subject: Managed Security Services: How To Partner With A Managed Security Provider [print this page] Given the many benefits, outsourcing managed security services presents a viable alternative to using in-house resources. Once a company completes the outsourcing analysis, the next hurdle is selecting the best partner. Vendor selection requires the same amount of careful consideration and thorough evaluation. Selecting the wrong vendor will defeat the purpose of outsourcing and cause significant turmoil within an IT operation.
Key Selection Criteria
Several criteria should be used during a company"s vendor selection process. These deciding factors include the following:
Industry Experience. How familiar is a prospective vendor with the nuances of a company"s industry? How many similar organizations has the vendor served? Do they understand regulatory requirements? Are they well versed in industry best practices?
A managed security services provider should be able to demonstrate applicable experience within a business" industry. For example, if a healthcare organization decides to outsource security functions, its provider must be HIPAA-compliant. In addition, potential service providers must have expertise and experience in their customers" specific technologies.
Customized Solutions. Does a potential managed security services vendor provide a "one-size-fits-all" solution? Is the service provider invested in understanding customer businesses?
The best service provider match will be one with a tailored solution. A good partner will create a security program addressing specific business requirements. The program will minimize risks and further business goals in the context of the specific environment. In addition, a service provider"s security program will incorporate the proper priorities established in conjunction with business objectives.
Background and Reputation. What are the hiring practices of a prospective vendor and do they perform background checks on their employees? Are they certified and have other third party endorsements? Who will have access to a company"s information?
A managed security services provider"s background and reputation is just as important as their technical expertise. A company"s network security in the wrong hands could have devastating effects.
Learning how long the company has been in business and their track record will help alleviate any issues down the road. Selecting the most stable service provider helps ensure a partnership will last well into the future.
Employee Training. Does a managed security services vendor hire only seasoned professionals? What qualifications do technical employees have? What"s their real-world experience level?
When outsourcing, businesses must have access to the highest caliber of technical talent available for their budget. Evaluating a service provider at the company level is important. However, businesses need to drill down to the qualifications of a service provider"s employees.
Additionally, companies should inquire about ongoing training programs the service provider requires for its employees. And, it"s important to determine how a service provider assesses the expertise level of its technical employees.
Responsiveness. The whole point in outsourcing managed security services is to do it better and more economically than can be done in-house. Therefore, a vendor should offer rapid response times to provide maximum protection to the enterprise"s data. Potential service providers should be able to demonstrate response times through established processes.
In addition, businesses should verify claims of 24/7/365 operations. Is the service provider"s data center designed for the necessary scalability a business needs? Does the service provider have the same level of resources in its facilities around-the-clock?
And, how does the vendor respond to natural disasters and power outages? What processes are in place to ensure continual operations?
How to Build the Best Partnership
Selecting a managed security services provider is a major step in the outsourcing model. To produce a successful partnership for the long-term, a company must proactively manage the vendor relationship.
Important tasks in developing a strong vendor partnership include the following:
"Businesses should share their strategic goals with their vendor. Then, a vendor can focus on these goals and help a company achieve these strategic objectives.
"A company needs to discuss what"s most important in terms of managed security services. For example, is PCI or HIPPA compliance a business" priority?
"Companies must be willing to share network configuration details, topology drawings, reports on past security issues and corporate policies with their security vendor. To provide the most value, a managed security services provider must thoroughly understand all aspects of a customer"s business and technology infrastructure.
"Establishing clear lines of communication between the vendor and the business is critical. A single point of contact is often the best way to accomplish this.
Outsourcing security provides many business benefits. However, it also takes significant effort to select the right vendor and build a successful partnership. By actively managing the partnership, a business can reap the many rewards of outsourcing, and maintain a win-win relationship for the long-term.
