Managed services
 | Parts of this article (those related to article) need to be updated. (July 2024) |
Managed services is a paradigm of outsourcing full management of systems in the information technology (IT) sector, which contrasts with the traditional "break/fix" or '"on demand" approach, where services are rendered and billed only after a technical failure occurs. A managed service provider (MSP) is a third-party company that remotely manages a customer's IT infrastructure and end-user systems, typically on a proactive basis and under a subscription model. The MSP maintains continuous oversight of the client’s systems, assuming long-term responsibility for the functionality and health of their IT environment.
Definitions
[edit]A managed IT services provider is a third-party service provider that proactively monitors & manages a customer's server/network/system infrastructure, cybersecurity and end-user systems against a clearly defined Service Level Agreement (SLA).[1] Small and medium-sized businesses (SMBs), nonprofits and government agencies hire MSPs to perform a defined set of day-to-day management services so they can focus on their core businesses with reduced risk of extended system downtime or service interruptions. These services may include network and infrastructure management, security and monitoring.[1][2]
Most MSPs bill an upfront setup or transition fee and an ongoing flat or near-fixed monthly fee, which benefits clients by providing them with predictable IT support costs. Sometimes MSPs act as facilitators who manage and procure staffing services on behalf of the client. In such context, they may use a vendor management system (VMS) for transparency and efficiency. A managed service provider may also help a business create IT disaster recovery plans.
History
[edit] | This section needs additional citations for verification. (April 2026) |
The evolution of MSP started in the 1990s with the emergence of application service providers (ASPs) who helped pave the way for remote support for IT infrastructure. From the initial focus of remote monitoring and management of servers and networks, the scope of an MSP's services expanded to include mobile device management, managed security, remote firewall administration and security-as-a-service, and managed print services.
The first books on the topic of managed services - Service Agreements for SMB Consultants: A Quick-Start Guide to Managed Services[3] and The Guide to a Successful Managed Services Practice[4] - were published in 2006 by Palachuk and Simpson, respectively. Since then, the managed services business model has gained ground among enterprise-level companies. As the value-added reseller (VAR) community evolved to a higher level of services, it adapted the managed service model and tailored it to SMB companies.
As the IT infrastructure components of many SMB and large corporations are migrating to the cloud,[5] with MSPs (managed services providers) increasingly facing the challenge of cloud computing, a number of MSPs are providing in-house cloud services or acting as brokers with cloud services providers.[6][7] A recent survey claims that a lack of knowledge and expertise in cloud computing rather than client's reluctance, appears to be the main obstacle to this transition.[8][9]
Types
[edit]The most common managed services revolve around IT: connectivity and bandwidth, network monitoring, security,[10] virtualization, and disaster recovery.[11]
| Name | Functions | Providers |
|---|---|---|
| Information services / Cloud | * Software – production support and maintenance * Authentication * Systems management * Data backup and recovery * Data storage, warehouse and management * Cloud transformation * Network monitoring, management and security * Human Resources and Payroll |
managed IT services provider, managed security service provider, HCM software |
| Business-to-business integration | * Supply chain management * Communications services (mail, phone, VoIP) * Internet * Videoconferencing |
Internet service provider, Video managed services provider |
| Supply chain managed services[12] | * Supply chain planning, monitoring and control * Sourcing and procurement * Logistics and distribution |
Supply chain managed services provider |
| Transportation[13] | * Daily transportation planning * Process execution and enforcement (freight audit/accounting & payment) |
Managed transportation services provider |
Cyberattacks
[edit]Attackers have compromised MSPs and software used by MSPs as a form of supply chain attack.[14] In October 2018, the U.S. National Cybersecurity and Communications Integration Center (NCCIC) warned the public that it knew of attackers, including advanced persistent threats, attempting to infiltrate the networks of MSPs as a way to conduct cyber espionage and intellectual property theft.[15] NCCIC said that this type of attack, which dated to at least 2016, targeted MSPs because compromising them could allow attackers to access customer networks.[15]
By 2019, attackers began targeting MSPs to spread ransomware because hacking into a MSP could allow them to install ransomware in many MSP client systems.[16] Attackers found and exploited vulnerabilities in software used by MSPs, such as remote monitoring and management products.[16] In the July 2021 Kaseya VSA ransomware attack, the REvil criminal organization exploited a vulnerability in Kaseya software to attack its MSP customers with ransomware and up 1,500 companies that were clients of the MSPs.[17] In 2025, the DragonForce ransomware group attacked a MSP and used its remote monitoring and management platform to steal client data and encrypt client systems.[18]
See also
[edit]- Application service provider – Business providing software via the web
- Customer service – Provision of service to customers
- Enterprise architecture – Business function methodology
- Information technology outsourcing – Contracting internal tasks to an external organization
- Managed service company – Company structure in the United Kingdom
- Managed private cloud – Aspect of cloud computing
- Remote monitoring and management – Management software
- Service (economics) – Activity for which payment is due
- Service provider – Organization that provides services to other organizations
- Service science, management and engineering – Term introduced by IBM
- Service level agreement – Official commitment between a service provider and a customer
- Technical support – Maintenance service of electronic consumers
- Web service – Service offered between electronic devices via the Internet
References
[edit]- ^ a b Gillis, Alexander S.; Moore, John (October 22, 2024). "Managed service provider (MSP)". TechTarget. Retrieved 15 July 2024.
- ^ "Top ten criteria for selecting a managed services provider" (PDF). IBM Global Technology Services. 2013. Archived from the original (PDF) on 2017-08-29.
- ^ Palachuk, Karl (July 2011). Service Agreements for SMB Consultants. Great Little Book Publishing Co., Inc. ISBN 978-0976376026.
- ^ Simpson, Erick (15 August 2006). The Guide to a Successful Managed Services Practice. Intelligent Enterprise. p. 320. ISBN 978-0978894306.
- ^ Wood, J.B.; Lah, Thomas. "The Case for Managed Services: A Stepping Stone to the Cloud". Technology-as-a-Service Playbook. Technology Services Industry Association.
- ^ Spencer Smith (February 2016). "Managed services companies rethink their portfolios". TechTarget.
- ^ David Linthicum (19 May 2015). "The case for managed service providers in your cloud strategy". InfoWorld.
- ^ John Moore (May 2015). "Cloud-based service revenue lags among MSPs". TechTarget.
- ^ "2023 State of Cloud | Pluralsight". www.pluralsight.com. Retrieved 2025-09-04.
- ^ Green, Chloe (7 March 2016). "How to use managed services to overcome the top 6 app security hurdles". Information Age. Archived from the original on 2016-03-08.
- ^ Sarah Kuranda (4 June 2014). "Top Five Functions Outsourced To Managed Services". CRN Magazine. Archived from the original on 16 July 2018. Retrieved 28 March 2016.
- ^ "Supply Chain Managed Services". Deloitte. 2015.
- ^ Adam Robinson (22 September 2014). "What are Managed Transportation Services? The Old Model vs. The New Model". CERASIS. Archived from the original on 22 March 2016. Retrieved 28 March 2016.
- ^ Ghanbari, Hadi; Koskinen, Kari; Wei, Yijuan (2024-11-15). "From SolarWinds to Kaseya: The rise of supply chain attacks in a digital world". Journal of Information Technology Teaching Cases. doi:10.1177/20438869241299823. ISSN 2043-8869.
- ^ a b "Advanced Persistent Threat Activity Exploiting Managed Service Providers". CISA. 2020-06-30. Retrieved 2026-04-25.
- ^ a b Abrams, Lawrence (February 14, 2019). "Ransomware Attacks Target MSPs to Mass-Infect Customers". BleepingComputer. Retrieved 2026-04-25.
- ^ O'Brien, Matt (July 13, 2021). "Firm hacked to spread ransomware had previous security flaws". Associated Press.
- ^ Abrams, Lawrence (May 27, 2025). "DragonForce ransomware abuses SimpleHelp in MSP supply chain attack". BleepingComputer. Retrieved 2026-04-25.
Further reading
[edit]- Palachuk, Karl (16 September 2014). The Managed Services Operations Manual: Standard Operating Procedures for Computer Consultants and Managed Service Providers – a Four-Volume Set. Great Little Book Publishing Co., Inc. ISBN 978-0990592310. Archived from the original on 22 February 2019. Retrieved 28 March 2016.
- Managed Services in a Month, 2nd edition. Great Little Book Publishing Co., Inc. 2013.
- The Guide to a Successful Managed Services Practice, January 2013. Intelligent Enterprise.
- Palachuk, Karl (1 July 2006). Service Agreements for SMB Consultants. Great Little Book Publishing Co. ISBN 978-0976376026.
