Do you need an MSP?
To decide whether you need an MSP, assess your firm's current state of security protection.
What online threats does your firm face and what internal resources do you have available to manage protection? Evaluate how well threats have been dealt with in the past. Does your internal security management staff work on a reactive basis?
If you can't get your hands on a monthly security status report that contains breach statistics, types of security patches applied, software updates installed, and new software installations completed, then outsourcing could be a good option.
Once you've decided to outsource your security management, you can begin assessing MSPs and their specific offerings. Develop a quick list of candidates by searching for "managed security services" on Google. Drill down to find out what services each vendor offers, but watch out -- many MSPs are so new that the services they describe on their Web sites are not yet available.
Do you want such a start-up, or is a subsidiary of a brand-name company a better bet? In general, the former have fewer bureaucratic limits to innovation, while the latter often must drag "mother ship" policies into each new initiative.
