Managed IT Service Providers (MSPs) implement multiple security measures to protect your business, but how can you trust them when you don’t know their process?
After all, there are significant costs associated with Managed IT, and companies only have a limited amount of resources to invest.
We understand the difficulty of trusting a third-party vendor with your entire IT department. So we’ll walk you through two of the most common questions asked by business owners who want to ensure ITS is a qualified MSP:
- How do MSPs identify gaps in security systems?
- How do MSPs recognize threats to security systems?
By the end of this article, you’ll have a clearer understanding of how MSPs safeguard your network and will be able to check if the MSP you’re hiring is going to meet your standards.
Read “4 Security Benefits of Managed IT Services (& 2 Disadvantages)”
How do MSPs identify gaps in security systems?
Securing a company’s IT infrastructure is more complex than installing a security program and letting it run. Each MSP protects its clients differently. But you can expect each MSP to have a step-by-step process they follow.
The most common first step is to conduct network assessments. Network assessments identify what equipment you have, what you use, and how you’re protecting them.
According to Kyle Kohler, a Technical Sales Engineer at ITS San Francisco, identifying your equipment is the first part of the NIST Cybersecurity Framework (NIST CSF).
He said, “Identification is the most common security gap [businesses have]. It’s where many businesses are already struggling – most organizations don’t know what they have.”
MSPs fill up this common gap in clients’ knowledge. They’ll always go through your current setup.
(If they’re pushing for solutions without asking what you have and need, run far away!)
Usually, MSPs get this information by working through your network with automated tools. Some MSPs give this information to clients for free as a starting point to understanding your network.
But Kohler pointed out, “While we get most of the information we need with an automated tool, we find the rest of the information by asking the right questions.”
“So this is kind of the mini-next step in a network assessment: interviews. Checking with the departments and asking about the tools used. Maybe IT doesn’t know HR uses Dropbox, but marketing uses Google Drive. But the business is actually a Microsoft customer.”
He advised clients to remember that the automated network assessment will get people most of the way, but tools alone cannot detect everything.
You still need highly skilled technicians to go through your IT infrastructure, ask questions, and note what steps you need to take.
How do MSPs recognize potential threats to security systems?
After going through the system with tools & questions and mapping out everything in the network, MSPs need to protect the system from potential threats.
But securing your company’s IT is a long journey.
Kohler explained, “The first step is identification, but then there are additional steps. So, after identifying devices, applications, network data, and users, the next step is protection.”
During the protection stage, MSPs identify the best programs to use to safeguard your data. They also identify the best security practices to put in place in your company. MSPs may recommend new habits such as 2FA or MFA or upgraded firewalls.
Protecting your company from top to bottom takes more time than you think. An MSP claiming they can give you complete protection from data breaches within a week is a huge red flag - in fact, any MSP saying they have a 100% guarantee that you won't have a data breach is a red flag. Hackers are a sophisticated bunch, and each threat needs to be properly evaluated and acted on.
Kohler said MSPs take companies beyond protecting data into detecting threats. “Eventually,” he said, “MSPs will set up ways to detect errors and malware.”
Each MSP has its chosen programs and practices for detecting problems in networks. For security reasons, they won’t divulge every detail of the setup. But they’ll still point out how they work and changes that could affect your end-users.
Kohler also said, “MSPs will help your business respond to cyber incidents and plan how you’ll recover from a cyber incident.”
“Hope for the best and plan for the worst.” is a saying the best MSPs live by. No matter how many safeguards MSPs put in, they’ll never give out a 100% guarantee that you’ll never have a data breach. Instead, MSPs mitigate the risk and ensure you’re capable of recovering in worst-case scenarios.
“The [security process] is not something that you can do within one month,” Kohler said. “It’s not something that most environments will do within one year. It’s something that takes a little bit of effort little by little [over a long period of time].”
But then, how do MSPs protect from immediate threats?
“Some things are prioritized,” Kohler explained. “If we identify you have 12 servers, but you have no protections, we’re going to immediately jump right into protecting those servers before we go on to applications, data, and users.”
Overall, MSPs follow a framework to recognize threats and use their tools and knowledge to protect your network.
Need more help vetting your Managed IT Services Provider?
So, how do MSPs protect you?
- MSPs do a deep dive into your network via automated tools, interviews, and IT staff overview.
- They implement ways to protect data, detect threats, respond to attacks, and recover losses.
- Each MSP has its own security programs – they won’t divulge the details but will explain what the programs do.
But these only work if you trust the MSP you’re working with.
At ITS, we know that the partnership is doomed if there’s no trust between a client and an MSP. Especially since most MSPs have you in a contract with a minimum amount of time.
We believe you need concrete tools to identify the good, the bad, and the great MSPs in your area.
To help you vet possible MSPs, check out “20 Questions to Ask When Choosing the Best Managed IT (MSP)” before partnering with an MSP. 