























Mark Holzberg has more than 30 years of experience in the hospitality technology space and is CEO of Cloud5.

getty
For many businesses, managing technology involves having two partners: a managed service provider (MSP) that handles day-to-day IT operations and a managed security service provider (MSSP) focused on threat detection and response. On the surface, this makes sense. In practice, it can create a communication gap that puts the entire operation at risk.
For any business where systems run around the clock, that gap isn’t just an inconvenience; it's a liability. The good news is that with the right framework, MSP and MSSP functions can operate as a cohesive unit. But getting there requires a clear understanding of where those gaps exist.
Separate ticketing systems are among the first places where a breakdown can occur. When an employee flags an unusual system behavior, the MSP logs it, works the issue and closes the ticket. The MSSP never sees it. But that "odd behavior" may be an early indicator of a breach. Without a shared workflow, there is no way to connect the dots. A unified platform allows real-time visibility across both teams.
Patch management is another common friction point that creates real risk. MSPs typically handle performance-related patches and MSSPs manage security patches. Without coordination, critical patches are delayed or updates collide, creating downtime. With the average cost of a data breach now at $4.4 million, unpatched vulnerabilities remain a major risk.
Vulnerability scanning adds complexity when ownership is unclear. MSSPs may identify critical exposures, but remediation depends on MSP execution. Without alignment, findings sit in reports instead of driving action. Even worse, duplicate or conflicting scans can impact system performance or trigger false alarms, creating noise instead of clarity.
Penetration testing further exposes the disconnect. These simulated attacks often uncover deeper systemic weaknesses—misconfigurations, outdated firmware or gaps in network segmentation—but without alignment, those insights don’t always make it into operational workflows.
And finally, asset visibility may be the most underestimated issue. An MSP's asset discovery information, including location, configuration and end-of-life timelines, is only useful to a security team if it's shared in real time. If the asset discovery data remains siloed, the MSSP will be monitoring a network they don’t fully understand. For hotel operators managing multiple endpoints across a property, that blind spot can create a significant risk.
Closing the communication gap doesn't require a technology overhaul. All you need are a few key operating principles.
Start with unified reporting. Updates such as asset status changes, software patches, etc., should map directly to security outcomes in a single, shared report.
Training is where I see the biggest missed opportunity. Studies continually show that 60% of all breaches are due to a human element. In hospitality, that means front desk staff, night auditors and event managers, not just the IT department. Training has to be a shared responsibility, with both parties developing consistent curriculum.
There must also be a defined escalation procedure before an incident occurs, not during one. This includes defined recovery time and recovery point objectives that both parties are familiar with, defined alert escalation procedures for after-hours threat detection and a defined path to executive leadership when necessary. In a 24/7 operation, ambiguity during an incident results in lost time and lost revenue.
It can be difficult to identify the consequences of poor coordination between your MSP and MSSP because they don't always show up as a single line item. Poor coordination typically appears as a delayed incident response, a security patch that slipped through the cracks or a breach that started with a ticket nobody shared.
Strong technology doesn't compensate for poor coordination between the teams managing it. For a truly integrated MSP and MSSP function, both parties need to share relevant information, there needs to be mutual accountability and clearly established communication channels to ensure effective management of risk in an always-on environment.
What businesses should be demanding from their technology partners isn't just strong individual capabilities. It's genuine coordination between those capabilities, with the organization's interests driving every decision. That's where the true value of this kind of partnership is either built or quietly is generated (or destroyed).
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。