How do I choose the right Managed Security Service Provider (MSSP)?

Managed Security Service Provider

Business today is often faced with the growing complexity of networks and threats that are becoming increasingly real.  A growing number of businesses and organisations are opting for a different approach to securing their networks, through outsourcing all or some of these security functions. MSSPs offer companies and organisations access to resources that they often could not otherwise afford. While many companies feel competent to handle a multitude of security issues, they may lack the overall skill necessary to implement an enterprise-wide security strategy. When combined with the increasing salary demands of security professionals and the overall lack of skilled specialists, outsourcing can be an attractive alternative.

Traditionally, the local area network (LAN) has been viewed as a trusted network. Perimeter protection came in the form of a corporate firewall that was viewed as the cornerstone of protection from a threat that was deemed to be largely external. Today this has changed, with 70% of network threats coming from within the network itself.

With business becoming more reliant on ecommerce, the traditional business models have changed forever. Local businesses now operate effortlessly on a global scale. Employees can often operate independently, very rarely, if ever, needing to be in the office. A set office location may not exist.  Instead, servers and systems are centrally located in Data Centres, accessed via the Internet, cloud computing. Reducing costs on infrastructure such as an office and all associated costs, means businesses can become more profitable, more quickly.

So why has it taken so long to accept this as a legitimate business model? Why have corporations and organisations been reluctant to outsource these services? The answer is because it entailed placing trust in someone who sat outside the company and meant these businesses may need to open up the inner workings of their operations.

If you have a business, you should seriously consider the benefits that can be obtained through outsourcing the daily services you need, but they do not generate revenues for you. Book Keeping, Information Services, HR and Marketing are services often outsourced. When we talk about outsourcing Information Security Services, consider the following; Does the provider you are looking at offer a choice of products that can complement each other and provide a solution that offers an optimal amount of protection?

Do not overlook physical security. How secure is the facility from which the service is being provided? Does the service provider utilise proper access controls?

  • What provisions are in place with respect to fault tolerance? How often are the security devices being polled and what process is in place for notification should a problem occur?
  •  Does the company specialise in security or is it merely and add-on to an existing business?
  • What expertise is available?
  •  What SLA’s does the service provider give?
  • What hours of support are available?
  • Does the provider provide an adequate level of analysis and support?

Below are some of the things you should do to ensure you get a Security Service Provider who you can work with;

  • Ask for a list of reference clients that you can call.
  •  Ask to visit their Security Operations Centre.
  • Where are your services being located, ask to visit this.
  •  Have them explain their operation, support, redundancies and systems.
  • What reporting will they provide, try to get a sample report?
  • Look into the contracts and SLA’s behind the service and
  • Speak to the Vendors who provide the technology behind the solution.

Follow the above steps, and get the solution you are after.