Call us on: 02920 887 362
Insights /

The difference between an MSP and an MSSP

What does MSP Stand for?

MSP stands for ‘Managed Service Provider’. The IT industry talks a lot about providing a ‘managed service’, which is in contrast to a break-fix model.

Break Fix model

The break-fix model used to be the norm for the IT industry; a user would have an issue and an IT support tech would be sent out to fix it. The cost to the client would be based on how long the problem took to fix.

While simple, it doesn’t take a lot of thought to realise that the break fix model doesn’t present the best deal for clients. There’s no incentive for support providers to deal with issues quickly, because the longer it takes the more they get paid, and there’s no incentive to proactively deal with long term issues, because they’re essentially a long term source of revenue.

Managed Services

The answer to this came in the form of managed services. Now, instead of paying to fix problems as they occur, clients instead pay providers on a regular basis to ensure problems don’t occur in the first place. This means providers are incentivised to provide a prompt service, be proactive in dealing with problems and advising on longer term IT strategies. Because no matter how long they spend working on problems, now they get paid the same.

There are exceptions to this of course; not every type of issue will be covered in a typical support contract, but this is the broad argument for managed services.

So what is an MSSP?

MSSP stands for Managed Security Services Provider. They specialise in providing security services like managing firewalls, vulnerability management and intrusion detection.

Do I need an MSP or an MSSP?

Because their services are more specific, MSSP’s tend to be used by larger organisations, or ones with particular regulatory requirements around security. They may already have an extensive IT team in house, but need help with particular areas of security.

MSP’s on contrast, can be used by organisations of virtually any size. They can also work with internal IT teams to cover everything from knowledge gaps to holiday absences.

If you’re unsure whether you need an MSP or MSSP, it’s likely that an MSP will be a better first port of call for you, as they’ll probably be able to take a broader view of your IT needs.

Here’s the important bit though: MSP’s still have a responsibility for your security. As MSP’s will deal with the  day to day IT operations of an organisation, their input will provide the foundation for you security posture. The biggest, shiniest MSSP locks still aren’t going to keep people out if the gate they’re fitted to is rotting away.

Make sure that you know the limits of your MSP’s cyber security capabilities, and whether they’ll be able to cover your needs. A security focussed MSP should be able to serve most organisations, with MSSP’s needed for those with extra or more particular security concerns.

Worried about cyber security but don’t know where to start? Speak to us today.

You might also be interested in:

A Quick Intro to Patching

What is patching? And why do IT people talk about it so much?

When should you outsource your IT?

The short answer, and the one you’d expect from an IT support provider, is as soon as you can. But there’s a bit more to it than that.

Excellence on Ice