22 February 2021
Managed IT or Managed Security – What’s the Difference?
If you have ever considered getting help with managing your business IT, you will have seen a few different terms used to describe the available options. But how do you know which to choose? We’ve taken a quick look at some of the important differences between Managed IT and Managed Security, to help you decide what’s right for you.
The primary concept around managed IT is to achieve and sustain maximum uptime, reliability, and productivity. There is also a focus on giving users a great support experience.
Your Managed IT service should include proactive maintenance such as Windows updates, application patches, and generally keeping your digital environment tidy. Skilled personnel are constantly watching logs, and addressing any warning messages early, before a problem emerges.
Put simply, Managed IT service covers the day-to-day running of your IT environment, just as an in-house team might do in a larger corporation, but at a far more attractive economy of scale. They free up your own people by providing remote and on-site support, and typical helpdesk services. Usually there will be guarantees covering response times and acceptable uptime. Managed IT will also cover asset management, so that you have an efficient way to track all equipment, and have plenty of time to plan to replace and update the hardware and software you need to operate.
A Managed IT service does touch on security, in that it will cover patching hardware and software, manage endpoint protection, and make sure virus and malware defences are operating appropriately. They’ll cover password management and access control, as well as making sure that you are following best practice. And let’s not forget the importance of having well-managed backups, so that you can recover quickly when needed.
Beyond the basics, a good Managed IT service will provide your business an IT strategy, including budget planning, aligned to your overall business plans. They will have access to industry knowledge and technology roadmaps of major and niche vendors, and use this to identify opportunities and risks for your business. A good Managed IT service will offer regular reporting to keep your business up to date on how well your IT is performing – and a great service will help you to analyse and interpret those results in the context of your industry, your business size, and your overall plans.
As you might expect, Managed Security is all about preventing unauthorised access to your systems and data. It is essential to identify and deal with risks. These risks may come in the form of external threats such as hackers, or internal, such as accidental or malicious activity by employees.
A Managed security specialist will identify any security or privacy issues that relate to your business operations. They provide security monitoring, where they keep a close watch on logfiles from security-based events, in a proactive approach. A Managed Security arrangement will also cover higher-level security expertise, in particular assessing how your data is structured, who has access, how shareable it is, and how safe. Of course, you should also expect detailed monitoring and reporting on your security posture, with recommendations for improvements.
If your organisation must meet industry security standards, or manage legislated compliance needs, or if you have a contract in place with an upstream supplier or government organisation, your Managed Security arrangement should reflect this. You need to be confident that all your practices are aligned with the required standard, and that your records can readily demonstrate compliance.
While providers can vary, as part of a Managed Security agreement, we include dedicated security analysts who can provide expert knowledge and support. They’re all certified with specific IT security frameworks, such as Microsoft Security Expert. It is worth checking that your Managed Security team has access to numerous experts, so that as your environment evolves and changes, you won’t find that gaps in knowledge compromises safety. This can be a challenge in smaller security partners, whose people may not get access to training and experience in a broad range of technologies.
Security hazards do not follow a 9-5 routine, so one of the key benefits of Managed Security is that you always have someone with the right skills available. They also have a focus that means they are not distracted by the daily needs of the IT department. Security today is too specialised to hand over to someone who has another hundred priorities in their day, and it would be unfair to expect a generalist to cover this task in an organisation where security is a priority.
Even with the very best technologies, risks exist. Among the biggest risks are employees, who need regular training and testing on their security knowledge. One of the most enlightening ways of doing this can be using a phishing simulation to see who clicks on what. Such tests should always be handled responsibly – the idea is not to catch people out, but to identify where a little online training or a refresher course could be useful. Security specialists know how to take the emotion out of any lapses, and empower the users to employ solid judgement.
Aside from making sure users are well equipped, a Managed Security arrangement should include threat hunting, where they actively look for vulnerabilities. This may be done via a security review, a penetration test, and dark web monitoring for company asset. When it comes to IT security, ignorance is never bliss for long.
As part of your Managed Security service, you are likely to have a regular review of your IT security strategy. Usually annual or bi-annual, or performed after major changes, this will look for ways to improve your security status. It will include checking with your internal team or external Managed IT provider to ensure that you have a solid, frequently tested, backup and disaster recovery process in place. As a part of any review, our experts consider best-practice governance, and help you to use available tools to improve ISO compliance where needed.
A Note About Flexibility
Whether you need help with the day-to-day, or the highly specialised world of IT security, your needs will change over time – and they will differ from other organisations. Don’t be afraid to ask your provider where they can be flexible about the type and level of service provided – it is their job to work in your best interests, and that may mean adjusting to make a perfect fit. Ask questions, ask to visit their office – if they feel like an extension of your own business, and talk your language, you have a great chance of a positive, long-term relationship that benefits both parties.