Assess your MSP candidates
Finally, roll up your sleeves and realistically assess your MSP candidates. Web sites are good places to start, but beware of obsolete information, marketing spin, and vague descriptions.
You really need to get each vendor on the phone and ask questions like:
- What technologies do you offer? When were the technologies developed?
- When was each security service released, and how many subscribers currently use each service?
- When, why, and how will your security response team contact my firm in the event of an attack?
- How many security operations centers (SOCs) are currently in operation? Where are they located, and are more planned?
- If an SOC goes down, how will my company's security be affected?
- Are your security services standalone, or will they seamlessly integrate for a complete security picture of my firm?
- What security vendors do you partner with to support the range of management services you offer?
- Will your security experts support my existing applications, or does my firm have to conform to your security infrastructure?
- Can we review a services agreement? Can we modify the services agreement to meet our requirements?
- What security measures have you taken within your SOCs and throughout your organisation?
- When did your company open its doors for business? How many security analysts and other staff do you employ? Do you plan to increase staff in the next 12 months?
- Can we call one or two subscribers to discuss their experience with your services?
The way the companies answer your questions can be very telling. If answers are not forthright or are inadequate, move on to the next candidate on your list.
If you're not happy with the answers you get from the companies you contact, don't rush into anything. MSPs are on the bleeding edge of the security market, and you may not be able to find one that's the right match for your organisation today.
That situation may change. The managed security provider market is growing by leaps and bounds. International Data Corporation (IDC) projects the worldwide market for information security services to grow to US$16.5 billion by 2004 from $4.8 billion in 1998.
Until you're comfortable, your company's safety is too important to hand over to any third party.
