Looking to hire a Managed Security Services Provider for your business? Here are the questions you should ask yourself before you make such an important decision!
Question 1: “Why do I need an MSSP in the first place?”
Why do you need an MSSP? There are three key factors:
- Experience – You need the security expertise an MSSP can provide
- Availability – You need the around-the-clock SecOps availability an MSSP can provide
- Cost Savings – You need the security cost savings an MSSP can provide
If you’re having a difficult time attracting experienced InfoSec professionals, then an MSSP is right for you. If you’re worried about not having a dedicated InfoSec professional available when you need them, then an MSSP is right for you. If you can’t afford a full-time InfoSec professional, but you need someone to do the job, then an MSSP is right for you
A GOOD Managed Security Services Provider delivers on all three of these things. They can provide your business the solution set it needs to keep the data safe and sound 24×7 without breaking your budget.
Question 2: “Experience is important. Is the security team at this MSSP experienced enough to meet my needs? If so, how can I tell?”
There is an abundance of anonymous-feeling security-provider websites out there. They seem to be filled with unowned content and staffed by mysterious unnamed individuals. Since you as the buyer have all the power when it comes to making a decision regarding what MSSP you select, it’s easier to make an informed decision if you can identify and research the company you’re considering as a potential partner.
Do your research. Check out the MSSP’s “About” and “Team” page. If it helps, check out the company’s LinkedIn page. Those pages/social profiles can sometimes help paint a more complete picture of an organization. If you’re going to end up working with someone every day it’s better to know who they are rather than going into an agreement blind and hoping you get an answer(s) you like.
Question 3: “What software/technology do they use? Who are there partners?”
The software an MSSP uses is just as important as the strategies they subscribe to when it comes to their offered services. A good MSSP is always improving, and as a result they understand the importance of upgrading their toolkit regularly.
We recommend you check out an MSSPs partner page to see what tools they’re currently using. If an MSSP is comfortable with toeing the line, and they have what looks to be an old or untrustworthy tool kit (we’re looking at you Kaspersky Lab users), they’re probably not the best choice for you or your business.
Question 4: “Does this MSSP pay attention to new threats and developing InfoSec trends?
This question really goes hand in hand with the last question. A good MSSP not only pays attention to developing technology but also pays attention to developing threats in the InfoSec world.
An excellent way to measure this is to look at the MSSP’s blog or social media channels. If their choice in subject matter is current and they’re consistently posting new content there’s a good chance they’re passionate about what they do and dedicated to keeping their customers safe.
Question 5: “Speaking of keeping their customers safe; what steps does this MSSP take to keep data safe? What’s their security posture like? Do they have a strategy?”
In today’s world, the most important asset your company has is its data. It’s only logical that you ask yourself whether or not the MSSP you’re investigating can protect your valuable information.
A GOOD MSSP understands this and offers their clients a complete, far-reaching data security solution that extends from up in the cloud to ground-level end-points like laptops and other mobile devices.
For instance, to get a better understanding regarding Security7’s security posture and how we handle things, please check out our Intelligence in Depth guide here.
Question 6: “That’s all well and good, but my business is unique. How can they help me directly?”
A GOOD MSSP knows that no two solutions are the same and its representatives will never solicit the same advice twice (outside of some industry best practices). If you decide to contact an MSSP, they should make that very clear to you up front in the conversation.
Why? Every business is different. Your’s may not have the same security or compliance requirements as the next business an MSSP meets with. A good MSSP tailors a custom solution right for your business and doesn’t make you conform to something like an out of the box solution.
Question 7: “Okay, this MSSP I’m researching is good at self promotion, but enough about that. What do their customers think about them?”
Ah yes. The One-Million-Dollar question. The best way to gauge an MSSP isn’t always by reading their blog or following them on social media. The absolute best way to gauge an MSSP’s qualifications is by reading their customer review (from either their webpage or on Google).
It’s been said the best form of marketing is word of mouth and that’s true. A good MSSP leverages their customers’ base by getting them to write reviews that accurately depict way the customer feels about them. Typically, if people love the service provided by someone they do business with they’ll write reviews that can offer up a level of personal insight otherwise unavailable.
Why Should You Choose Integris?
Integris can help you stay ahead of cyber-attacks by providing a real-time information security solution. Unlike traditional, reactionary approaches, our intelligent, real-time information security solution immediately strengthens vulnerable technology and offers multi-layer data protection across your entire IT ecosystem.