Cybersecurity • 6 MIN READ
Choosing Your Managed Security Service Provider (MSSP). 7 Steps to Consider.
Selecting the right MSSP for your business is fundamental to the security of your clients, your people, processes, data, and infrastructure. Everything depends on the security you have in place. Which is why choosing the right MSSP for your business is crucial. But knowing what MSSP to go with can be hard. Especially if you are not entirely sure of what you need in the first place.
Before signing a contract and partnering up with an MSSP, or if you are looking for a new MSSP to partner with, make sure that they deliver the following seven elements. That way, regardless of what services are used, you can be sure that your overall security needs will be met.
1. Round the Clock Service
While your team may work the usual Monday to Friday, 9-5 hours, your networks, data, and everything that goes into your business requires 24/7 security. Which is why it is necessary that your MSSP provides full security 24/7, every day of the year, regardless of holidays, working schedules or natural disasters. 24/7 means supported by humans, not automated machines. You should be able to call the SOC at 4am, and someone should be there to answer your call. Watch out for any automated services, these do not bring the same level of care, nor will they answer your specific security needs.
2. Rapid Response
Once you ensure that your MSSP is available 24/7, find out what their speed of response is for requirements and queries of different severity. Your MSSP should have a hotline number if you suspect an incident, or indeed for anything urgent. They should also have an App you can contact the team directly on, and a designated service delivery manager to call upon once signed up.
Your provider must have an SLA agreement, and that must detail the speed of response and the commitment to that.
It is also worth checking testimonials and accreditations. If an MSSP has won awards for their services or platform from a reputable source, it is likely that they have in place processes to guide and support their clients throughout all eventualities.
3. There When Things Get Rough
Be it a natural disaster, pandemic, power outage, theft, or anything that leaves your business in free-fall, you need to know that your security team have your back. The right MSSP will help you plan for such instances. Not only will they help you plan, but they will also have contingency plans in place themselves in case they are the ones to experience a disaster. That way data remains secure from both sides, and business can carry on as usual, regardless of the circumstance.
Check that your MSSP provider operates out of a Tier-3 Data Centre, has disaster recovery and HA (High Availability). Serious players have serious infrastructure.
4. Continual Support
Not only does your MSSP need to be there to support you when serious issues arise, but their support needs to be constant. If your employees are continually dealing with security issues themselves, and can’t get on with their actual jobs, fast answers to security questions need to be provided in order to respond to threats in lightning speed.
5. Proactive not Reactive Security
Without an MSSP, businesses often only jump on security when there is an issue. With an MSSP, experts will be able to push your business to continually make the right updates, and pro-actively search out issues, before the issues are found by the wrong people and used against the business. Your MSSP should tell you what to focus in on. Watch out for the alerting services, this is not what you want, you want someone to raise the tickets, act on the tickets, and be with you and advise you.
Think of your security as a journey, and as a journey it should mature as it progresses. You must always ask yourself, before you had an MSSP you had issues with X, Y and Z, so with an MSSP, how much have you matured since then? And maturity is not the obvious capability, it is not just the technology and the people the MSSP will provide, or the 24/7 access to resources, but as an organisations, has your MSSP laser-focused you in on what the real issues are? Have they advised you on the architectural changes that you may want to make? This information is crucial.
6. Third-party Partnerships Maintained
A great feature of an MSSP is that it should already be in partnership with some of the best technology and services available. You also want to get access to enterprise grade tools and experts. This means, instead of having to outsource for every little element, your MSSP should already have the right processes in place as part of the package. This not only saves you time tracking down providers but ensures that the right tools are used in the right way, making more time for you and your team to run your business.
7. Realistic Budget
Technology is continuously evolving, which makes setting aside a security budget challenging. Your MSSP, however, must look out for your interests. The right MSSP will discuss and provide options for your security needs, alongside your own workforce, and explore what yearly planning looks like for your business to save money and improve efficiency. They should also provide a fixed pricing, you need a single point of contact not only technically with delivery, but also commercially.
Outputs of an MSSP
The right MSSP should improve business efficiency by saving you time, by utilising the right resources, and putting into action the services most appropriate for you. An MSSP can ensure that you are legally compliant, help mitigate threats, and reduce costly disaster repairs if attacked. But, most importantly, an MSSP will support your foundations, so that your business can keep on building and growing, without the constant worry that your security will cause its collapse, both from inside and from external threats.
When you are evaluating an MSSP ask to see their work, get them to show you how they raise tickets, the quality of the tickets, ask them for their monthly and weekly reports. You need to know what you are going to see, and what you are going to show management. Talk to them about escalation matrixes.
Top Tip – Do not go into the vortex of chasing after the latest feature or the latest technology. At the end of the day, you want clear tickets, clear responses, to enhance your speed to detection and speed to response.