Under this subscription model, the client or customer is the entity that owns or has direct oversight of the organization or system being managed whereas the Managed Services Provider (MSP) is the service provider delivering the managed services. The client and the MSP are bound by a contractual, service-level agreement that states the performance and quality metrics of their relationship.[5]
Thank you for shining a light on this systemic vulnerability. I don't think organizations realize that, in many ways, they inherit the security of their service providers. As another commenter noted, the RMM is overdue for radical reinvention. Security-minded MSPs may need to think about delegated access to customer environments, privileged access workstations, or other methods for remotely administering customer environments without that big fat one-to-many target that RMM represents. I think the MSP tooling ecosystem is general is problematic - MSPs design for scale and efficiency (making them an economical option for customers as opposed to hiring internally), but do I really want my password manager integrated into my RMM? Maybe not... There's a lot of market share out there waiting for MSPs that can develop real cybersecurity maturity.
At Ziptech Services we focus on designing, implementing and supporting computer networks for growing and mid-sized businesses. We provide straight talking business computing expertise for growing UK businesses and charities. Not for home … Virtualization, Office 365, Managed IT, IT Consulting, Hyper-convergence, Data Storage ... SonicWall, SolarWinds, Parallels, Microsoft Gold, Dell, ConnectWise ... Jim Simpson

Red Key Solutions is an IT solutions provider based in White Plains, N.Y. They were founded in 2002 and have a team of 15 employees. They specialize in IT strategy consulting, IT managed services, and cloud consulting to help their clients manage everything from long term strategy to getting past the little tech roadblocks that every company experiences as they grow.


In House—the process where an organization hires its own IT service providers and pays their salary, benefits, and further training, as well as the infrastructure they oversee. This is typically an extremely costly endeavor, and often businesses that try to procure in-house IT lack the capabilities to fully service their system as well as an inability to grow.
×