Are MSP Services Not Secure?

There have recently been major cases where IT Service Provider companies were infected, and their clients’ systems and data compromised with Ransomware. One such company who was compromised in this December 2019 had more than 100 of their client dental clinics affected, and another company’s clients that were affected represent more than 100 nursing homes located all across the United States. The systems affected have meant that the care facilities are faced with problems ranging from being unable to process payments to keep their doors open, to inaccessible patient records and phones service causing problems and delays in patients receiving treatment. (Full stories here.)

Needless to say, these security breaches represent a major failure on the part of the Service Providers, who’s clients relied on them to provide business-critical infrastructure and services. While there are specific aspects of these incidents that could be pointed out as avoidable with various correct safeguards in place, this case helps to bring into focus a very important lesson about IT services, which is that Managed Services Providers (MSPs) are not necessarily qualified to deliver the proactive IT Security Management needed to manage a company’s IT Security posture and strategy. What was lacking in both the provider’s and their clients’ own IT Strategy was the presence of a CISO (Chief Information Security Officer) in their perspective organizations. The CISO’s role is to manage every aspect of IT Security for the organization. This role does not have to be a full-time employee, and is many times outsourced as a Virtual or “VCISO” professional service; since they are costly to recruit.

Movaci also provides the same hosted and managed business infrastructure and services that the unfortunate MSPs above provide. What is different about Movaci is that we employ our own team of qualified IT Security engineers and experts as its own IT Security Services department; and all of Movaci’s offerings are tested, audited, and have their security managed by this team. In addition to VCISO services, Movaci’s IT Security Services team also provides services directly to clients’ systems with Managed Security Services (MSS), Managed Detection and Response (MDR), Security Operations Center (SOC), Vulnerability and Compliance Auditing, and, Employee IT Security Trainings. (More info on IT Security Services here.)

Please contact us if you would like to know what security measures are a recommended fit to safeguard your company.