Looking for the right managed security service provider to protect your organisation from cyber crime, ransomware and disasters?
Here are some questions to ask.
Many organisations in Melbourne are hiring managed security service providers (MSSP) to manage their cloud storage, protect against cyber crime including ransomware, and outsource their entire security program. An MSSP can take care of the routine and emergency issues 24/7, issues which can easily overwhelm a small- or medium-sized company’s in-house IT department. Outsourcing a security program can be beneficial to companies with limited IT personnel, who lack internal expertise in security, or plainly don’t have the number of IT employees necessary to implement a full-scale security program. However, if you are going to hire an outside MSSP, it’s important to consider them carefully. Since your goal is to have them manage your sensitive data backup, cloud file storage and disaster recovery server (DR server), a thorough evaluation will ensure your organisation’s continued growth and success as well as offer you peace of mind.
What considerations should you pursue when looking to hire a MSSP to keep your organisation secure? What standards set the best companies apart during a disaster recovery project? Are there specific questions to ask potential candidates? If you’re not sure, here are some questions that top security professionals recommend.
1. What Will They Do for Your Organisation?
When looking to partner with an organisation, a good managed security service provider will examine the firewall, patching and anti-virus software, as well as have a holistic approach to protection. A good MSSP will discuss implementing security including:
2. What is Their Expertise?
Not all MSSPs have the same training and certifications. It’s important that you hire an MSSP that has expertise in the specific make and model of PCs that your organisation uses. They also need to have enough employees with the right education and training to work with your routine and emergency IT issues. Look for credentials from manufacturers they partner with. Partner recognition awards are a good indication of a high level of competency.
Rely on references from recently deployed customers, who are of the same size, in the same vertical, and with similar challenges to what you currently have. Have in-depth conversations with the references. (Ken Baylor, PhD)
3. What is Their Capability?
Are they big enough with the number of support staff you need? Are their people trained and certified at every level of the organisation to service clients in the manner that you need? Do they understand your industry and any industry-specific issues you have? Can they support your business 24/7? An MSSP that specialises in health care services may not be a good fit for a manufacturing company. IT systems may be similar, but jargon, slang, abbreviations are different, and each industry may have specific regulations to comply with and issues to tackle.
4. How Will Updates Be Handled?
Regular software updates are crucial to maintaining top-notch security and ensuring that your computers are running at peak form. These type of updates are best done by experts who can follow up rapidly if something goes wrong. Updates need to be implemented in a timely manner to keep your systems working properly. Automating routine updates makes it easier to stay on schedule and identify any issues before they become larger problems.
5. How Will They Improve Security?
Do they value the investment you’ve already made in your IT systems? Do they recommend logical changes or upgrades to improve your security? Or do they require changes because they can’t support your current system? It’s important to find a company that will mesh with yours, make your job easier and save you money and time.
6. What Benefits Does Your Company Receive from the Partnership?
Outsourcing digital security to an MSSP is a partnership. The MSSP is there to protect your data, and your infrastructure. They are helping you protect your clients and staff. Having a service level agreement (SLA) in place will clearly lay out the responsibilities of everyone involved.
7. How Will They Handle Disaster Recovery?
How quickly will they help us recover and get back to business in the case of a disaster that affects our organisation? What happens if a disaster affects their organisation? What is their backup in these circumstances? How have they dealt with similar situations in the past? Can they refer us to any clients who have been through this kind of recovery? Are they familiar with the security protocol that you require including a DR server, cloud storage and protection from cyber crime?
8. Do They Work with Multiple Locations?
Once integrated into your IT system, can they continue to work with you at more than one location? Can they scale up with you when you grow? Can they help you manage purchasing new computers and hardware as you grow? Can you count on their support as you collaborate with other organisations and still keep your data, files and applications secure?
9. How Much Will It Cost?
Costs vary depending on the level of security you need and scale of service you need. However, costs should be clearly listed upfront without any changes for a monthly contract. Any changes to your costs should be approved before the work is done and billed. Costs include management, monitoring and reporting which are all in the SLA.