modern mssp

Defining the “4 Cs” of the Modern MSSP

This week, we hosted a webinar to discuss the current state of managed security services providers (MSSPs) and what defines a “modern” MSSP. The demand for MSSPs is up, with the global industry projected to show a compound annual growth rate (CAGR) of 15 percent through 2025. However, many providers haven’t evolved to meet the demands of today’s businesses. As cyber security threats continue to advance, monitoring and responseneeds to go beyond the network perimeter to include the cloud and DevOps. Organizations that need external resources to do this must shift from the traditional MSSP model to a modern approach.

When it comes to finding the perfect diamond, the general rule of thumb is to account for the four most important characteristics, otherwise known as the “4 C’s” – cut, color, clarity, and carat. Similarly, there are four C’s you need to weigh when you’re choosing a modern MSSP:

  • Collaborative
  • Co-Managed
  • Cloud Ready
  • Complete

Here’s a deeper dive into each characteristic.


A collaborative MSSP considers you as a partner and streamlines the onboarding process. Look for an MSSP that can deliver quotes in a timely fashion and cut down on the complexity of setup time using a simpler contracting and service model. This can be as easy as initiating three levels of service:

  1. The MSSP uses your platform and technology but handles the service;
  2. The MSSP gets input from you and both sides work together to remediate; or
  3. You remediate issues within the MSSP’s environment.

Prospective MSSPs should also ask clear questions about your goals during contract discussions. What are you trying to do with your security program? What are some of the biggest threats you’re seeing? Where is your organization going over the next few years?

From an operations standpoint, an MSSP should also have analysts who can work with you according to your specific industry needs.


In the past, an MSSP was often looked at as more of a black box, but today, there’s a demand to co-manage the service and relationship. First, your MSSP should be able to present an executive-level view of events that are taking place at the SIEM level. This snapshot should include the volume and type of events, and a plan for resolution that executives or a board can easily understand.

Transparency is also a critical factor when choosing the right provider. You need to have visibility into what work is being done and what investigations are taking place. You should also be comfortable that all this work can be handled 24×7.

A modern MSSP needs to provide shared worklists of tasks. This includes updates that you may be making to log lists, reconnecting logs in your environment, or audits that you’re running. A good relationship relies on information flowing both ways. Lastly, a modern MSSP also needs to be an extension of your staff. A dedicated point of contact should be available whenever the need arises.

Cloud Ready

While not every organization or industry is all-in on the cloud, most are at least headed in that direction. A modern MSSP needs to have a cloud-first mindset to meet these current and future demands. That means having the flexibility to grow and accommodate new technologies and scalability to handle shifting workloads.

Moreover, the infrastructure of a modern MSSP needs to be cloud-enabled as well. Most organizations have workloads that are on public or private cloud environments – many of them are public, including on AWSAzure, or Google Cloud. Your provider should have full visibility into those environments, with the ability to manage and collect information. For example, they should be able to look at AWS and Microsoft APIs and determine when user accounts are being accessed or compromised from people outside your organization.

From an expertise perspective, is your MSSP prepared to help you with your cloud journey? Lack of experience has been a critical factor for many recent data leaks and breaches. You should also have an expectation that your MSSP has the skills to perform assessments and incident response to investigate any breaches that do occur.


The final C, being complete, is about having a provider that can work with you throughout your entire security journey. CIOs and CISOs commonly struggle to manage too many security partners. Approach your MSSP more strategically, beyond looking at that relationship as strictly transactional.

An MSSP should be able to advise, assess, test, and govern. They should be able to take you through all the technical and audit processes that you need to fulfill, then help you assess the governance you have in place to manage your security.

Swift monitoring and remediation actions are also critical. Do you have an MSSP that can get people onsite to respond to an incident within a day? You can’t lose that valuable time. If you need to find another vendor, you could be losing days, if not weeks.


There is a fifth and honorary C: the capacity to surge. Your organization – like many others – may be growing due to mergers and acquisitions (M&A), or perhaps additional rounds of venture capital investment. Not only do you need to ensure that your infrastructure and environment is setup to handle the surge in growth, you need to know that your MSSP is also able to grow as your business grows. Modern MSSPs should always be expanding their capabilities and have a plan in place to scale to meet the market.

Ultimately, by considering these characteristics, you’ll increase your odds of finding a modern MSSP that can become a true partner to handle all your cyber security goals and initiatives.