5 Tips for Evaluating a Managed Security Service Provider

How to find an MSSP to address your security and compliance needs.

Your Managed Security Services Provider can be a valuable business partner.

Today’s IT manager has an overwhelming number of competing priorities. Despite the many competing priorities for their time and resources, IT managers must also find a way to address organizational security and compliance needs. Engaging a Managed Security Service Provider (MSSP) is a smart way to meet this requirement. The ideal MSSP identifies ongoing, critical security enhancements.

1. Begin by looking inward at your current security posture.

An IT risk assessment establishes an important benchmark by fully evaluating your organization’s current security posture. Through the process, gaps will likely be discovered and these findings will determine the types of technologies and services your MSSP will need to provide. A quality MSSP will have the ability to perform an IT risk assessment for you, as well as the expertise to identify additional gaps in compliance with standards such as PCI DSS and HIPAA-HITECH.

2. Don’t settle for less. Get the support you need.

The MSSP you choose will be your single-source provider of all things security (and, preferably, compliance). Insist on a detailed service description and service level agreement (SLA) that specifies the exact products and services you require and that spells out the level of attention and support you wish to receive. For example, the SLA should have defined objectives, guarantee immediate access to resources and identify the nature of those resources (U.S. based, in-house vs. contract, etc.).

3. Look for cost-saving opportunities.

Partnering with the right MSSP can provide several cost-saving benefits. For example, an MSSP that delivers cloud-based services will reduce your security infrastructure management costs. In addition, an MSSP with both security and compliance expertise will create and deliver on strategies that reduce your scope of compliance. Reduced compliance scope translates into tangible cost savings by simplifying the reporting and validation process.

4. Take note of the technologies offered and who will deliver/install them.

Be sure to review the actual technologies offered to be sure that they are best-of-breed solutions. Multiple vendors and resellers can create unnecessary complexity and even introduce security vulnerabilities in your environment. The ideal MSSP has experts on staff who will take you through the entire process, from sales to implementation to ongoing security monitoring and support. These experts will come with a range of certifications that include CISSP, CISM, CCSK, CSCS, CIPT and Security+.

5. Check customer references and success stories.

You wouldn’t hire an employee without checking their references, and neither should you consider an MSSP partner without doing the same. A reputable MSSP will gladly provide the contact information for several current customers. Be sure to ask these customers about ease of deployment, their ability to get support when they need it, and any holes they’ve discovered in terms of the SLA they’re working under.

The ideal MSSP identifies ongoing, critical security enhancements.

MSSPs offer a real solution to the real problems of tight budgets, an overstretched IT staff and compliance hassles. With the right partner, you’ll no longer have to go it alone when it comes to protecting your business and its assets. For more information on our managed security services, give us a call at 800-825-3301, ext. 2. We are happy to help.

Be sure to subscribe to this blog for additional tips and webinar announcements.