Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

11/21/2019
03:20 PM
Joan Goodchild
Joan Goodchild
Edge Articles
50%
50%

In the Market for a MSSP? Ask These Questions First

Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.

How do you keep my stuff secure?

If you're bringing a security services provider in to enhance your own corporate defenses, obviously you don't expect them to instead expose your organization further to risk. But that is a real possibility when working with any third party.

How do you stay current against emerging threats?

Gauna likes this question because it reveals where the MSSP gets its information about threat intelligence.

"Service providers should be collaborative in nature," he says. "No one has all the answers, but having several sources to validate is important."

Where are your employees based? Do you subcontract your work?

Gauna suggests asking questions like these to ascertain more about the MSSP's staffing procedures, including how they confirm the backgrounds of their employees. 

"Having one source [as opposed to a web of subcontractors] is key," says Gauna. "This equates to a secure supply chain. This also ensures a standard level of service quality. Also understanding how calls are handled can be a tell as to who you are talking to when it matters most."  

And back to Wylie's point from earlier, asking about experience levels is also important. Ask about hiring criteria.

How will my data be handled? 

"In the era of cloud computing, we see more companies processing data in the cloud, and unfortunately that data is not always secure," says Gauna. "Processing data securely should be a core competency of security companies and [they] should have the ability to provide the details on how their client data is secured." 

Do you 'get' my business?

Before going too far down the road with an MSSP, make sure they have experience in your industry, says Marty Puranik, founder and CEO of Atlantic.Net. The security needs of one vertical can be drastically different from another.

"You want them to have a cultural fit but also be familiar with your business type or business practices so they can help you the most," says Puranik. "For example, if you are a doctor's office and the MSSP primarily has retailers, they probably aren't going to be as familiar with best practices for your industry than someone who has many other medical professionals."

Are you also a business partner?

Executive management wants to know why they are investing money in security, and risk mitigation and defense are only part of the equation when you give them an answer. Retaining an MSSP means further business objectives. And the C-suite wants to know how they will help accomplish that.

Weeks' advice for getting at an answer to this topic: Ask "How will you assist in driving organizational changes, if needed, to help support our security objectives?" 

Gauna would go at it more directly: "How do you enable my business?"

These services should enable you to conduct your business better," he says.

Related Content:

 

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
Previous
2 of 2
Next
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
   OVER THE EDGE
Gone in a Flash

Source: StaySafeOnline.org

What security-related videos have made you laugh? Let us know! Add them to the Comments section or email us at [email protected].

Name That Toon: Mask Out