In the 21st Century, the question is not whether an organization will face a cyber security risk, but when. Therefore, do not wait until a breach occurs to call in a Managed Security Service Provider (MSSP). At the risk of sounding cliché, the best offense is a solid defense.
When to Engage an MSSP
Ideally, the best time to enlist the expertise of an MSSP is at startup. Of course, this is not realistic for established organizations – which means the right time is always now, especially if the enterprise meets one or more of the following criteria:
Cyber security should be top of mind for any enterprise, no matter its size, in the modern era.
How to Engage an MSSP
Organizations, especially smaller ones that may not have interacted with an MSSP before, may wonder how to engage. The process should be simple and straightforward: Request a meeting. In fact, the MSSP should take the lead and guide clients through the whole scenario of what it means for the MSSP to ultimately handle clients’ cyber security.
Look for an MSSP that takes the following actions when responding to (or even initiating) an enterprise’s request to work together:
This even includes introducing the enterprise to some of its top security experts, who should hold industry certifications, and take part in ongoing training and education. In addition, look for an MSSP that owns one or more Security Operations Centers. These critical assets serve as the heart of a premier cyber security initiative and must meet compliance and other strict requirements. MSSPs that are willing to invest to this level stand above the rest.
Every MSSP should shore up its practice with technology and other resources from trusted vendors. Be wary of MSSPs that provision only their own platforms and people without incorporating proven solutions.
If the MSSP does not know what is in place, that continues to leave the organization open to breaches. The MSSP must conduct a full assessment of all network technologies, systems, and software which include endpoints, firewalls, and email security, to ensure it closes all the gaps within the client’s environment. The right MSSP will gather extensive information and ask questions throughout this aspect of the engagement.
The MSSP should shoulder the responsibility for bringing an enterprise’s cyber security environment up to speed. It should work alongside the customer’s IT team but not expect them to do the heavy lifting.
Clients should maintain full visibility into their cyber security status and receive detailed reports through one platform. The MSSP also should run an around-the-clock, U.S.-based SOC that allows clients quick and easy access in case of a problem.
Above all, the MSSP should act as an extension of the organization’s team, providing the technology, human expertise, and processes the enterprise does not have. The MSSP should not aim to replace IT employees. Rather, it should position itself as an extension of the client’s IT department and act as a consultant while overseeing cyber security activities and freeing up client’s staff to revenue-generating activities.
