InsideUp Computer Security Sourcing Blog
Tips on Finding and Managing Computer Security Services.

How to Choose a Managed Business Internet Security Provider

Sep 23, 2011

By:  InsideUp

Working with a business internet security service provider (MSSP) can give your company customized protection against a wide variety of threats, plus guidance for dealing with the most complex attacks.

The first step in choosing a business internet security provider is to know your objectives and reasons for outsourcing your network security. Then you can begin the process of finding a provider that is well matched for your company.

Look for a service provider with an excellent reputation. Ask trusted vendors, telcos, or security service providers about managed security services. Make sure you’re working with someone who understands your environment and with whom you have a level of trust. A legitimate MSSP will have a valid SSL (Secure Sockets Layer) certification. This also ensures validity for your e-commerce website; a valid SSL certificate protects your company’s sensitive data as well as your customers’ personal information.

Try to find a company that can align its security activities with your organization’s unique business goals. You should have access to the information you need on a regular basis. A good MSSP will enable you, for example, to view the change requests to a firewall at any time. If you need to know the number of security incidents by level of security, or by classification, you should be able to view this information immediately.

Pricing has always been a key factor in selecting a managed services provider. The good news is that the cost of managed computer security has decreased in recent years. As with any outsourced services, it is always wise to weigh cost considerations against the quality of services provided.

Find out where your provider’s security operations centers are. An MSSP with locations in multiple regions can hire analysts in Australia, for example, to work a day shift and still support American clients during U.S. off-hours. However, some MSSPs may claim to have an SOC in a particular country, but still be transferring data back to another location for additional analysis and monitoring.

Choose a company that has dashboards for reporting and compliance. The capability to provide not only the operational status but also a complete picture of areas such as regulatory compliance, incident management, and tracking service-level agreements has become one of the key differentiators for an experienced MSSP.

Ask about integration with your existing infrastructure; the backend technologies of some MSSPs may not integrate well with your own environment. You can avoid being tied into a provider’s “preferred solutions” by inquiring about the company’s partnerships and existing technologies.

Finally, be sure you have solid service-level agreement in place. Both parties should have a clear understanding of the level of service that will be provided. As you develop a relationship with a provider, always retain your authority regarding strategic functions and policies. Even with the services of an MSSP, you are ultimately responsible for the security of your system, and will need to have a good understanding of your environment and its requirements. Choosing a computer security provider is undoubtedly complicated. Make it easier on yourself by answering a few questions, and instantly have top MSSPs compete for your business.