How to Vet a Managed Security Service Provider
So, you’ve created a solid set of selection criteria to find the perfect MSSP to meet your business’s needs. However, how can you be sure that they’re a good fit? They may claim to satisfy all of your selection criteria, but it’s important to verify those claims before entering into a long-term service agreement.
How can you verify that your MSSP can not only "talk the talk," but actually “walk the walk?” A few simple tips include:
Checking with Security Solution Vendors to Verify the MSSP’s Certifications
Did you know that Compuquip is a 4-Star Elite Partner of Check Point Software Technologies?
It’s a partnership our team worked hard to cultivate so we could use their incredibly useful network security solutions to the fullest. However, you shouldn’t take our word for it—you should reach out to Check Point directly and verify it for yourself.
Why?
Because, anyone can simply slap a security solution vendor’s logo on their website page and claim to be certified for that vendor’s products—at least until they’re caught and forced to remove the logo. One way to protect your business from bogus resellers and service providers claiming false expertise is to reach out to the security solution vendor and check if the MSSP actually has a certification from the company.
If you’re making expertise in a particular security tool one of your selection criteria, then it is especially important that you do this.
When vetting an MSSP’s certifications, you can easily find the certifying organization’s information online. However, it is important to avoid relying on links on the MSSP’s own site for this, as an unscrupulous company may link to a fake site to provide a false certification.
Checking the MSSP’s References
Is the managed security services provider willing to provide references from current and past clients? Are there online reviews of the company that you can read?
Putting in some time to track down some other companies to act as references for the MSSP can provide you with priceless insight. These references can let you know exactly how the MSSP treated them—and thus, how they’re likely to treat you.
Try to collect information from as many sources as possible. Any one customer could be an outlier—whether positive or negative. Getting a few reviews from different sources can help you get a better idea of how the service provider works and whether they’ll do their best to help you.
Verifying How the MSSP Will Handle Your Data
Not even cybersecurity companies are immune to cyberattacks. Cybercriminals may attack an MSSP for the challenge or to access sensitive data on their clients. So, it’s important to be sure of how they will handle and process your company’s data.
Some concerns about the way the MSSP will handle your data include:
- Where and how the data is stored;
- Whether the data is encrypted;
- What security measures the MSSP uses to restrict access to the data; and
- Whether the MSSP has a backup of the data in case of a disaster.
Verifying these details can help to protect your business against data breaches and data loss.
Asking the MSSP How Willing They Are to Adopt New Security Solutions
Does the managed security provider not have expertise in the security tools that your business uses? Are they willing to learn your solutions, or are they dead set on using a single standardized security package that they use for every customer they have, regardless of their industry?
Getting the answers to these questions can be crucial for determining whether a given cybersecurity partner will be a good fit for your business. If the MSSP doesn’t know your security tools, and isn’t willing to learn them at all, then they may not have the flexibility needed to create a personalized cybersecurity plan that maximizes network security for your business.
However, there may be times where a cybersecurity company may recommend discarding a specific cybersecurity tool because they know of a better alternative.
Testing the MSSP’s Cybersecurity Knowledge
It’s crucial that you know you can rely on the expertise of your managed security services provider. One way to verify this is to run some tests on their cybersecurity knowledge. This can be done by making them pass a cybersecurity knowledge course from an online learning platform or by conducting an interview.
Most companies prefer the online testing course because it’s easier to set up and to check the results. On the other hand, having an interview with the MSSP can be beneficial because you can get a feel for their expertise and even learn something you might not have known before.
Setting up Communication Guidelines with the MSSP
When partnering with an MSSP, it’s important to set some expectations for how (and how often) they’ll communicate with you. Being able to talk to your MSSP is crucial because it keeps you up-to-date with the latest information regarding the state of your cybersecurity.
Obviously, one of the reasons to adopt an MSSP in the first place is to reduce the time and effort you have to spend on managing your network security. So, odds are that you won’t want to spend too much time on meetings with your security service provider. However, regular communications, such as a weekly meeting, can help you stay on top of your network security strategy with a minimum of effort.
Other ways to communicate with an MSSP include regular status report emails, emergency text communications (for when they spot a security breach or other critical issue), and even in-person meetings.
If an MSSP is not willing to set a communication schedule with you, that may be a warning sign of how they’ll treat the “partnership” later.
Do you need a managed security service provider who will form a true partnership with your organization and create a personalized cybersecurity plan to fit your needs? Reach out to the Compuquip Cybersecurity team today to get started!