Partner View

Selecting a Managed Security Services Provider

Look for a provider that can deliver an end-to-end view across the network.

Not long ago, an IT security professional's worst nightmare was that some bored 16-year-old might try to break into the company's systems. Today, the world is significantly more complicated, thanks to both the rise of hacking for profit and the increase in complex regulatory mandates that further stress IT infrastructures.

Every IT organization faces the challenge of how to best implement a security program that protects critical information assets from potentially devastating breaches while delivering the tools that business units need to address risk- and compliance-management requirements. Many companies are turning to managed security services providers (MSSPs) to help them strike the right balance in managing IT risk. Following are three important criteria to consider when evaluating an MSSP:

1. Broad technical knowledge and ability to collaborate.
It's no longer enough to just protect the perimeter. Mitigating IT risk requires that an MSSP have high-level technical expertise. A few years ago, a network outage typically indicated that there was probably something physically wrong with the network. Today, such outages can be caused by viruses, worms or other security problems, as well as possible hardware failures. So it's critical that your MSSP be able to quickly diagnose both traditional IT issues and security problems. Also, developing an effective risk-management program requires the MSSP to work closely with your internal IT organization, so it's best to choose a provider committed to such collaboration.

2. Business understanding and ability to develop anti-threat procedures.
As potential threats increase, your infrastructure's security strategy must evolve as well. Your MSSP should understand your business requirements and adequately monitor, analyze and respond to all security-related incidents and still ensure compliance with service level agreements. In addition, as new requirements evolve in the face of competition and government regulations, your MSSP must be able to expand beyond traditional IT security issues to meet the business' areas of concern. An effective IT risk-management program can minimize financial risk by taking proactive action to:

  • Maximize operational integrity (by reducing potential IT inefficiencies such as unavailable or poorly performing systems).
  • Ensure regulatory compliance (by implementing IT programs that comply with numerous government and industry mandates).
  • Preserve brand integrity (by showing that sensitive or confidential IT assets are protected from security breaches).
  • Support legal action (by retaining IT security data and being able to provide audits on demand).

3. Ability to combine, correlate and analyze IT data.
In today's fast-changing environment, it's imperative that you have a useful, holistic picture of IT-related business risk. So look for an MSSP that can leverage all the data at its disposal rather than just cobbling together point solutions that only solve part of the problem.

Progressive MSSPs typically use consolidated data models that provide a wealth of critical information, including system-configuration and asset-state snapshots and performance, vulnerability and threat data. Ultimately, your MSSP should be able to unify and correlate data from disparate IT silos across the application, network and server layers to present a single end-to-end view of your risk-, security- and compliance-management status. That view will, in turn, help you improve efficiency, reduce downtime, cut total cost of ownership and increase accountability, among other benefits.

About the Author

Rob Aragao is director of systems engineering and services for eIQNetworks Inc. (www.eiqnetworks.com), an Acton, Mass.-based provider of security information management solutions.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.