Don’t make a mistake and put the security and future of your company at risk

It’s not an exaggeration to say that you may be putting the future of your company at risk if you don’t know the differences between a Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). While there may be some crossover of functions between these two types of outsourced services, the fact remains that it’s highly likely that you will need to invest time, resources and budget for each.

MSP vs MSSP: Comparison of Missions and Functions

Perhaps the simplest way to understand the variation between these two different types of providers is as follows. MSPs operate in the world of IT network management – keeping your infrastructure up to date, troubleshooting problems users are experiencing, and maintaining IT operations. MSSPs operate in the world of cybersecurity and the detection, prevention and remediation of cyberthreats that have the potential to ruin a company’s reputation and pocketbook – kind of like an ever vigilant and on guard police force.

Key differences include:

Managed Service Provider (MSP)

Managed Security Service Provider (MSSP)

· Ensures IT systems are operational, reliable, available and useful for employees and customers


· Key focus is on administrative functions of an IT system and network, and typically serves as a company’s outsourced IT department


· Costs based on a fixed fee model - per device, per user or some combination


· Characterized by tools and technologies like remote monitoring and management and troubleshooting / ticketing systems or a help desk


· Generally, will not provide clients with a complete cyber security posture, but will offer a minimum level of security services, like firewalls and anti-virus software.


· Mission critical:  ensure that IT systems are up and running and that data remains available for employees and customers.


· May include offerings from other providers like application service providers (ASPs), Web hosting companies and network service providers (NSPs).

· 24/7/365 cybersecurity monitoring primarily focused on IT security with key objectives of preventing, detecting and responding to threats across IT infrastructure, network and applications


· Serves in a consulting and advisory role, providing cybersecurity insights to help make proactive changes to policies and procedures in order to prevent security incidents that might result in breach, data loss, or any other incident that could negatively impact a business.


· Requires expertise for aligning security with IT compliance frameworks and ensures that people and systems are safe, secure and compliant.


· Includes deployment of a Security Operations Center – a physical facility staffed by analysts responsible for real time investigation of network and logs, hunting for threats, creating alerts for incidents, and executing plans for remediation.


· Employs processes such as security information and event management, computer system hardening, unified threat management, and network intrusion detection prevention.


· Requires a deep understanding of client’s current policies and regulatory compliance issues that affect the company and its data. 


· MSSP requirement: implementing complex security procedures to ensure that the system and each employee is protected through the latest advances in security and compliance methods.


· In other words, the primary focus of an MSSP is to provide the ultimate cybersecurity protection through around-the-clock monitoring to determine any potential security breaches

Should You Hire BOTH a Managed Service Provider (MSP) and a Managed Security Service Provider (MSSP)?

The answer in a nutshell, is YES.

While some MSPs claim they can bring security functionality to their clients, the truth is that many offer only the most rudimentary and easily defeatable security services. Their measurement of success is not upon how many threats they have detected and foiled, but upon other metrics like downtime and user satisfaction.

MSSPs measure their success with a vastly different set of standards, using different tools, methods and technologies in executing their mission. They’re responsible for keeping up to speed on the nature and risk exposure you may have from new (and existing) cyberthreats, and for managing, maintain and responding to threats using state of the art tools and technologies that typical MSPs cannot bring to the table.

Structuring a Managed Security Service Provider Contract

If you are interested in learning more about what a MSSP can do for your company or organization, contact our managed security services team here or call (name) at (number) today. We’ll have a no cost or obligation discussion on the scope of MSSP services you might require for your industry or situation, as well as the fee structures that are typical of an MSSP engagement.