advantages of both sets of experts.  As we like to say, "One, Company, One Call, One Integrated Approach!"

To learn more in depth about the value of an integrated approach to delivering IT services AND IT security (and how to choose the right one for your business), check out our latest eBook by clicking on the image below. This resource is chock full of information to help you assess, evaluate, and choose the right provider for your organization’s needs.

What are some of the most significant challenges you’ve faced concerning MSPs and MSSPs? Be sure to share your thoughts and experiences in the comments section below or feel free to send me an email to discuss this topic more in depth.

Guide to Selecting An IT Service Provider

Subscribe here to get our "2 Minute Tuesday" email for valuable tips & tricks!


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.


Related Articles