Who Bears The Risk?

We noticed that managed service providers (MSPs) are often not willing to take responsibility for the risks they impose on their customers. Yet their customers often assume that an MSP will take responsibility for a particular risk – and that’s where the problem lies. When this type of miscommunication occurs, it leaves large gaps in the security posture of organizations. So who owns the risk?

Shifting the risk

If an organization is working with one or more MSPs, it must understand the concept of shared responsibility. MSPs and their customers must work together to meet security standards and expectations. Partnering with an MSP does not take the risk away from the customer; rather, it shifts it. Securing systems such as database servers, firewalls, switches, authentication services and log servers means sharing risk between the MSP and the customer. As the MSP, you need to clearly define what falls within the scope of your responsibility to your customer. Clients inherently assume some risk, but not all of it. You are offering important, essential services – take that responsibility seriously. Customers place their trust in your services. Managed Service Providers (MSPs) depend on being trusted. If a client does not trust your services, why would they choose you?

Try not to fall into the trap of getting too comfortable with risk when partnering with an MSP. As a business partnering with one or more MSPs, you need to remember that you can’t outsource your reputation. Your reputation will always be at risk – and you are responsible for it. It’s up to you to vet the MSP and hold them to a high standard.

Advantages of taking ownership of the risk you face

Chasing demanding compliance goals, especially before you are required to do so, may seem like too much work, money or time. However, we believe that an MSP who proactively undergoes a SOC 2 audit is demonstrating that they are invested in providing secure services and protecting their customers’ data. If you meet compliance goals before your competitors, or before a potential customer asks you, you are in a position to take your own risk.

MSPs’ reputation, business continuity, competitive advantage and brand image depend on the quality and security of their systems and can benefit from SOC 2 compliance.

Owning your risk…

  • Makes you aware of where your vulnerabilities lie and how that impacts your customers
  • Gives you direction on how to mitigate risk
  • Gives you a competitive advantage, sets you apart from others
  • Protects your reputation
  • Ultimately makes you and your customers safer


If you’re an MSP hesitant to undergo an information security audit, consider the consequences of a data breach or security incident. Once your customers’ information systems or data are exposed, you’re on a path fraught with obstacles and fragmented security. Your reputation will be permanently altered. Your customers will no longer trust you, potential customers will no longer inquire about your services, and lawsuits and fines will result. The continued existence of your business depends on securing your systems and proving that you are indeed a secure MSP.




What is Rootkit?

What is Rootkit A rootkit is a type of malicious software that is designed to gain privileged access to a computer system. Once a rootkit

Read More »
Cyber Security

Understanding PGP Encryption

Understanding PGP Encryption PGP (Pretty Good Privacy) is a cryptographic software program that provides secure communication by encrypting and decrypting data. PGP was created by

Read More »
Cyber Security

How to prevent DNS Spoofing

How to prevent DNS Spoofing DNS spoofing, also known as DNS cache poisoning, is a technique used by hackers to redirect a user’s traffic to

Read More »