Notifications
Clear all
Topic starter
11/06/2026 11:19 pm
TL;DR: MSPs now support security, compliance, AI, and strategic planning for more than 90% of organisations, as IT environments grow more fragmented and non-human access risk rises, according to JumpCloud. The governance question is no longer whether MSPs can fix issues, but whether they can help manage identity, trust, and operational complexity across modern estates.
NHIMG editorial — based on content published by JumpCloud: Managed service providers are becoming strategic partners in modern IT
By the numbers:
- 90% of companies already work with MSPs., with MSPs.
- 58% of IT professionals expect MSPs to do more than technical support.
- 77% expect MSPs to offer new things like AI and compliance solutions.
Questions worth separating out
Q: How should organisations govern MSP access to sensitive systems?
A: Treat MSP access as privileged third-party identity, not ordinary support.
Q: Why do MSP relationships increase identity governance risk?
A: MSPs often operate across consoles, cloud platforms, and support tools, which concentrates privilege in a small external footprint.
Q: What do security teams get wrong about managed service providers?
A: They often treat MSPs as a service layer rather than an identity layer.
Practitioner guidance
- Classify MSP access as privileged third-party identity Map every provider account, admin path, and support channel to an owner, business purpose, and review cadence.
- Separate customer tenants and support pathways Require tenant isolation, distinct support identities, and evidence that one client’s operational access cannot bleed into another client’s environment.
- Add MSP credentials to lifecycle governance Bring provisioning, rotation, recertification, and offboarding into the provider contract so access cannot survive a service change or staff transition.
What's in the full article
JumpCloud's full blog covers the operational detail this post intentionally leaves for the source:
- How the vendor frames MSP service expansion across security, compliance, and advisory work
- The specific survey findings behind the shift from break-fix support to strategic partnership
- Examples of AI and compliance services MSPs are expected to add next
- The article's discussion of how organisations should rethink their MSP relationship
👉 Read JumpCloud's analysis of how MSPs are changing in modern IT →
MSPs and modern IT complexity: what it means for security teams?
Explore further
12/06/2026 7:56 am
MSPs are no longer outside the identity perimeter. Once a provider is trusted for security, compliance, and advisory work, it becomes part of the organisation’s identity governance model. That means the provider’s access to consoles, tokens, and support channels must be treated as privileged third-party identity, not informal operational help. The implication is that MSP governance now belongs in the same conversation as PAM, access reviews, and lifecycle controls.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- 59.8% of organisations see value in a solution that simplifies non-human access management and introduces dynamic ephemeral credentials.
A question worth separating out:
Q: Who is accountable when an MSP-managed access path is abused?
A: The enterprise remains accountable for governing access, even when operations are delegated. Contracts can assign responsibilities, but they do not remove the need for internal oversight, approvals, and evidence. Accountability is strongest when the business owner, security team, and provider each have explicit control obligations.
👉 Read our full editorial: MSPs are becoming strategic partners in modern IT governance
