6 Things to Consider when Selecting an MSSP

LIFARS question and answers session with cyber security experts, Where,who,when,how,why,what

For many organizations, it’s not cost-efficient to have an internal IT team trained to provide cybersecurity. This is due to the fact that the internal security team is often under-utilized and costly to maintain. Instead, what many businesses opt for is a Managed Security Service Provider (MSSP) that can effectively handle the security tasks necessary to keep the business secure and running smoothly, often for a fraction of the price of an in-house team and with better results. That is, however, only if your organization selects the right MSSP.

To help you make an informed decision, we have compiled this list of six points to consider when selecting an MSSP for your organization:

  1. Quality of service – Organizations have to decide if they want a cybersecurity “supermarket service provider” or a boutique, higher-end outfit – this will also determine the level of service you will be getting along with the quality and personal involvement of provided professionals. Fortune 100 is now looking more into boutique, even more expensive outfits that can provide very close, personal connections. Security is a matter of trust and executing on promised delivery with high quality and deep detailed precision is expected. Security supermarkets struggle to deliver higher-end service, therefore the smaller outfits got room to play now.
  2. Elite team – Review bios and involved professionals, not just the name of the firm. You do not have to go deep, but simply a good name does not guarantee that the professionals working on your particular case are of high quality. Have everyone’s bio and interview some of the members that will be working directly with your company. You want a team of professionals who want to be rock stars of tomorrow, and are willing to prove it. Hiring rock stars might not be the way to go if you are on a tighter budget, but if you go with rising stars you might be able get rock star-type professionals for less.
  3. Due diligence on firm reputation – Ask their clients, Google, friends, and anyone that knows the cybersecurity firm in question. What they liked, what they did not like, what was outstanding, the Pros and Cons. The Internet is your big friend here, since we live in era of sharing our dreams and any thoughts or opinions.
  4. Financials – Be sure the pricing is correct, although fluctuations are now around 50% on the market. Ensure that you know what you are paying for and what is/is not included. Read the contract carefully.
  5. Insurance – Review insurance from provider, especially General Liability and Errors and Omissions. Contractual obligations and delivery under contract.
  6. Your feeling – if your instincts about the proposed services and team tell you otherwise, do not engage – instincts can go a long way.

If you give each of the above points a close consideration, you are almost certainly going to be very satisfied with your choice of MSSP.

Have you already used an MSSP or have any further questions about selecting the right one for your organization? Leave us a comment below, or contact us via email.