The MSSP:  What are Managed Security Services Providers and Why Do I care?

July 24, 2018


The MSSP is the type of service company that assists businesses of all sizes, mainly small to medium size ones, to effectively take control of their cybersecurity operations through outsourcing.  This kind of outsourcing can prove very useful for those firms that have neither the staff nor the expertise to manage it directly themselves.   Given the current climate, however, this outsourcing activity requires more thorough due diligence than others.

First, you must have a sense of what kinds of issues you are facing.  The MSSP typically offers a variety of products and services that most businesses need and would do themselves if they could:  antimalware, network monitoring, firewalls, managed encryption services for data and communications to name a few.  Many offer packages tailored to specific compliance requirements such as HIPAA, Sarbanes Oxley, even FINSERV.  That’s good, as far as it goes.

Second, most MSSPs also offering alerting and response services.  After all, once something questionable is discovered, and a response is necessary to triage and address it.  Some of them will even provide this capability for you through telephone support or even onsite visits to work directly on the problem.  Mostly, they focus on keeping things clean and running smoothly so that the above concerns are under control, and huge brushfires don’t start.

There are several equally important considerations that you as a potential subscriber to such services must make yourself before engaging anyone, no matter who they are or what “perfect solutions” they might entice you with.  Ultimately, this is your business, not theirs.

However complete they tell you they are, they will not “cure all ills.”  MSSPs offer products and services that appeal to a wide range of customers:  meaning they provide the most-often required ones that nearly everyone needs to ensure the broadest sales opportunities for themselves.

The above creates economies of scale for them and you, but.  What it may not adequately address is any unique requirement you have.  It may mean you are on your own to find an appropriate solution because they are unable or unwilling to offer you one.  They might provide you with an answer but because it is outside their normal portfolio, you will pay to full cost of that solution; which could be quite expensive.

In short, you must drive this effort!  You need to do your homework well because the regulators won’t accept that your dog ate it!