Recent research has indicated that businesses are moving further towards the use of MSSPs, recognising they can be a helping hand towards enhancing their IT security. Yasser Zeineldin, CEO of eHosting DataFort, offers some best practice advice for CISOs when assessing which MSSP to use.
In an increasingly connected world, the cybersecurity threat landscape is constantly changing. Additionally, hackers are using more sophisticated tactics. To counter this situation more organisations are turning to managed security service providers (MSSP) to tackle their cybersecurity needs to build on their security needs and help protect their networks and data.
To have an effective strategy while working with MSSPs, companies must evaluate and conduct risk assessments to ensure that get the best out of their service providers.
Primarily, organisations must ascertain the level of understanding of their business model by the MSSP who must be in a position to implement the right services and solutions. Assessment of a 360 degree approach to security must cover the whole range of technology, including hardware, software and regular updating. Other best practices include evaluation of the strength of their disaster recovery, back-up and business continuity processes.
Simultaneously, MSSPs must be appraised for their policies on risk management, skills training, processes and systems and their compliance with industry standards and certifications. A crucial addition would be the assessment of the security skills team that will be tackling the day to day workings and ensure 24×7 availability. Lastly, the service level agreements drawn up must clearly outline the services and implementation along, and the processes and systems that will ensure quick response to any requests and issues.
However, overriding all the practices, organisations must have a top down approach where the management must be involved in their security focus and it must not be left to just the workings of the IT service provider or the internal IT department.