Managed security services are becoming a critical part of the managed IT services approach. For those considering managed security for their organization, this blog post discusses some key questions you should be asking a potential service provider.
Four questions to ask a managed security services provider
- Is your company experienced with businesses similar to mine? Experience within your industry is invaluable. This helps ensure the provider understands the applications, regulations, and other factors most relevant to your business. The same goes with business size. A provider that has worked with businesses of your size can better understand your infrastructure and priorities. Do not take for granted that the security services provider has this experience. If the provider claims to have this experience, ask for these types of references. Then, follow up with these references to ask about their experiences with the provider. You would do this for any employee—why not do it for the company you’re paying to keep your IT secure?
- What certifications and training are your employees required to have? The security service provider’s employees are the ones doing the actual work. It is very important to understand their certifications and ongoing training requirements. It is also worth inquiring about their hiring procedures and practices, to help ensure staff is generally trustworthy.
- Can you manage my current infrastructure and security technologies? Some providers of IT security services also rely on revenue from the resale of security platforms, applications, software, etc. There is nothing wrong with this approach, or for you to engage with them as a transactional customer. That said, a managed security services provider should focus primarily on monitoring and managing security technologies as opposed to selling technology.
- What responsibilities does each party have under the arrangement? It is important that your organization and the provider clearly delineate the responsibilities and expectations of each party. You may, for instance, want to understand if the security services provider intends to outsource any components of their operations.
Getting answers to these four questions should be the beginning of a conversation with a potential provider, not the last steps in making a deal. A managed services provider should be stable and trusted. Give the most weight to a provider that answers many of your questions before you ask them, and wants to provide as much information as necessary to make you comfortable.