Subscribe - news & resources
An In-depth Guide to Managed Security Services with an MSP
Small to medium sized businesses are more frequently becoming targets for cyber-attacks, due to them often not prioritising their IT security compared to larger organisations.
The trouble is that corporates have more money to put into their security – they are able to employ in-house IT security specialists, invest in security infrastructure, have regular consultations; but what is happening more frequently these days, is organisations outsourcing their IT security entirely. Traditionally this option has been reserved for larger scale organisations – but there has been an increasing movement to adapt outsourced IT security services to fit the needs of the SMB market.
One of the big ways that this is happening is with Managed Service Providers (MSPs) extending their services to include managed security services. This is making it much easier for businesses to protect themselves from cyber-attacks.
What Managed Security Services do MSP’s provide?
The first thing that will happen when you have an MSP build your security is that they will do an in-depth analysis of your network – which should be achieved via a network monitoring tool.
This will generate a comprehensive report detailing your level of cyber risk, an analysis of potential legal risks (pertaining to regulations such as GDPR), and any business-critical security issues you may have.
Once the MSP has this, they will discuss the implications with you, and together, you will decide on what managed security services and steps you must take to increase your cyber security.
Cyber Essentials Accreditation
This is a UK Government-backed scheme meant to establish the basic controls an organisation has in place to reduce cyber threats. It is a foundation level certificate, meaning that is the minimum requirement for an organisation.
An MSP should have gone through this accreditation themselves already, and they will support you while you work to get it too. During the application process, an organisation must fill out an online self-assessment questionnaire; upon passing this questionnaire they will be awarded the certification, along with branding for their business. The certification lasts for 12 months.
The scheme also offers a higher level of certificate called the Cyber Essentials Plus for a higher price. Engaging an MSP is definitely recommend for Cyber Essentials Plus, as it requires a third party audit and an on-site assessment.
ISO 27001 Accreditation
This is an international standard for information security. It details the requirements for an information security management system (ISMS) which must be met by a business for them to receive this accreditation. The requirements involve how to examine an organisations information security risks, with consideration to their vulnerabilities, potential threats; and the impacts that any vulnerabilities or threats will have.
The ISO 27001 standard also requires that a comprehensive array of security controls and are implemented for the organisation – the controls will be designed to meet the specific requirements of the organisation based on the assessment of their risks and vulnerabilities. Finally, for the long-term, the ISO 27001 standard requires that an overarching management process be implemented for the organisation. This is to ensure that the array of security controls continually meets the organisation’s needs – if their security needs change, so will the controls.
An MSP that is ISO 27001 accredited is considered highly trustworthy, because it means their approach to information security management is ongoing and continually changing to meet their client’s specific needs.
E3 and E5 Security
As a Microsoft Partner, TechQuarters also offers licensing for Microsoft 365 and can make recommendations also based around security. For our customers, we recommend either the E3 plan or the E5 plan which offer different levels of security. The Microsoft 365 E3 plan offers the following:
Azure Active Directory Premium P1 – With this you will get identity management for both on-premises and remote users, and it works with both local and cloud-based applications. You will get basic conditional access security.
Microsoft Advanced Threat Analytics – An on-premises platform that helps protect your enterprise from multiple types of cyber-attacks and insider threats. With this an organisation can identify suspicious activities and advanced attacks on premises.
Microsoft Endpoint Manager – Mobile Device Management and App Management to protect corporate apps and data on any device.
Azure Information Protection Premium P1 – Encryption for all files and storage locations. Cloud-based file tracking.
The Microsoft 365 E5 plan offers all the features listed above and goes one step further with security. You also get Advanced Threat Protection – this includes protection against zero-day threat and malware; and you will get Advanced Security Management, giving you enhanced visibility and control of your security settings, and security for Cloud applications. The E5 license is particularly suited for organisations in the Financial sectors, or Gambling industries.
An MSP should also be delivering a standardised array of technology solutions and controls that can be tailored to fit each use case.
These solutions may involve things like AI-powered monitoring tools, which may detect if a user appears to be logging in from multiple locations at once; or if company data is being shared to an application that is not permitted for use by the company. Monitoring is an excellent way of detecting potential data leaks and threats.
Multi-factor authentication is a policy that can be applied across an organisation, which involves each login requiring approval via a code or link sent to the user, in addition to them entering their password. Take the previous example of a user appearing to log in from multiple locations – if MFA is in place, you can be sure that attempts to access a user’s account by someone other than the user will fail.
Another solution MSPs should use is applying security standards to data leaving the business. For example, a permissions policy can be put in place for any emails that leave the business; meaning that emails sent to external parties may be accessible for a certain period of time, after which they will permanently delete themselves.
Having standardized solutions such as these means an MSP will have a really in-depth understanding of the tech and will therefore be able to identify potential security risks more effectively and fill such gaps.
How we help in our own way
Here at TechQuarters, as well as everything we’ve spoke about above, we have our own ways of helping our customers with security. As mentioned, we always make sure our customers are working with up-to-date software and hardware – but we don’t stop there. Once a customer has been provisioned with new technology, we help with the adoption of the tech on a user level with our platform, the 365 Cloud Academy. The Cloud Academy is our tutorial platform that provides videos on all the Microsoft applications one uses on a daily basis; it shows people how to use applications more efficiently, and in a more integrated way.
But, specifically in the realm of security, we offer user training on the principles of user safety – e.g. how to spot a scam email, how to create strong passwords, or best practices for safe web browsing. Our ‘Best Practice Security’ Playlist is on the 365 Cloud Academy and is available to all of our customers.
So that was an in-depth review of many of the possible managed security services an MSP could be utilised to provide your business! If any of these seem of interest to you, please do get in contact with us on the details below.