TECHNOLOGY LANDSCAPE

Understanding the modern technology landscape

The modern technology landscape is littered with Managed Service Provider (MSP)s who manage organizations’ information technology (IT) systems remotely.  Below, you will learn how the current technology landscape presents challenges to security and privacy.

Objectives:

Who ARE THESE RESOURCES FOR?

These resources are for anyone seeking to understand more about the current technology landscape. Specifically, we dive into the ongoing trend of allowing MSPs to fully manage all your information technology needs. We explore the inherent vulnerabilities with this approach and present qualified alternatives that will reduce cost but require more ownership from you and your organization. This provides the best option for those needing to adhere to strict regulatory compliance.

What is a Managed Service Provider and what do they do?

Before we explain what a typical Managed Service Provider is, we feel it’s relevant to describe how MSPs came about.  We have additional resources that provide details but, ultimately, MSPs were born out of organizations’ desire to outsource roles that were traditionally staffed internally.

According to Gartner, “A managed service provider (MSP) delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center.”  

Gartner makes a distinction between traditional MSPs, and what they call, “Pure-play MSPs,” who focus on one vendor or technology. JADEX would be considered the latter.

From <https://www.gartner.com/en/information-technology/glossary/msp-management-service-provider>

Traditional MSPs have a business model that reinforces harmful business practices as they relate to security and compliance.  This paradigm is encouraged through the monetary benefits that MSP owners receive by selling their clients more tools and applications.  It’s a vicious cycle and costly to organizations or business owners who have limited knowledge related to recent cyber security guidance.

We’d like to stress that not all MSPs are evil, but there are enough in the industry where it can be considered a major problem. Our goal is to provide you knowledge to allow you to make informed decisions when handing over the keys of your kingdom to strangers. 

Vulnerabilities associated with the current approach to technology management

Currently, many businesses rely heavily on MSPs for all their technology needs. This often occurs because Information Technology as a discipline is extremely vast and most business owners have limited expertise in technology.

Here are examples of vulnerabilities your organization might experience.

  • Lack complete endpoint management
  • Lack of access control to structured and unstructured content generated within an organization
  •  Lack of accountability related systems monitoring, usages, and routine preventive maintenance for ALL systems and applications within the organization
  • Lack of control of potential threat vectors targeted at your MSP

You can always check another box

Most, if not all MSPs lack accountability.  The #1 question to ask you or your organization’s MSP:  If something happens, who is accountable?  These answers will vary in response and vary in timeliness of that response, but you may begin to see some truth after asking it.  “People who work anywhere are similar to people who work everywhere.”  This means that we will all try to do our jobs in an easier, quicker way or attempt to find the best way of completing it.  With this truth, MSPs will find an easy way to push updates, fixes, and “security” to the thousands of users from hundreds of different companies.  MSPs usually choose to leverage a need that they are experienced in or a need that all their clients have pointed out.  Other than the Pure-play MSPs, this opens up ample room for attacks and increases threat vectors.  If your organization must adhere to strict regulatory requirements, Microsoft offers the unbeatable accommodations to explore.

Microsoft's commitment to security and compliance

Microsoft 365’s Compliance Manager allows organizations the capabilities to track, store, and retrieve multiple policies and procedures that address regulatory controls from many regulatory bodies.  If your organization has strict compliance guidelines, then you may need to look into the FedRAMP authorization process.  You will notice that Microsoft is unmatched with advanced features and applications for digital transformation, content management, automation, security, and compliance.  Remember that strict regulatory accomplishments come with learning from and teaching others inside and outside your organization.