Top 5 Questions to Ask Your Prospective Security Managed Service Provider

There is no shortage of spend or need on security services. Gartner has recently predicted that worldwide spend on security products and services will reach $124 billion in 2019. This coupled with a security skills shortage and changing regulatory and compliance regulations – such as the General Data Protection Regulation (GDPR) Act – that put a further strain on internal resources have companies turning to managed security services for part or all of their security needs. But how do you know if a managed security services provider is the right one for your organization? We’ve put together a list of the top five questions and criteria that security services providers should be able to answer and meet.

Do they provide continuous monitoring?

Most Managed Security Services Providers (MSSPs) tout their “always on,” 24 x 7 x 365 monitoring policies. However, make sure you clarify that this applies to all levels of their managed services offerings and not just a “premium” level that you may or may not subscribe to, for example. Further, if there is an incident what is the exact plan to communicate the details as well as investigate and respond?

What kind of reports and insights will your MSSP provide and how often?

Every event is not an alert and every alert is not an incident. While your MSSP is providing details on incidents, helping you detect, investigate and respond, it is also important to get a view of the events and alerts happening in your environment. Ask your MSSP what type of insights and reports they will provide your organization on a regular basis. These reports can help you with reporting on regulatory and compliance requirements. Additionally, they can help you with rationalization regarding security controls to put in place before events become alerts and alerts become incidents. Ask for customization as needed, as you want to make sure the reports are intuitive and reduce the amount of time you spend on reporting of compliance and regulatory requirements.

Do you support hybrid security infrastructure?

Organizations are slowly but surely moving more applications and services to the cloud but approximately 85 percent of the infrastructure, depending on the industry, is a mix of proprietary or existing on-premises security solutions. MSSPs should be able to protect and monitor a vast array of infrastructure, either public or private, but some do specialize in certain vendors, or cloud versus not, and may not be comprehensive. This can add in unnecessary costs and vulnerabilities as you shift existing infrastructure to the cloud or keep it on-premises. Be sure your MSSP can monitor all of your existing security needs even if you have plans to move in the future.

What’s Your Shared Security Responsibility Model?

When outsourcing anything you need to ask – exactly what pieces are you responsible for? And what piece am I responsible for? This applies to childcare (yes the child of course, but also laundry, cooking, cleaning?) Lawn mowing (just the drive way or the front path too?) You get the gist. Make sure you have a clear delineation between what your organization is responsible for in terms of security and your MSSP – leaving no wiggle room because as noted above the cost of an attack is no small matter. There is also, of course, the matter of the security vendors and what they are responsible for as well. We have outlined in our previous article how the shared security responsibility model can be broken down.

Who do you partner with?

It might seem like a no brainer – you hire the MSSP and they take care of everything themselves, right? Well, not so fast. Some MSSPs depend on third party tools themselves to help take care of the overarching security infrastructure. This is definitely an acceptable practice – and even works to your advantage because you’re now receiving managed services and best of breed tools to monitor it all, like Trend Micro or Barracuda, who we work with – but just make sure you know this up front so any finger pointing can’t occur in the back end.

Looking for Support on Security?

We can help you protect your environments with our managed security services – Security for Azure and Security for Microsoft 365. Visit our SoftwareONE Security Services page to learn more about our security and compliance offerings.

Read more

Reageer op dit artikel

Laat een reactie achter om ons te laten weten wat je van dit onderwerp vindt!

Laat een bericht achter


Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Gerelateerde blogs

Online ondertekenen
  • 09 februari 2021
  • Claudia Kolleman
  • Digital Transformation
  • Digital

De voordelen van online ondertekenen

Een volledige digitale werkstroom is de ideale oplossing als het gaat om tijd, geld en moeite besparen. Met digitaal ondertekenen kun je snel documenten versturen voor ondertekenen. Specialist Claudia Kolleman gaat in haar blog op de voordelen in.

  • 14 december 2020
  • Jorn Piersma
  • ONEClub, Microsoft, Licensing

Per januari 2021 beschikbaar Microsoft’s Perpetual Licensing in CSP

Recent heeft Microsoft aangekondigd dat – eeuwigdurende (perpetual) licenties voor on-premise software producten – nu ook beschikbaar zullen zijn in CSP. Per januari 2021 is het zover en kun je de licenties aanschaffen via een gelimiteerd…

Communiceren met Teams
  • 26 november 2020
  • Christiaan Hendriks
  • Unified Communications
  • Teams

Communiceren met Teams: van werkplek tot vergaderkamer

In 2020 is thuiswerken de norm geworden. Omdat we allemaal thuiswerken is het handig als je op een laagdrempelige manier met je collega’s of business partners in contact kan blijven. In dit tweeluik zet Christian Hendriks alle mogelijkheden…