Background
Ever since someone figured out that they could slash costs whilst improving support and skill availability and reducing HR overhead by outsourcing a department, the Managed Services Provider (MSP) was born. In IT, MSPs tend to focus on the operational aspects - supporting users, maintaining infrastructure to ensure that it stays online and functional, developing systems to support new business plans, managing data backups, etc.
However, almost all systems have a security side that is often overlooked but requires constant care and attention in order to remain secure which is where the Managed Security Services Provider (MSSP) comes in. In IT (which is particularly vulnerable), MSSPs focus on the cybersecurity aspects - ensuring that systems are patched in a timely manner, monitoring and testing systems for issues and anomalies, ensuring that systems are and remain securely configured, training users, etc.
In our final years as an MSP and in the early days of cyber attacks becoming increasingly pervasive, we quickly realised that cybersecurity was going to become ever more important so we started focusing on practices and products to keep us and our clients safe - without fully realising it, we naturally started the progression to becoming an MSSP.
As a Network Group member and through our partners and friends, we’re still in regular contact with 50+ other IT companies and departments so, as cybersecurity really started to enter the public consciousness, we observed a few things that will continue to be the case for quite some time:
Organisations are demanding enhanced protection.
MSPs and IT departments are realising that they need to focus on security but don’t really know where to start or don’t have the time to effectively learn everything by themselves - what to focus on first; what products and methods are actually effective; how to balance keeping the organisation happy, operational, and safe; etc.
So, as we’ve lived and breathed the transformation process and seen a growing demand for it, we decided to develop and offer an MSP to MSSP service.
Case study
A recent example of this are our friends at Sync IT - an excellent and already very successful and respected MSP based in Dundalk, Ireland.
Joe Molloy, Operations Director of Sync IT, approached us explaining that they have ambitions to become the go-to MSP and MSSP in the North East of Ireland. They already supported and managed a number of local high profile organisations but, due to a changing world, needed to upskill with their cybersecurity offering and wanted the assistance of specialists to help develop their new service portfolio and get them right.
In mid-February 2019, after some initial fact-finding, Sync IT flew us out to their offices and we spent a few days with Joe Molloy, Operations Director; Allison Cooney, Technical Director; and Phil Monaghan, “Sheriff” and Security Engineer thoroughly discussing their current practices, products, and services.
We were actually taken aback at how remarkably open and honest they were about them and how well-developed these were already with some examples being that they:
Had appointed Phil as “Sheriff” to ensure that best practices are being followed.
Were planning to build cybersecurity into Quarterly Business Reviews (QBRs).
Were testing advanced protection systems.
Had drafted intuitive and compelling marketing.
Had even held an awareness event for ~50 organisation leaders on “How Cyber Attacks & GDPR will Affect You” the previous year!
However, there’s always room for improvement so we then moved on to discussing some suggestions which they were very receptive to but we made it clear that these talks were only preliminary as we wanted to give the advice the time, care, and attention that it deserved.
Upon our return to the UK, we took a few days to discuss our findings and develop our advice then we produced and provided Sync IT with a comprehensive report who reviewed it as a team and decided to develop an implementation plan for each of our recommendations and to embed us in their client engagement process.
Currently, Sync IT, with consultation and assistance from Astrix, have engaged a large Irish accountancy firm to assess and overhaul their cybersecurity. We will be updating this post as we progress!
Sign-off
We hope that our new service will be useful to you or someone that you know and we look forward to working with lots of new clients!
