Choosing the right managed security service provider
Let me tell you a story. I once had a friend who worked in the cybersecurity field. We knew each other from university and we were interested in the same things, constantly sharing our grand ideas of changing the security industry as we knew it. He got an excellent job right out of university and went on to work in the security team of a major firm.
While it was exciting at first, he soon started sharing some of his doubts with me. One thing that stands out was the lack (at the time) of round-the-clock security monitoring. These guys would do their work during the day and while they had fairly advanced security software running at all times, they’d clock out at the end of the day and leave their systems undefended.
I remember telling my friend (or something like), “Mate, that’s crazy. Have you guys thought about continuous monitoring and threat detection?”. He said that while this was something he had recommended, it wasn’t a suggestion that was taken seriously Belive it or not, a couple of months down the line, they suffered a serious data breach during a period when the office was closed for a few days.
This is the story I share with my clients when I explain to them why a managed security service provider is important. It’s one that stayed with me long after the event and helped me shape some of the Security Operations Centre services my team and I provide at Triskele Labs.
Let me share a few insights I’ve picked up on over the years when it comes to choosing the right managed security service provider for your business.
FIRST OFF, WHAT DOES A MANAGED SECURITY SERVICE PROVIDER DO?
CHOOSING THE RIGHT MANAGED SECURITY SERVICE PROVIDER
Consider their experience before you take a leap of faith
When it comes to choosing a security team, I really can think of only a few more stressful business decisions to make. Ultimately, these guys are in charge of your entire operations and are what stands between you and cybercriminals.
That’s why it’s important that you inquire about the experience a particular company or team has in this line of work and look into their past experiences with clients. The level of due diligence at this stage can really determine how secure your operations ultimately are.
Security certifications are telling
While just about every security company has the requisite certifications these days, this is still a point worth mentioning. Certain certifications need to be renewed and this is something you need to look into. It’s also best if these qualifications, so to speak, are relevant to the precise nature of the service they’re offering you. Here, demonstrable certifications in and awareness of data protection are very valuable.
Find out how they handle and manage sensitive information
Another major tell when it comes to choosing an external security team is finding out how they plan on handling your data. Remember this team will have access to many of your resources, customer information (if any), and other seriously sensitive information.
Before you bring them on board, have a candid conversation about how your data is going to be managed and how it will be kept secure.
CHOOSE A MANAGED SECURITY SERVICE PROVIDER YOU CAN TRUST
Cybersecurity is everything, nowadays. While there was a time when small businesses may have been able to coast along without a dedicated security team, this reality is changing at an unprecedented rate.