Are you preparing to provide managed services to help or increase your security team? You’re not alone: 62% of organizations say they plan to outsource some or all of their IT security functions in 2022, according to Foundry Study of security priorities for 2021.
Before embarking on this journey, it is wise to gather your requirements and think about the services you want from a managed security service provider (MSSP).
There are several key considerations when choosing your service provider, including: MSSP’s experience, the types of support and services they offer, and how their service level agreements are structured. You will also want to know the specific areas of MSSP expertise and how they correlate with your needs.
In addition, small and medium-sized enterprises (SMEs) need to pay attention to several factors when assessing their potential partner. When you have a small IT staff, you will need to trust that MSSP is able to handle:
- Business Continuity: How well does the service provider protect you from different types of business interruptions? Servers, software and cloud services are subject to disruptions and people make mistakes. Ask MSSP if they have a disaster recovery site and a strategy for damage to their infrastructure or human error. Also find out if they have insurance to cover potential liabilities.
- Self-defense: The security of third parties and suppliers is crucial, especially in light of cyberattacks that affect the entire supply chain. How does MSSP protect itself and your data from compromise, theft or encryption? What best practices or solutions do they use to protect their own infrastructure? Do they have storage and transfer encryption mechanisms? How do they handle access control and multi-factor authentication?
- Data Access: You need to be able to get your data quickly when you need it. Find out how access to your data is regulated and what level of control you will have over your data? Also ask if there are self-service options that give you more and faster control.
The steps that SMEs need to take to prepare internally
Data is the lifeblood of your organization, so in addition to accessibility, ensure that you and your MSSP have a sufficient data protection plan.
“We recommend five vectors around data protection,” said Alex Ruslyakov, head of the Acronis channel. “The first is that organizations should always keep a copy of their data for recovery in the event of a security incident.
The other four:
- Access to data anywhere and anytime
- Control data with visibility of their location and use
- Authenticity of the data: proof that the copy is an exact copy of the original
- Multiple layers of security for hermetic data protection against bad participants
Although no provider or service provider can claim 100% protection against cyber attacks, the right MSSP has a plan for this when an incident occurs, Ruslyakov said. Ask about their recovery strategy and how they ensure that the recovered data is not compromised / infected.
Lastly, it is important to have visibility into what you are paying for. What level of detail can you expect in your invoice? Can MSSP confirm the use for which you are charged?
The proven experience of the service provider and the use of best-in-class technology is very important to establish confidence that MSSP can meet your security needs. However, SMEs also need to go into detail to ensure that their data and business are protected.
From applications to infrastructure, click here to see how Acronis can help your organization fill security gaps and protect your business.
Copyright © 2022 IDG Communications, Inc.