XSP is the natural evolution of the technical service industry.

Edward Gately, Senior News Editor

March 27, 2023

6 Min Read
Cybersecurity Transformer
Shutterstock

For more than 20 years, Entara has served its clients as an MSP. However, as the threat landscape shifted, Entara decided that providing standard MSP services was no longer enough.

Entara wanted to continue to provide service while maintaining the cybersecurity of both its clients and itself. Because of this, it developed a new type of provider — the extended service provider (XSP).

As an “XSP,” Entara takes a security-first approach to providing security and IT services integrated into IT solutions.

During their Channel Partners Conference and Expo session, “Peer Perspectives: How Entara Transformed its Business to Become an XSP,” May 1, Pamela Diaz, Entara’s president and CEO, and Deniz Sagnaklar, director of managed services, will detail the company’s journey to becoming an XSP. See if it provides a road map for something similar at your business.

Deniz Sagnaklar is one of more than 150 channel visionaries and experts speaking at the Channel Partners Conference & Expo. The event also features more than 375 ICT companies in the massive expo hall. Register now for the world’s largest independent channel event, May 1-4, at the Venetian in Las Vegas.

In a Q&A, Sagnaklar gives a sneak peek of what they’ll share with attendees.

Channel Futures: What are XSPs? How are XSPs different from other service providers?

Sagnaklar-Deniz_Entara.jpg

Entara’s Deniz Sagnaklar

Deniz Sagnaklar: XSPs are different than MSPs and MSSPs because their service brings synergy to a client’s managed services by integrating their IT and security operations under one roof. This solves the disconnect between MSPs and MSSPs, which can cause costly delays and mistakes.

As an XSP, we:

  • Provide security recommendations based on tens of thousands of hours of yearly, frontline incident response experience.

  • House an R&D team that suggests only the right security solutions for clients based on business goals and needs.

  • Identify client needs through assessments and develop individualized roadmaps.

  • Provide services built and delivered on IT infrastructure library (ITIL) standards.

  • Take on the full lifecycle of security incidents.

CF: What’s the benefit of not having segmented, unregulated IT and cybersecurity?

DS: There are many benefits to working with an XSP and not having segmented, unregulated services. First, we make decisions rapidly through open lines of internal communication between our teams, unlike MSPs and MSSPs, which are two separate entities. If a client has a security incident or IT issue, we quickly collaborate across our internal teams to get to a solution. We are also able to transparently and accurately provide insights as to why the incident or issue happened because we have full visibility into our clients’ IT and security operations.

Additionally, holding ourselves to the XSP standard is important because MSPs and MSSPs have no industry regulation, yet their clients frequently do. For example, a client in health care may have to meet certain security standards to be Health Insurance Portability and Accountability Act (HIPAA) compliant. There is no HIPAA equivalent in the managed IT and security industry. The lack of standards and regulations in the service provider industry means the clients of MSPs and MSSPs are open to significant risk through their service provider, even if their business meets their own industry’s regulation requirements. As an XSP, we follow Center of Internet Security (CIS) standards, a set of globally recognized best practices that help security practitioners implement and manage cybersecurity measures.

CF: What sort of unique problems/challenges can XSPs address?

DS: XSPs address the rampant risk that exists in the IT and security managed services industry. We understand the risk we pose to our clients and understand the risk our clients pose to us. Because of this, we require all clients to adhere to our same strict security standards that we follow in order to mitigate the impact of a breach event on our network of clients. Working with an MSP or an MSSP is a risk because …

… you are exposing more variables to your environment. As an XSP, we are aware of this risk and walk the walk by putting safeguards in place to protect both our clients and ourselves.

XSP is the natural evolution of the technical service industry. It is built on the same principal as standard plane safety. In the event of an emergency, you must put your own oxygen mask on first before helping others. In other words, to ensure the safety and success of others, you must first prioritize your own safety so you do not unconsciously become a liability to someone else.

CF: How does a service provider become an XSP?

DS: An organization can become an XSP by offering integrated IT and security services, and maintaining and requiring stringent cybersecurity standards for their clients and themselves. They need to follow CIS controls and map these standards into their solutions. They also need to have 24/7 managed detection and response (MDR) monitoring, and require microsegmentation, privileged access management (PAM), multifactor authentication (MFA) and regular security assessments, including pen tests, for their clients.

Outside of the security requirements, being an XSP is a mindset. Your team needs to be security tool-agnostic, and constantly vetting new solutions and partners. You need to be constantly exploring and striving to provide the best solutions that balance your clients’ budgets while prioritizing both security and usability. Finally, you need to be aware and honest about the risk that you pose to your clients and the risks they pose to you.

CF: What do you hope attendees can learn and make use of from your session?

DS: We hope that attendees will understand the gravity of the purpose behind XSP and why it is important to have integrated IT and cybersecurity services for not just their clients, but their own businesses. Over the past three years, we have performed over 70,000 hours of incident response work for new clients who are not managed under our XSP stack. We help those companies in some of their darkest days recover from ransomware, and it is honestly heartbreaking to realize that many of these companies could have easily avoided the mental and financial stress of a breach. By being an XSP, you can be a true partner to your clients and help them become more resilient.

Right now, it seems like even the market is confused about what it means to be an MSP versus an MSSP as the lines become more and more blurred. Instead of trying to navigate this blurred line, we charge you with helping us erase it all together.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like