3 Questions to Ask Your MSP for Confidence in your Cybersecurity

Managed service providers can deliver expert IT advisory and support at a relatively low cost, but trust and communication is necessary for a successful partnership. Find out what key questions and considerations you need to be asking your MSP to protect your data and business.

The inclusion of an MSP carries benefit and risk – On one hand, the breach of your MSP would put you in potential danger, as we are seeing now with the Kaseya breach.  On the other hand, having a trusted provider with admin access from a completely separate network can be what saves you in an attack that locks up systems.

Managed Service Providers (MSPs) can be a powerful partner in helping your organization harness the power of technology and minimize tech-driven challenges or risks. However, with tens of thousands of options across the country, how should your business choose one? Additionally, If you already have a provider or potential provider, what conversations need to be had to ensure a successful and enduring relationship? Use these 3 questions to assess whether your MSP is ready to manage your technology and protect your data in the best way possible. 


1. Does the provider adhere to a third-party audit for compliance?  

Organizations must practice extreme caution when granting access to their network, IT systems, and data to anyone, and a managed provider is no exception. MSPs need to ensure they can protect themselves before they make any promises to protect others. One way to confirm the legitimacy and security posture of an IT Company is to ask whether they adhere to any third-party security audits. Third-party audits deliver an unbiased and comprehensive report on the provider, assessing their tools and practices against industry and federal standards. Do not hesitate to investigate their security standards and compliance even further, asking questions about what solutions and commitments are covered in the audit or whether the provider has cyber insurance.

"You need a provider that is transparent enough to allow an external examination and savvy enough to go beyond external obligations to protect your business from modern threats"


Chief Security Officer for Centre Technologies

More specifically, ask your provider whether they complete the SOC 2 Type 2 Audit, an assessment of industry best practices in areas such as privacy, confidentiality, and processing integrity. Fulfilling SOC 2 Type 2 compliance requires advanced technologies, such as endpoint detection and response, and disciplined internal practices, such as comprehensive system documentation.   

SOC 2 Type 1 and SOC 2 Type 2 Compliance for Managed Services Providers

Only a number of service providers, especially those catering to small and mid-sized businesses, complete these audits since they require extensive time, resources, and commitments. However, seeking an IT company that engages in this audit annually, such as Centre Technologies, is well worth it to ensure dependability and confidence in your partnership.  


2. Does the provider customize System and Data protection plans?

Maximizing productivity, protecting information, and minimizing costs is a tricky balance, and there is no one solution. Managed service providers must work closely with their customers to strategically plan and invest in technologies that align with the customer’s operations, industry, and business objectives. For example, data backups are a crucial practice for any organization, but how the backups are performed and what tools are used depends on the specific business.

Managed Services Customized System and Data Protection Plan

MSPs need to discuss with their customers critical questions such as how long can systems be down without significant costs? What is an acceptable amount of data loss in the event of a disaster? How fast would systems need to be rebuilt? What is the allotted budget? Based on the answers to questions like these, a different suite of products and services, like Backup and Disaster Recovery-as-a-Service (BDRaaS), should be offered to optimally balance the customer’s resources and expectations.


3. Does the provider continuously seek improvement and innovation?

The right managed services provider should do more than break-fix support, they should continuously recommend new tools and services to keep your organization ahead of the curve. Your provider should reflect over your organization’s current use of technology and identify blind spots where data protection, retention, or productivity can be improved. Additionally, legitimate service providers should be proactive about innovative tools your business can adopt to further digital transformation and IT security.


MSPs with a customer experience team have people dedicated to your account, reflecting on past insights and future plans. They are able to provide routine layers of advisory and fine-tuning to optimize solutions and services. Essentially, these providers have the bandwidth and expertise to help your organization move forward with technology beyond simply resolving tickets or acting on a one-time consultation.

The questions above are some of the most foundational in not only choosing the right IT service provider but also getting the most out of your investment with one. A good provider will help your organization put out fires, but a great one will work closely with your team for an IT environment built to last and protect what matters most. Only a handful of MSPs, such as Centre Technologies, are able to answer yes to all 3 questions by having the practices and means to shield your organization against the risks of technology. 


Kaseya Ransomware breach disturbs the MSP community

In regards to the Kaseya Ransomware breach, the tools Centre Technologies uses are vetted through a committee and are sanctioned by 3rd party audits to remain disciplined to the policies put around those tools. As a proactive, preventative measure, Centre is monitoring the the Kaseya attack closely:

  • Centre does NOT use Kaseya VSA to support customers
  • Centre has performed a scan on all client's environments and has removed a small number of stray agents found on client endpoint machines following recommended guidance from CISA, FBI, Kaseya for detection, and those clients have been notified. 
  • Centre's service providers and 3rd party vendors have provided confirmation that they have not been impacted by Kaseya. 

Contact us to learn more about how your organization can take a proactive security response and have the confidence knowing that your MSP has you covered. 

Originally published on July 7, 2021

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Secure Managed Services Secure Managed Services

Organizations trust Centre to deploy, manage, and secure IT solutions that ensure day-to-day business continuity and increase operational efficiency. Centre’s Managed Services provide 24x7 secure by default IT support and proactive consulting that keep businesses moving. Centre Assist™ technical consultants work alongside customers to deliver innovation and business optimization by being an extension of their team. Learn more about Secure Managed Services »

Follow on LinkedIn »