Learn the seven key questions every business should ask when deciding on which Managed Security Service Provider to hire.
A Managed Security Service Provider is an extension of your IT services department that focuses solely on the security of your company. The services that a Managed Security Service Provider provides range on the network security management spectrum from virus and spam blocking, to intrusion detection, firewalls, and virtual private network (VPN) management. Additionally, some Managed Security Service Providers offer other features such as system changes, modifications, and upgrades. When your company’s security is on the line, it is incredibly important to fully evaluate your options for Managed Security Service Provider.
To help make this decision, here are seven questions every business should ask when deciding on which Managed Security Service Providers to hire.
Checking the reputation and reviews of a business doesn’t only apply to restaurants, but it is also essential when hiring a Managed Security Service Provider. Roger Smith, Amazon #1 Best Selling Author, Experienced Cybercrime and CyberSecurity Expert, Speaker, and Trainer, explains that that reputation is critical in deciding whether to hire a Managed Security Service Provider. Smith goes on to further clarify that “Making a bad decision or deciding on one provider based solely on cost can cripple your business”.
Before you hire a Managed Security Service Provider, you need to know what they do, and what they can do for your business. You can evaluate their features by looking into four key categories: Technology, Management, Adaptability, and Compliance. A Managed Security Service Provider typically offers businesses technology such as firewalls, wireless solutions, VPNs and patch management. Managed Security Service Providers are responsible for managing policies, risks, procedures, processes, auditing, reports, training, and education. Managed Security Service Providers should be able to adapt to your business needs under any circumstance. For example, Managed Security Service Providers should offer disaster recovery, business continuity, and backup storage and protection as well.
Knowing each feature, and its importance to your company allows you to better evaluate which Managed Security Service Provider will work best for you. John Penland, the founder of InfoTech, states that “In order to provide exceptional value, a provider must first understand their customer’s business model. This helps providers develop a rock-solid solution that can create a long-lasting, happy customer”.
Not all Managed Security Service Providers are the same. While they might all roughly do the same work, it doesn’t mean that they will all fit well with your company. For example, a Managed Security Service Provider that works for a healthcare business might not be as successful for an accounting business. There are differences in timelines, terms, and expertise that can affect their successful integration into your business. Ian Trump, an ITIL Certified Information Technology Consultant with 20 years’ experience, explains that “When evaluating the Managed Security Service Provider, you need to know whether they have some experience in your particular vertical. A Managed Security Service Provider that specializes in healthcare services may not be a good fit for a logistics and transport or manufacturing company”.
You need to be sure of what you need from your Managed Security Service Provider, then cross-reference that to ensure that they are capable of providing those services to you. Brian Laing, an IT Security innovator from Lastline, states that “The key to evaluating a Managed Security Service Provider is to first codify your requirements”. Splitting these into different requirements not only simplifies which Managed Security Service Provider might be better, but it can also completely remove a vendor from the selection process. This will save your business valuable money and time.
Hiring a Managed Security Service Provider should make running your business smoother. When hiring and evaluating your Managed Security Service Provider, ensure that you are firm on nonnegotiable expectations of service. Ian Trump further iterates the importance of a mutually beneficial relationship by explaining that “When contracting the services, I would approach negotiations as a partnership and use language which provides mutual benefit, measurable deliverables, service level agreements (on both sides), and dispute resolution mechanisms”.
It is essential to create a specific service level agreement with your chosen Managed Security Service Provider. This ensures that all parties involved understand the requirements on both sides –
recognizing this as a mutual relationship is key. They are there to protect your company, data, customers, and staff and you are there to pay them. Just as you wouldn’t hire an employee to sit on Facebook all day, you shouldn’t hire a Managed Security Service Provider that won’t carry their own weight.
Outsourcing to a Managed Security Service Provider can save your business 60-75%. Managed Security Service Providers cost on average about $75,000 a year. While this sounds hefty, you can compare it to the cost of a small IT department doing the same amount of work. Three IT staff, with a salary of $72,000 annually plus the cost of cybersecurity software, hardware, and equipment can easily run you upwards of $300,000.
Additionally, the use of a Managed Security Service Provider saves you money by providing your business with critical cyber protection 24 hours a day, seven days a week, 365 days a year. The cost of this with a traditional employee would be exponentially expensive.
It is important to understand all aspects of your contract and to thoroughly investigate the financial aspects of it. Protecting your investment in a business is no different in the process of hiring a Managed Security Service Provider. Due diligence is important during the hiring and evaluating stage, as it provides your business peace of mind and ensures that your Managed Security Service Provider will continue to work as hard as you are.