Sometimes I can hear people say, “Oh, I use Managed Services for security. Someone manages my firewalls and someone else does my pen testing. Someone does this, another does that.” But when I talk about Managed Services, I am not referring to this type of service at all. These services are Partial MSPs and not Full MSPs. I am not suggesting that partial services aren’t warranted. In fact, they are a critical part of an information security program.
I talk a lot about Managed Services, so it should be no surprise that I want to be clear about what I mean. When I discuss Managed Services, I am referring to Full MSPs; providers who are actually accountable for the security of your organization. A Full MSP is responsible for the day to day operations of IT, in addition to the compliance needs of your organization. Full MSPs can actually ‘stand in’ on behalf of your organization and answer questions for auditors.
I hope this clarifies things. Please share your MSP questions right here on the blog!