The UK’s National Cyber Security Centre (NCSC) posted a blog covering the topic of Managed Service Providers (MSPs) and the risk they pose to an organization. While MSPs can reduce the organizational responsibilities for operating cloud capabilities, the article argues that security responsibilities still remain relevant, albeit shifted. It discusses how security teams need to assess their expanded third party risk before and after procuring a contract. A few resources containing recommendations and measurements are cited, including a joint advisory with CISA and the NCSC’s 14 cloud security principles. Read more at NCSC here.