In an era where security breaches are the norm, many enterprises are looking for ways to improve their cybersecurity capabilities. In fact, a recent IDG Research study of senior IT executives found that data breaches are a top concern− 38 percent of those respondents said they’re either not very or not at all confident that their present security solutions meet their threat detection needs. (Source: CIO and Solutionary)
Looking for help, many leading companies are supplementing their in-house security resources with threat intelligence and security analytics capabilities from managed security service providers. However, finding the right Security-as-a-Service provider is no easy task. Considering managed security providers have access to a company’s most sensitive, mission-critical data, a systematic approach to selecting a provider is critical. Check out these industry best practices when weighing the pros and cons of any Security-as-a-Service provider.
- Customer testimonials- Request references from current customers. Ask direct questions about what it’s like working with the managed security provider daily. Do they simply watch alerts during off hours when your staff is not available? What value-added detection and risk management services do they offer? Do they have someone on their staff with advanced cyber skills, such as forensic experience? What will analytics and business continuity reports look like? Working with a managed security provider will hopefully be a long-term relationship, so asking smart questions upfront is a must.
- Years in the market– While technology startups may introduce new, innovative threat analytics point solutions, it’s important to choose a managed security partner with a track record of sustainability. Your company will be entrusting your most sensitive data to that provider, so they should have proven financials and staying power. Also, a Security-as-as-Service vendor should have the financial backing to invest in new cybersecurity technology over the long term.
- Industry-specific experience– When evaluating providers, find out what specific industry experience the company’s digital protection experts have. While experience in a specific vertical industry is helpful (i.e. a healthcare security management company is an expert in HIPPA compliance), keep in mind that security providers that work with companies across industries may also work towards your advantage. Broad experience gives providers a better perspective on the security landscape. Your provider’s visibility into a range of security threats may give your organization an advantage. In addition, look for a provider with the right training and capabilities. Industry certifications (i.e. Cisco CCNA Security certification) provide a solid benchmark for advanced cyber skills.
- Compliance– An added benefit of working with the right managed security partner is improved compliance management. Because most in-house security teams are somewhat fragmented, consolidating privacy and security data is a huge advantage. A service provider generally sets up a centralized log monitoring and management system with procedures in place that can be validated by an auditor. This approach should give you peace of mind knowing you’re meeting critical privacy standards, such as the Payment Card Industry Data Security Standard (PCI DSS).
- Capabilities and adaptability– Look for managed security partners that offer a wide-range of premium cybersecurity solutions (from various vendors). Also, make sure these tools are interoperable and meet your current infrastructure requirements. This may include services like firewall protection, anti-virus, threat, and vulnerability management, setting up private virtual networks and cloud security, as well as identity access management and experience with Security Information and Event Management (SIEM) solutions. In addition, look for vendors with solid overall risk management experience, including policy, procedure, process, auditing, reporting and training and education. Services like disaster recovery, business continuity, and backup services are also pertinent to an overall risk management strategy.
Selecting the right managed security provider is a challenging task in today’s complex landscape. If you consider your Security-as-a-Service provider as a partner, your company will be in the best position to thwart even the most hazardous cyber threats. Remember, two-way communication between your organization and the provider’s engineers and analysts will also improve the effectiveness of the service over time. Monthly meetings and check-ins about performance will also help to eliminate surprises and keep your security strategy current.