Entara Transforms from Traditional MSP to XSP to Better Address Cyber Threats

For more than 20 years, Entara has served its clients as an MSP. However, as the threat landscape shifted, Entara decided that providing standard MSP services was no longer enough.

Entara wanted to continue to provide service while maintaining the cybersecurity of both its clients and itself. Because of this, it developed a new type of provider — the extended service provider (XSP).

As an “XSP,” Entara takes a security-first approach to providing security and IT services integrated into IT solutions.

During their Channel Partners Conference and Expo session, “Peer Perspectives: How Entara Transformed its Business to Become an XSP,” May 1, Pamela Diaz, Entara’s president and CEO, and Deniz Sagnaklar, director of managed services, will detail the company’s journey to becoming an XSP. See if it provides a road map for something similar at your business.

In a Q&A, Sagnaklar gives a sneak peek of what they’ll share with attendees.

Channel Futures: What are XSPs? How are XSPs different from other service providers?

Entara’s Deniz Sagnaklar

Deniz Sagnaklar: XSPs are different than MSPs and MSSPs because their service brings synergy to a client’s managed services by integrating their IT and security operations under one roof. This solves the disconnect between MSPs and MSSPs, which can cause costly delays and mistakes.

As an XSP, we:

• Provide security recommendations based on tens of thousands of hours of yearly, frontline incident response experience.
• House an R&D team that suggests only the right security solutions for clients based on business goals and needs.
• Identify client needs through assessments and develop individualized roadmaps.
• Provide services built and delivered on IT infrastructure library (ITIL) standards.
• Take on the full lifecycle of security incidents.

CF: What’s the benefit of not having segmented, unregulated IT and cybersecurity?

DS: There are many benefits to working with an XSP and not having segmented, unregulated services. First, we make decisions rapidly through open lines of internal communication between our teams, unlike MSPs and MSSPs, which are two separate entities. If a client has a security incident or IT issue, we quickly collaborate across our internal teams to get to a solution. We are also able to transparently and accurately provide insights as to why the incident or issue happened because we have full visibility into our clients’ IT and security operations.

Additionally, holding ourselves to the XSP standard is important because MSPs and MSSPs have no industry regulation, yet their clients frequently do. For example, a client in health care may have to meet certain security standards to be Health Insurance Portability and Accountability Act (HIPAA) compliant. There is no HIPAA equivalent in the managed IT and security industry. The lack of standards and regulations in the service provider industry means the clients of MSPs and MSSPs are open to significant risk through their service provider, even if their business meets their own industry’s regulation requirements. As an XSP, we follow Center of Internet Security (CIS) standards, a set of globally recognized best practices that help security practitioners implement and manage cybersecurity measures.

CF: What sort of unique problems/challenges can XSPs address?

DS: XSPs address the rampant risk that exists in the IT and security managed services industry. We understand the risk we pose to our clients and understand the risk our clients pose to us. Because of this, we require all clients to adhere to our same strict security standards that we follow in order to mitigate the impact of a breach event on our network of clients. Working with an MSP or an MSSP is a risk because …