One of the biggest challenges in my field—and it seems to be getting worse—is how tech companies, vendors, and service providers use complex jargon and endless acronyms. This forces the business world to decipher their language. This issue isn't limited to in-depth technical talks; it's present even in high-level IT discussions. For example, what we offer is now labeled as managed services, often abbreviated to MSP (Managed Service Provider) services.
While it is true we are continually adapting our technology capabilities, services, and solutions to provide best-in-class services to our clients, generally, what we do has been the same over the past twenty years.
We offer a wide range of technology services, solutions, and advisory services, covering the full spectrum of tech needs for businesses that either can't or shouldn't hire internal IT staff. Our offerings include helpdesk support, software application assistance, cloud services, and virtual CIO — oops, that's another acronym for Chief Information Officer. We also provide senior-level business technology advisory services and, crucially, cybersecurity.
While these services have changed over the years and remain fluid (see what I did there), the importance and business impact of these services has not increased nearly as much as cybersecurity.
When I started Fluid IT 22 years ago, security was important to us and has always been one of our top three priorities. However, businesses viewed security as a disruptive force to productivity and an expensive option they would often opt out of. It certainly wasn’t viewed as important enough to warrant a spot within the IT budget or even an ongoing place on the technology roadmap.
As the years have passed, the importance of cybersecurity has continued to rise in the consciousness of businesses as the damage and real cost have increased to the point one bad event can put you out of business. Cybersecurity has forced itself into the discussion of the board members and not only into the IT budget; it now is the number one concern of business owners and management, creating the need for its own budget.
During this time, yet another new acronym appeared: MSSP or Managed Security Solution Provider. The general idea is an MSSP focuses on providing cybersecurity solutions and services, while an MSP only focuses on general comprehensive IT services. The inference is that MSPs do not and cannot provide adequate cybersecurity services and solutions to the point that it is necessary to create an entirely new business offering to address this gap, and voila, we now have MSSPs.
Searching for MSPs and then for MSSPs yields different outcomes, adding layers of confusion to the tech services market and perplexing business communities and non-technical service buyers. Differentiating between MSPs was already challenging for buyers, as most providers' websites echo similar claims.
The introduction of MSSPs complicates matters further, making it harder for buyers to understand what MSSPs offer, how they're different, and if their services are necessary. This development has only increased the difficulty for businesses in identifying their needs, choosing the right provider, and understanding the distinctions between the services offered.
With that said, my biggest frustration and concern is the implication that managed service providers, such as Fluid IT, do not and cannot provide adequate cybersecurity services that can only be obtained from an MSSP. There may have been a time several years ago when this might have been the case, but the lines have now blurred.
Fluid IT has continually improved security services and solutions for our clients over the years, and more recently, we have aggressively added more advanced capabilities the MSSPs state only they can offer.
A forward-thinking, high-value managed service provider should provide/offer many, if not all, of the cybersecurity services MSSPs provide. We should be at the point where top MSPs can and do provide comprehensive cybersecurity services and solutions that prevent the need to add yet another vendor to the mix to pay for and manage. There will always be very specific and targeted solutions that will be and many times should remain separate, such as penetration testing and forensics.
For businesses, cybersecurity terminology, with its vague terms and myriad acronyms, is particularly challenging. Mentioning that we offer MFA, EDR, MDR, SOC, SIEM, and IPS can be confusing even for those well-versed in technology. It's unrealistic and frustrating to expect a business owner or manager to recognize and understand these acronyms.
Complicating the situation further, more businesses are facing audits from their insurance providers, vendors, and customers. These cybersecurity audits often include questions about specific technical capabilities, which only a cybersecurity expert could answer accurately.
For instance, we're dealing with questions like:
These are just four questions of the hundreds typically included in these audits. And just because the audit is asking for them doesn’t mean the business must or even should do them all. All of them come at a cost, which should be evaluated by business leadership on a risked base cost-benefit analysis as they would any business case. It is not possible for leadership to do that if they do not understand the underlying service/solution, what its purpose is, why it may be beneficial, what specific risk(s) it addresses, how likely the business is to encounter said risk, etc.
I recently spoke to the CEO of one of our healthcare clients, and they were being audited simultaneously by two separate customers. In healthcare, a business associate agreement must be in place, and the covered entity, in this case, the customer, must ensure its provider, in this case, our client, has proper security measures in place.
The problem is the audit questionnaires ask for everything, whether it’s really needed or not. It does not consider the size of the business, which matters, the likelihood of an event, or the applicability of the specific requests. It is a CYA to cover themselves.
The CEO, upon learning more about the audits and having all the techno-speak translated into business terms, decided the best business decision may be to sever and lose the client rather than pay the high cost of meeting all their requests.
The reality is that high-level management discussion is only possible once the technical staff can translate it into actionable advisory-level information for decision-making.
Navigating the complex world of IT services, especially when it comes to deciphering the jargon of cybersecurity, can be a daunting task for businesses. At Fluid IT, we understand the importance of providing clear, comprehensive IT and cybersecurity services that cater to the unique needs of each business. Our commitment to adapting and enhancing our services ensures that we remain at the forefront of both MSP and MSSP offerings.
As technology evolves, so do the threats and challenges it presents. This is why Fluid IT has dedicated itself to not only keeping pace but leading the way in cybersecurity measures. We've expanded our capabilities to include the advanced services traditionally associated with MSSPs, ensuring that our clients receive the highest level of protection without the need to manage multiple vendors.
Choosing the right IT partner is more crucial than ever, as the lines between MSPs and MSSPs blur. Fluid IT stands ready to provide your business with the comprehensive, advanced IT and cybersecurity solutions it needs to thrive in today's digital landscape. Let us help you navigate the complexities of IT services, ensuring your business is secure, efficient, and prepared for whatever the future holds.
Don't let IT jargon and cybersecurity concerns slow your business down. Contact Fluid IT today to discover how our MSP and MSSP services can simplify your IT needs, secure your operations, and support your growth. Let's work together to make IT work for you, not against you.