Many small businesses decide that they aren't ready to full-time IT professionals, but still realize that they need professional help to manage their IT and IT Security needs. One click deeper into that research small businesses often end up asking themselves what the difference is between MSP vs MSSP. If you are in that very spot, you've come to the right place -- in this post we'll discuss the difference between those two types of service providers.
There are over 6,000 MSPs (Managed Service Providers) in the U.S. -- they are sometimes known as Managed IT providers. Some industry analysts also refer to these types of providers as IT-as-a-Service providers, although that term has some formality that feels more appropriate for a research report than daily use.
Whatever you call them, the often-heard story around companies that engage MSPs is as follows. An entrepreneur building a new company starts off purchasing and configuring their own laptop and other technology resources. Over time, they expand their team with a handful of early employees that have the patience and willpower to manage through configuring their own workstations themselves. But eventually, the company expands to a point where an experienced hire joins the company and says "managing our own IT is a distraction" -- and urges the founder/owner/CEO to seek out a Managed Service Provider to take over that responsibility.
We're not saying that the above is always the way that Managed Service Providers enter the picture, but it is a storyline we've heard so frequently that it is worth telling here... as an illustration of the completely natural evolution of how companies evolve their IT practices.
What comes next? Some of the tasks that small businesses are most eager to offload to their newly-onboarded MSP are (often) as follows:
We're not saying that MSP services "stop" there -- and in fact, for MSPs that do stop there, they are probably at risk of being displaced by more comprehensive providers. However, the above examples are very typical of what a small business might have at the top of their wish list when they engage an MSP.
Let's move on to how this storyline differs from the story that we hear (time and time again) about how businesses end up in pursuit of professional IT Security help -- and thus sometimes end up learning more about MSP vs MSSP differences than they ever wanted to know.
As a company specializing in small business cybersecurity it pains us to say this, but it's important context. Very few small business operators wake up one morning and just spontaneously say "today's the day I'm going to get my IT security under control" -- it happens, but it's rare.
More frequently, a small business operator experiences one of the following:
These are some of the top reasons why a company suddenly searches for (and learns a ton about) the difference between MSP vs MSSP, in their quest to augment their current MSP provider with one or more additional providers that are more specialized in security. Unfortunately, hiring an MSSP (Managed Security Service Provider) is typically the wrong path to solving the security and compliance challenges that led to the search.
The list in the prior section of motivations that often drive small businesses to learn about the MSP vs MSSP distinction, and often cause them to seek out an MSSP, needs more discussion.
The lineage of the MSSP industry comes roots that are deeply related to the way we previously worked, prior to COVID-19. It was a world where "everyone" went into the office and connected to elaborate highly-tuned corporate network infrastructure. Remember? And, a security-related configuration mistake in that network infrastructure could suddenly let an outsider (we're being kind: what we mean is a cyber attacker) gain access to dozens, hundreds, or thousands of corporate-managed workstations, servers, and devices.
Then COVID-19 happened. Most companies sent their teams home. A whole new class of emerging security issues suddenly came to the forefront, leaping ahead of corporate network infrastructure as the #1 security topic amongst small business IT teams. Some of those issues that hopped to the forefront, were:
These are just a representative set of examples of the top issues that quickly came up when teams went remote. And, unfortunately, for those asking whether these problems are better addressed by an MSP vs MSSP... that's entirely the wrong question. The experience built up by the supermajority of MSSPs is incredibly useful for the types of nuanced corporate network security configuration that we discussed earlier, but not particularly helpful for some of the new-age distributed team security concerns that rapidly came to the forefront over the past year.
That's where Havoc Shield steps in. Whether you are struggling in the aftermath of a cyberattack, sorting out regulatory or compliance needs, navigating an enterprise security questionnaire, or trying to make it over a hurdle set by a cybersecurity insurer, we're here to help. And our help is all designed around the new context of small business: one where many companies have distributed team members, who may very well be handling sensitive information from the comfort of their couch. The security concerns around that type of work context are manageable, but you need the right provider to do so.