Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Service Provider Models

Avatar
Ingrid
Follow
  • April 24, 2023: Linked to “service provider” definition.
  • November 15, 2022: Enhanced Ratings for CSPs now available.

Service providers are categorized on the type of service that they offer to their customers.

Learn more about our network mapping process.

There are several recommended approaches and best practices for maximizing the value of your subscription. Refer to the following types of service providers for guidance and to determine which types of service providers have a significant impact on your business:

Infrastructure-as-a-Service (IaaS)

Customers of this type of service run their own workloads in the Cloud. They’re essentially “renting” space from a service.

Example: Amazon Web Services’ Elastic Compute Cloud (EC2)

Select Cloud Service Providers (CSP) have an Enhanced Rating, which enhances their rating to separate their business from their customers’ businesses, making it a better representation of the provider’s security posture.

  • No action is needed to gain a basic level of coverage. Our DNS-based, network mapping process identifies assets in the exclusive control of customers that are hosted on cloud providers. As changes in these relationships are detected, those IPs are updated and incorporated into their Ratings Tree.
  • To ensure comprehensive coverage, please provide a complete list of public IP addresses that belong to their hosted workloads for inclusion in their own rating on an ongoing basis. If you’re interested in automating this collection directly from your cloud management console, contact Bitsight Support.

If you were previously monitoring a service provider for these reasons and you choose this option, your subscription is returned for use elsewhere.

Platform-as-a-Service (PaaS)

Customers of this type of service build applications using tools that do not have dedicated IP addresses for customer use, they are resolved by a domain instead.

Example: s3.amazonaws.com
  • Monitor the platform service just like any other third party.
  • If a service-specific rating is unavailable, you can leverage our Cloud Partnerships team to jointly advocate for the provider to self-publish a rating that contains the entire set of infrastructure that best represents their service. Contact Bitsight Support for assistance.

Software-as-a-Service (SaaS)

Customers of this type of service subscribe to multi-tenant applications that are provided by another company.

Example: Office365
  • Monitor the application just like any other third party.
  • If an application-specific rating is not yet available, you can leverage our Cloud Partnerships team to jointly advocate for the provider to self-publish a rating that contains the entire set of infrastructure that represents the application or application pool. Contact Bitsight Support for assistance.

Managed Single Tenant Application

Customers of this type of service have a single-tenant application that’s hosted on dedicated IP addresses. It’s fully managed by the service provider.

You can work with the vendor to define the specific IP space and have a private, self-published rating created for that application. This can be visible to only you and the service provider.

The IP space used to host the application may be small. It may be more prudent to monitor the posture of the corporation that is providing the service to understand if they generally have good security controls across a wide range of applications.

Related articles