The jargon, in plain English.

A managed service provider runs your IT for a predictable recurring fee — proactively keeping it working, secure and up to date — rather than only fixing things when they break. The work is front-loaded into prevention (standardised builds, monitoring, patching, security) so problems are designed out, not waited for.

Break-fix means you pay someone when something goes wrong — reactive, by the hour. Managed means a provider runs the whole estate for a fixed monthly fee, focused on stopping things going wrong. Co-managed sits in between: your in-house team keeps the day-to-day, and the provider sits behind them for cyber, cloud, out-of-hours and specialist work.

Antivirus blocks known malware. EDR (endpoint detection and response) watches devices for suspicious behaviour and can respond to it. MDR (managed detection and response) adds the people — a 24/7 security team using those tools to hunt, triage and contain threats on your behalf. Tools alone don't act at 3am; MDR does.

Cyber Essentials is a UK government-backed certification covering five core technical controls — firewalls, secure configuration, user access control, malware protection and patching. It's self-assessed and renewed annually. Cyber Essentials Plus is the same controls, independently tested rather than self-declared.

All three connect sites. A VPN is an encrypted tunnel over the public internet — cheap and flexible, but quality depends on the underlying connection. MPLS is a private carrier network with guaranteed performance, but costly and less flexible. SD-WAN intelligently blends multiple connections (broadband, leased line, 4G/5G), routing traffic over the best path and failing over automatically — often the modern middle ground.

ZTNA replaces the old “trust everything inside the VPN” model. Instead of giving a user broad network access, it grants access to specific applications, per request, based on verified identity and device health. Nothing is trusted by default — every connection is checked.

Active Directory (AD) is Microsoft's on-premises directory — the traditional server-based system for managing users and devices on a local network. Entra ID (formerly Azure AD) is the cloud-based identity service behind Microsoft 365. Many organisations run both during the shift from office-bound to cloud-first working.

Conditional access is a set of rules that decide whether to allow a sign-in based on context — who the user is, the device they're on, their location and risk level. For example: allow access from a managed, compliant laptop, but challenge or block an unknown device from an unexpected country. It's a cornerstone of identity-first security.

A service level agreement defines what you can expect from a provider in measurable terms — typically response and resolution times by priority, and sometimes uptime commitments. A good SLA sets clear, accountable expectations; it's the difference between “we'll get to it” and a defined promise.

Public cloud (Azure, AWS, Google Cloud) is shared, on-demand infrastructure you rent at scale. Private cloud is infrastructure dedicated to a single organisation — more control and predictable cost, often UK-hosted for data sovereignty. Many estates use a hybrid of both, placing each workload where it makes the most sense.

HCI combines compute, storage and networking into a single, software-defined platform that scales by adding nodes — rather than managing separate servers, storage arrays and switches. It simplifies running and protecting virtual machines, which is why it underpins a lot of modern private cloud.

SASE (secure access service edge) brings networking and security together in the cloud — combining things like secure web gateway, firewall, and zero-trust access into one service delivered close to the user. The idea is consistent security wherever people work, without backhauling all traffic through a head office.