Five points to check when choosing a managed security service provider
At this point in time, partnering with a managed security service provider is now becoming not just a “no brainer” but really a necessity for many companies, especially SMBs. The simple fact of the matter is that cybercriminals are not just increasing the number of attacks they make, they are also increasing their sophistication.
Cyberattacks have long put companies at risk of regulatory fines and bad publicity, which can be enough to put them out of business, now they are starting to reach a point where they can be enough to put companies out of business on their own. For example, over recent times, there has been a whole spate of YouTubers having their channels taken over by cybercriminals. Some have (eventually) got them back, some have not.
In short, realistically, few SMBs are likely to have the skills it takes to keep themselves safe these days, which means the only sensible approach is to partner with a capable managed security service provider. With that in mind, here are five points to check when choosing a managed security service provider.
Are they customer focussed?
It may seem odd to make this your number one point to check, but working with a managed security services provider should be a partnership of equals, which means that you as a client have to be prepared to see your managed security service provider as more than just a name on an invoice and equally a managed security service provider has to see you as more than just a way to pay their bills. Everything starts from this point.
Do they have demonstrable in-house expertise across technologies?
Cynical as this may sound, these days anyone can set up a website and social media profiles and claim to be an expert on absolutely anything. This is why you need to check what sort of credentials and credibility any potential managed security services provider can demonstrate in the real world. In terms of staffing, you want reassurance that their team includes people who genuinely are experts in their field and you want those experts to cover all relevant areas of cybersecurity, including (and perhaps especially) mobile security.
What is their track record on technology implementation?
Modern cybersecurity basically involves deploying best-in-breed tools to undertake relevant automated monitoring and having any alerts sent to human cybersecurity professionals who then decide what to do with them. The key word in that sentence is “best-in-breed”. It is impossible to overstate the importance of this. There are, however, two challenges to deploying “best-in-breed” technology and high-quality managed security service providers are, generally, in a much better position to overcome them than the average SMB.
First of all, there is the challenge of identifying genuine best-in-breed technology. The threat of cyberattacks is real and by this point in time just about everyone must know it, at least everyone involved in business. That creates a huge potential market for any company which can convince other businesses that their product or service is the best there is and what they need to protect their organization. Managed security service providers, by definition, are cybersecurity experts and are therefore well-placed to tell what’s really good and what is just good marketing.
Secondly, there is the challenge of paying for these tools. As there is a lot of research and development typically goes into them, plus there is usually a need for continual updates (as cybercriminals become increasingly astute about their attacks), it’s hardly surprising that the best security tools can be extremely expensive, prohibitively so for the average SMB. Managed security service providers, however, will be spreading the cost around various clients, rather than just absorbing it themselves.
Do they have a NOC as well as a SOC?
A security operations center on its own is purely focused on the detection and analysis of and response to cybersecurity incidents. These days, however, it is hugely important to focus on prevention and that starts with robust network and cloud architecture, with a particular focus on perimeter security.
This is why it can be very helpful to work with a managed security service provider which also operates a network control center. As a minimum, you have the reassurance of knowing that they can provide support, guidance and consulting. Potentially, you could even have them assist with the running of your network and, especially, with optimizing it for cybersecurity.
Can they offer effective 24*7*365 monitoring?
Basically, do they actually have cybersecurity professionals available at all times or just during their standard business hours? Having them on-call may be a reasonable compromise, just as long as they can be contacted and brought online with minimum delay.
Deciding managed network switch