Partner View

Selecting a Managed Security Services Provider

Look for a provider that can deliver an end-to-end view across the network.

Not long ago, an IT security professional's worst nightmare was that some bored 16-year-old might try to break into the company's systems. Today, the world is significantly more complicated, thanks to both the rise of hacking for profit and the increase in complex regulatory mandates that further stress IT infrastructures.

Every IT organization faces the challenge of how to best implement a security program that protects critical information assets from potentially devastating breaches while delivering the tools that business units need to address risk- and compliance-management requirements. Many companies are turning to managed security services providers (MSSPs) to help them strike the right balance in managing IT risk. Following are three important criteria to consider when evaluating an MSSP:

1. Broad technical knowledge and ability to collaborate.
It's no longer enough to just protect the perimeter. Mitigating IT risk requires that an MSSP have high-level technical expertise. A few years ago, a network outage typically indicated that there was probably something physically wrong with the network. Today, such outages can be caused by viruses, worms or other security problems, as well as possible hardware failures. So it's critical that your MSSP be able to quickly diagnose both traditional IT issues and security problems. Also, developing an effective risk-management program requires the MSSP to work closely with your internal IT organization, so it's best to choose a provider committed to such collaboration.

2. Business understanding and ability to develop anti-threat procedures.
As potential threats increase, your infrastructure's security strategy must evolve as well. Your MSSP should understand your business requirements and adequately monitor, analyze and respond to all security-related incidents and still ensure compliance with service level agreements. In addition, as new requirements evolve in the face of competition and government regulations, your MSSP must be able to expand beyond traditional IT security issues to meet the business' areas of concern. An effective IT risk-management program can minimize financial risk by taking proactive action to:

  • Maximize operational integrity (by reducing potential IT inefficiencies such as unavailable or poorly performing systems).
  • Ensure regulatory compliance (by implementing IT programs that comply with numerous government and industry mandates).
  • Preserve brand integrity (by showing that sensitive or confidential IT assets are protected from security breaches).
  • Support legal action (by retaining IT security data and being able to provide audits on demand).

3. Ability to combine, correlate and analyze IT data.
In today's fast-changing environment, it's imperative that you have a useful, holistic picture of IT-related business risk. So look for an MSSP that can leverage all the data at its disposal rather than just cobbling together point solutions that only solve part of the problem.

Progressive MSSPs typically use consolidated data models that provide a wealth of critical information, including system-configuration and asset-state snapshots and performance, vulnerability and threat data. Ultimately, your MSSP should be able to unify and correlate data from disparate IT silos across the application, network and server layers to present a single end-to-end view of your risk-, security- and compliance-management status. That view will, in turn, help you improve efficiency, reduce downtime, cut total cost of ownership and increase accountability, among other benefits.

About the Author

Rob Aragao is director of systems engineering and services for eIQNetworks Inc. (www.eiqnetworks.com), an Acton, Mass.-based provider of security information management solutions.

Featured

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.

  • Microsoft Brings Copilot AI Into Viva Engage

    Microsoft 365 Copilot in Viva Engage is now generally available, extending Copilot's AI-powered assistant capabilities deeper into the Viva platform.

  • MIT Finds Only 1 in 20 AI Investments Translate into ROI

    Despite pouring billions into generative AI technologies, 95 percent of businesses have yet to see any measurable return on investment.

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.