{{Short description|Paradigm of outsourcing}} {{Distinguish|Service management}} {{Update|article|July 2024|date=July 2024}} '''Managed services''' is a paradigm of outsourcing full management of systems in the information technology (IT) sector, which contrasts with the traditional "break/fix" or '"on demand" approach, where services are rendered and billed only after a technical failure occurs. A managed service provider (MSP) is a third-party company that remotely manages a customer's IT infrastructure and end-user systems, typically on a proactive basis and under a subscription model. The MSP maintains continuous oversight of the client’s systems, assuming long-term responsibility for the functionality and health of their IT environment.

==Definitions== A managed IT services provider is a third-party service provider that proactively monitors & manages a customer's server/network/system infrastructure, cybersecurity and end-user systems against a clearly defined Service Level Agreement (SLA).<ref name="techtarget" /> Small and medium-sized businesses (SMBs), nonprofits and government agencies hire MSPs to perform a defined set of day-to-day management services so they can focus on their core businesses with reduced risk of extended system downtime or service interruptions. These services may include network and infrastructure management, security and monitoring.<ref name="techtarget">{{cite web |title=Managed service provider (MSP) |url=https://www.techtarget.com/searchitchannel/definition/managed-service-provider |author1=Gillis |author2=Moore |access-date=15 July 2024 |publisher=TechTarget|date=October 22, 2024|first=Alexander S.|first2=John}}</ref><ref>{{cite web | title=Top ten criteria for selecting a managed services provider |url= http://www.ibm.com/midmarket/it/it/att/pdf/Top_ten_criteria.pdf |date=2013 |publisher=IBM Global Technology Services |archive-url=https://web.archive.org/web/20170829114953/http://www.ibm.com/midmarket/it/it/att/pdf/Top_ten_criteria.pdf|archive-date=2017-08-29|url-status=dead}}</ref>

Most MSPs bill an upfront setup or transition fee and an ongoing flat or near-fixed monthly fee, which benefits clients by providing them with predictable IT support costs. Sometimes MSPs act as facilitators who manage and procure staffing services on behalf of the client. In such context, they may use a vendor management system (VMS) for transparency and efficiency. A managed service provider may also help a business create IT disaster recovery plans.

==History== {{refimprove|section|date=April 2026}} The evolution of MSP started in the 1990s with the emergence of application service providers (ASPs) who helped pave the way for remote support for IT infrastructure. From the initial focus of remote monitoring and management of servers and networks, the scope of an MSP's services expanded to include mobile device management, managed security, remote firewall administration and security-as-a-service, and managed print services.

The first books on the topic of managed services - ''Service Agreements for SMB Consultants: A Quick-Start Guide to Managed Services''<ref>{{cite book | title= Service Agreements for SMB Consultants |last=Palachuk |first =Karl | date = July 2011| publisher =Great Little Book Publishing Co., Inc. |isbn= 978-0976376026}}</ref> and ''The Guide to a Successful Managed Services Practice''<ref>{{cite book|title=The Guide to a Successful Managed Services Practice|last=Simpson|first=Erick|date=15 August 2006|publisher=Intelligent Enterprise|isbn=978-0978894306|page=320}}</ref> - were published in 2006 by Palachuk and Simpson, respectively. Since then, the managed services business model has gained ground among enterprise-level companies. As the value-added reseller (VAR) community evolved to a higher level of services, it adapted the managed service model and tailored it to SMB companies.

As the IT infrastructure components of many SMB and large corporations are migrating to the cloud,<ref>{{cite book |last1=Wood |first1=J.B. |last2= Lah |first2= Thomas |title=Technology-as-a-Service Playbook |publisher=Technology Services Industry Association |chapter=The Case for Managed Services: A Stepping Stone to the Cloud }}</ref> with MSPs (managed services providers) increasingly facing the challenge of cloud computing, a number of MSPs are providing in-house cloud services or acting as brokers with cloud services providers.<ref>{{cite web | title=Managed services companies rethink their portfolios |url=https://searchitchannel.techtarget.com/feature/Managed-services-companies-rethink-their-portfolios |date=February 2016 |author=Spencer Smith |publisher=TechTarget }}</ref><ref>{{cite web | title=The case for managed service providers in your cloud strategy |url=http://www.infoworld.com/article/2923441/cloud-computing/the-case-for-managed-service-providers-in-your-cloud-strategy.html |date=19 May 2015 |author= David Linthicum |publisher=InfoWorld }}</ref> A recent survey claims that a lack of knowledge and expertise in cloud computing rather than client's reluctance, appears to be the main obstacle to this transition.<ref>{{cite web | title=Cloud-based service revenue lags among MSPs |url=https://searchitchannel.techtarget.com/feature/Cloud-based-service-revenue-lags-among-MSPs |date=May 2015 |author= John Moore |publisher=TechTarget }}</ref><ref>{{Cite web |title=2023 State of Cloud {{!}} Pluralsight |url=https://www.pluralsight.com/resource-center/state-of-cloud-2023 |access-date=2025-09-04 |website=www.pluralsight.com |language=en}}</ref> ==Types== The most common managed services revolve around IT: connectivity and bandwidth, network monitoring, security,<ref>{{cite web | title=How to use managed services to overcome the top 6 app security hurdles |url=https://www.information-age.com/technology/security/123461048/how-use-managed-services-overcome-top-6-app-security-hurdles |date= 7 March 2016 |author=Green |publisher=Information Age |first=Chloe|archive-url=https://web.archive.org/web/20160308110803/https://www.information-age.com/technology/security/123461048/how-use-managed-services-overcome-top-6-app-security-hurdles|archive-date=2016-03-08|url-status=dead}}</ref> virtualization, and disaster recovery.<ref name="top5">{{cite web | title= Top Five Functions Outsourced To Managed Services | url= http://www.crn.com/slide-shows/managed-services/300073018/top-five-functions-outsourced-to-managed-services.htm | date= 4 June 2014 | author= Sarah Kuranda | publisher= CRN Magazine | access-date= 28 March 2016 | archive-date= 16 July 2018 | archive-url= https://web.archive.org/web/20180716194814/https://www.crn.com/slide-shows/managed-services/300073018/top-five-functions-outsourced-to-managed-services.htm | url-status= dead }}</ref>

{| class="wikitable" ! scope="col" style="text-align:center; width: 100px;" | Name ! scope="col" style="text-align:center; width: 300px;" | Functions ! scope="col" style="text-align:center; width: 100px;" | Providers |- | Information services / Cloud || * Software – production support and maintenance <br /> * Authentication <br /> * Systems management <br /> * Data backup and recovery <br /> * Data storage, warehouse and management <br /> * Cloud transformation <br /> * Network monitoring, management and security <br /> * Human Resources and Payroll || managed IT services provider, <br /> managed security service provider, <br /> HCM software |- | Business-to-business integration || * Supply chain management <br /> * Communications services (mail, phone, VoIP) <br /> * Internet <br /> * Videoconferencing || Internet service provider, <br /> Video managed services provider |- | Supply chain managed services<ref>{{cite web | title=Supply Chain Managed Services |url=https://www2.deloitte.com/us/en/pages/operations/solutions/supply-chain-managed-services.html |date=2015 |publisher=Deloitte}}</ref> || * Supply chain planning, monitoring and control <br /> * Sourcing and procurement <br /> * Logistics and distribution|| Supply chain managed services provider |- | Transportation<ref>{{cite web | title=What are Managed Transportation Services? The Old Model vs. The New Model | url=http://cerasis.com/2014/09/22/managed-transportation/ | date=22 September 2014 | author=Adam Robinson | publisher=CERASIS | access-date=28 March 2016 | archive-date=22 March 2016 | archive-url=https://web.archive.org/web/20160322192320/http://cerasis.com/2014/09/22/managed-transportation/ | url-status=dead }}</ref> || * Daily transportation planning <br /> * Process execution and enforcement (freight audit/accounting & payment) || Managed transportation services provider |}

==Cyberattacks== Attackers have compromised MSPs and software used by MSPs as a form of supply chain attack.<ref name=":3">{{Cite journal |last=Ghanbari|first=Hadi|last2=Koskinen|first2=Kari|last3=Wei|first3=Yijuan|date=2024-11-15|title=From SolarWinds to Kaseya: The rise of supply chain attacks in a digital world|url=https://journals.sagepub.com/doi/10.1177/20438869241299823|journal=Journal of Information Technology Teaching Cases|language=en|doi=10.1177/20438869241299823|issn=2043-8869}}</ref> In October 2018, the U.S. National Cybersecurity and Communications Integration Center (NCCIC) warned the public that it knew of attackers, including advanced persistent threats, attempting to infiltrate the networks of MSPs as a way to conduct cyber espionage and intellectual property theft.<ref name=":0">{{Cite web |date=2020-06-30 |title=Advanced Persistent Threat Activity Exploiting Managed Service Providers |url=https://www.cisa.gov/news-events/alerts/2018/10/03/advanced-persistent-threat-activity-exploiting-managed-service-providers |access-date=2026-04-25 |website=CISA |language=en}}</ref> NCCIC said that this type of attack, which dated to at least 2016, targeted MSPs because compromising them could allow attackers to access customer networks.<ref name=":0" />

By 2019, attackers began targeting MSPs to spread ransomware because hacking into a MSP could allow them to install ransomware in many MSP client systems.<ref name=":1">{{Cite web |last=Abrams |first=Lawrence |date=February 14, 2019 |title=Ransomware Attacks Target MSPs to Mass-Infect Customers |url=https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/ |access-date=2026-04-25 |website=BleepingComputer |language=en-us}}</ref> Attackers found and exploited vulnerabilities in software used by MSPs, such as remote monitoring and management products.<ref name=":1" /> In the July 2021 Kaseya VSA ransomware attack, the REvil criminal organization exploited a vulnerability in Kaseya software to attack its MSP customers with ransomware and up 1,500 companies that were clients of the MSPs.<ref name="hacked">{{Cite news |last=O'Brien |first=Matt |date=July 13, 2021 |title=Firm hacked to spread ransomware had previous security flaws |url=https://apnews.com/article/europe-business-technology-hacking-db3e5f615629bb225259efaf7fdf378c |work=Associated Press}}</ref> In 2025, the DragonForce ransomware group attacked a MSP and used its remote monitoring and management platform to steal client data and encrypt client systems.<ref>{{Cite web |last=Abrams |first=Lawrence |date=May 27, 2025 |title=DragonForce ransomware abuses SimpleHelp in MSP supply chain attack |url=https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/ |access-date=2026-04-25 |website=BleepingComputer |language=en-us}}</ref>

==See also== * {{annotated link|Application service provider}} * {{annotated link|Customer service}} * {{annotated link|Enterprise architecture}} * {{annotated link|Information technology outsourcing}} * {{annotated link|Managed service company}} * {{annotated link|Managed private cloud}} * {{annotated link|Remote monitoring and management}} * {{annotated link|Service (economics)}} * {{annotated link|Service provider}} * {{annotated link|Service science, management and engineering}} * {{annotated link|Service-level agreement|Service level agreement}} * {{annotated link|Technical support}} * {{annotated link|Web service}}

==References== {{Reflist | 2}}

==Further reading== * {{cite book | title= The Managed Services Operations Manual: Standard Operating Procedures for Computer Consultants and Managed Service Providers – a Four-Volume Set | url= http://www.smbbooks.com/MSOPS-p/msops4.htm | last= Palachuk | first= Karl | date= 16 September 2014 | publisher= Great Little Book Publishing Co., Inc. | isbn= 978-0990592310 | archive-date= 22 February 2019 | access-date= 28 March 2016 | archive-url= https://web.archive.org/web/20190222151956/http://www.smbbooks.com/MSOPS-p/msops4.htm | url-status= dead }} * ''Managed Services in a Month'', 2nd edition. Great Little Book Publishing Co., Inc. 2013. * ''The Guide to a Successful Managed Services Practice'', January 2013. Intelligent Enterprise. * {{cite book | title= Service Agreements for SMB Consultants |last=Palachuk |first =Karl | date =1 July 2006 | publisher =Great Little Book Publishing Co |isbn= 978-0976376026}}

Category:Business-to-business Category:Business occupations Category:Business terms Category:International trade Category:Outsourcing Category:Service industries Category:Supply chain management