A Blog for Best Practices in Technology

Should You Use One IT Provider for Both Managed Services and Security?

Written by Sean McCloat, CISSP | November 28, 2018

With ransomware events and security breaches in the headlines every day, business leaders have come to closely associate technology needs with cybersecurity. Maintaining a secure IT infrastructure for your company has become ever more difficult while at the same time critical to company profits. Creating a secure IT environment goes far beyond firewalls and anti-virus software.

Not all technology providers are created equal. Capabilities can range from basic break/fix companies to the most sophisticated cybersecurity firms.

 

Managed Service Providers

A managed service provider (MSP) provides a variety of IT services to companies such as:

  • Proactive monitoring of servers, firewalls, switches, routers, and workstations to keep the business operating smoothly
  • Remote help desk tech support for your employees
  • Migration/management of Microsoft Office 365 and other cloud-based services
  • Backup and disaster recovery services
  • IT network performance assessments
  • IT supplemental staffing

IT services are delivered from an MSP's network operations centers (NOC), staffed by the MSP's technicians. When you contact your MSP's NOC to report an issue, the MSP will use a ticketing system to track each issue through to successful resolution.

 

Managed Security Service Providers

A managed security service provider (MSSP) offers additional consulting type services around securing the assets of the business, such as:

  • Managed firewall
  • Managed SIEM (security information and event management) and other security as a service plans
  • Advanced endpoint detection and response
  • Mobile device management
  • IT assessments for security and compliance (NIST, HIPAA, PCI, etc.)
  • External network penetration testing

Security services are supported from an MSSP's security operations centers (SOC), staffed by certified cybersecurity engineers.

 

Advantages of Using One Provider for Traditional IT Managed Services and Security Services

Some IT providers strictly offer MSP type services and some only offer MSSP type services, but some span both.

Many traditional MSPs have moved into the cybersecurity space, adding more security services above and beyond traditional endpoint monitoring and help desk support.

There are advantages to using one IT provider for both IT services and cybersecurity protection, but only assuming the provider has the advanced capabilities of an MSSP and provides for segregation of the teams or staff performing the disparate services.

Using a single provider offers these advantages:

  • Cost savings due to reduced overhead
  • Fewer vendors for you to manage
  • Improved collaboration for incident response and remediation activities
  • Centralized risk management capabilities

 

Advantages of Using Separate Providers

Some IT professionals would argue that there is value in separating traditional IT services from cybersecurity services. They would caution against leaving everything in the hands of one provider. Instead, you can use an MSP to provide traditional IT managed services and an MSSP to provide cybersecurity services.

If you use a separate MSP and MSSP, your MSSP will have an unbiased view of the security of your IT network.

But don't think of security as a shopping cart where you are buying service A, B, and C from provider #1 and service D, E, and F from provider #2. It's not a matter of simply picking the right set of tools (or software packages) to create a secure IT infrastructure.

You should never assume that you are protected because you have the implemented the latest and greatest security products. Cybersecurity best practices require a multi-layered approach that provides visibility into your IT environment.

 

An Ideal Solution

There is an ideal solution that provides you the best of both worlds, and that is to use one provider for both traditional IT services and security services, but then also engage an outside vendor to perform periodic IT assessments. With this service model, you gain the benefits of efficiency and cost savings by using one IT provider for everything, but you also get that outsider's perspective to ensure your IT environment remains secure and keeps current defending against the latest cyber threats.

 

Evaluate Your Current Provider

You may currently be using an IT provider with limited cybersecurity capability. Without the right cybersecurity mindset, the MSP could leave you vulnerable.

If you have not adopted advanced cybersecurity protection, don't wait until you're a victim of ransomware or a security breach. Security is not a shopping cart. If your MSP cannot support your security needs, maybe it's time to evaluate other providers.

 

About Corserva

At Corserva, we take a holistic approach to safeguarding computer systems and data. Security is the foundation upon which all our solutions are built. We provide IT services and cybersecurity services to companies nationwide, and we also offer IT assessments for security and compliance needs, such as NIST, HIPAA, PCI, and more.

Corserva provides managed security services including managed SIEM and managed firewall. Our services are supported 24x7x365 by our own US-staffed technical service centers, and backed by our engineers with certifications including CISSP, CISM, CGEIT, CRISC, CEH, and CompTIA Security+.

>> View the Managed Security solution brief. <<

Contact us today and we can customize a security solution to fit your needs.