What to Ask When Considering Managed Security Services

You’ve come to an important crossroads. You’ve got a business worth protecting, you know cyber threats are on the rise, and you don’t have the talent in-house to step up and become a cybersecurity expert. Compounding the problem is an unemployment rate of qualified cybersecurity professionals near zero in most markets, making it nearly impossible to hire an IT staffer dedicated to cybersecurity.

What are the options?

Some SMBs may opt for the status quo — installing patches and investing in expensive security infrastructure. But with new threats arising almost daily, the cost of constantly fine tuning cybersecurity to stay one step ahead of changing attack methods can become unsustainable.

Another approach is to bring in a managed security service provider — an advantage when IT resources are stretched, security needs to be deployed on a tight schedule and/or when existing staff can’t get up to speed fast enough.

If this is the direction you’re considering, you need to keep in mind that not all Managed Security Service Providers (MSSPs) are equal. How can you be sure you’ve made the right choice?

Choosing an MSSP

There are a few things to consider, because hiring well will save you money and keep your organization secure.

1. Is this an MSSP you can trust? You will be building a relationship with a new team — a team you need to rely on for security and your own peace of mind. Does the MSSP come recommended by a peer in your industry? Does it have real standards and procedures in place; and are they appropriately rigorous? And does it know its own policies, be it for data loss or a disaster plan, to the point where you can trust the team will hold up its end of the deal?
2. Does the MSSP have the expertise on hand? One of the biggest reasons people start looking at MSSPs is to get the technical help. Doing your homework before any deal is put in place will help – review industry certifications, look at the IT audits, tour the facilities and talk to the actual team. Once you’ve gotten answers that satisfy you, make sure the terms are put into the contract.
3. Does this MSSP provide end-to-end security? An integrated approach — like the Fortinet security fabric, for instance — offers end-to-end security across all attack surfaces. This also allows for integrated reporting by the MSSP on the actual threat landscape.
4. Does the MSSP ensure uniform device management? Be sure to get a clear picture of what the MSSP can do to secure your business across all locations and all devices.
5. Does the MSSP incorporate real time threat intelligence into its offering? Leveraging actionable threat intelligence is the most effective way to stop cyber attacks. Look for an MSSP that aggregates threat feeds.

Again, not all MSSPs are created equal. Many have limited expertise in one area, while some have deep partnerships and are up-to-date on the newest threats and security strategies.

VLCM, the 2016 US/Canada Fortinet Growth Partner of the Year, offers comprehensive IT security services with advanced, independently-validated technology designed to adapt to emerging threats. Contact VLCM, recognized in MSSP excellence by CRN, when considering an MSSP.