Klik has shifted its focus this year to providing cutting-edge Managed Security Services and becoming an MSSP. For our customers, this means viewing us as a one-stop shop for all of their technology needs, ensuring an unparalleled level of security and the ability to detect and address any real-time security threats.
Collaboration with an MSSP is undoubtedly a must for any company that lacks proper in-house resources or expertise to ensure reliable cyber defence. However, not all MSSPs are created equal. So, how do you choose the right vendor? Let’s go over some questions you should ask your MSSP before deciding on a collaboration.
Can You Assist Me in Defining My Cybersecurity Objectives?
The MSSP market is huge and diverse; some boutique businesses focus on providing specialized services, while others offer low-cost options with no customization or personal assistance.
Most growing businesses should look for providers that fall between these two extremes if they want to maximize their cybersecurity confidence. This calls for an MSSP with solid ties to and a good reputation and preferably experienced in your market segment.
Start with the following questions:
- Can you assist me in securing work-from-home employees?
- How can you help me to meet regulatory compliance requirements?
- How will you assess the effectiveness of cybersecurity?
- Do you provide cyber security training?
- Can you assist with legacy hardware or software that is causing security flaws?
The answers to these questions will help you in starting a vendor evaluation process and eliminating providers which don’t meet your requirements and expectations.
What about your team’s expertise and credentials?
Because an MSSP is only as good as its experts, the next step is to learn more about the team.
Start with TOP management. How long have they been in the cybersecurity industry? Do they have prior experience working in your industry? While technology challenges are similar across industries, a leadership team with expertise in your field will understand your goals and speak your language, making collaboration more efficient and comfortable.
Then it’s time to start evaluating their employees. Cybersecurity engineers have specialized training and credentials. Consider the following:
- Years of experience.
- Qualifications and specializations.
Keep in mind that in today’s rapidly changing cybersecurity landscape, engineers should maintain current certifications from recognized bodies such as Certified Systems Security Professionals (CISSPs), Certified Information Systems Auditor (CISA), or similar.
What are your Security Policies and Procedures?
Dive into the workflow of an MSSP. Documented policies are not only required by some regulatory compliance standards, but they are also critical to ensuring that security incidents are identified, analysed, and responded to as quickly as possible.
When examining how your MSSP works, consider the following questions:
- How will they maintain your firewalls, VPNs, and network devices?
- Who is your point of contact on their side?
- How does that person share intelligence and collaborate with other MSSP staff members?
- How will they handle an incident?
- Do you have backup, disaster recovery, or business continuity plans in place to help you get back up and running?
- What type of reporting can your team anticipate?
An issue of a good process extends far beyond how the MSSP interacts with you. It is more about how they interact with their own security. For example, does the MSSP conduct background checks on its own employees? Are they using multi-factor authentication to secure their systems and hardening their infrastructure against physical infiltration?
Explore the Service Level Agreements
A service level agreement (SLA) specifies the level of service that can be expected from any IT service provider. While you should strive for a long-term, consultative relationship with your MSSP, having a clearly written SLA clarifies responsibilities.
Ask your potential vendor such questions:
- How they classify and notify you about events;
- When and if they delegate any security duties to a third party;
- Which KPIs and metrics they use;
- What SLA penalties are applicable in case of SLA violations.
Is your vendor focused on developing long-term client-focused relations?
Only when both parties invest time and energy in making the MSSP-client relationship a success will it thrive.
This includes being open about your security challenges, communicating with your MSSP on a regular basis, and being open to their suggestions. Consider them to be a long-term strategic partner in general, rather than just another vendor or line item in your technology budget.