The right MSSP can bring a variety of specialized skills and tools to the table that you would otherwise lack the time, budget, and resources to develop in-house.
For small businesses, that can be especially appealing. Not only are they becoming increasingly popular targets for cyber attacks (60% of all targeted attacks strike SMBs), they're also far less likey to be fully equiped to deal with them.
Is getting outside help the answer for you? Possibly. But before you even think about outsourcing, you need to develop your own clear idea of what it is you’re actually looking for help with in the first place.
You’re not ready for outsourcing if…
You aren't able to clearly articulate your problem or goal.
You don’t know what it is exactly that you're trying to secure.
You don’t have someone on board to actively own and manage the relationship.
Our Chief Scientist Ryan Berg suggests going into any early discussion with a MSSP with a clear agenda and list of needs.
"Companies need to be very careful not to give outsourcers the impression that they don’t know what they need," Ryan says. "The reality is many of them will see dollar signs and may guide you to toward the solutions that are easiest for them to implement, but aren’t actually the solutions that best fit your needs."
The best approach to outsourcing requires plenty of forethought and planning in advance. That's why we're sharing a list of tips to guide your discussions and help you effectively screen MSSPs before you make the relationship official.
10 Key Criteria for Choosing the Right MSSP
Find out whether they’ve worked with comparable companies that are similar to you in size, stage, and/or industry.
Review their standards, policies, and procedures carefully.
Make sure all requirements and responsibilities will be documented in service level agreements and/or statements of work.
Determine who on their side will be owning your account and what your level of interaction will be (you don’t want to go into a partnership expecting access to the Principal only to find out later that’s not the case).
Have clear milestones and deliveries to checkpoint progress against the SLA along the way.
Understand what type of access to internal resources will be necessary and make sure you have everything available before they show up the first day.
Understand any reseller agreements they have in place.
Get a clear understanding of their financials. The last thing you need is a company in poor financial position willing to say yes to everything simply because they need the work.
Have an exit strategy for if/when you want to stop using their services.
Outsourcing Security Still Requires a Commitment
MSSPs can be fantastic partners for companies looking to improve their security. Just remember, no one outside your business is going to value your business as much as you do.
When you outsource aspects of your company’s security you are putting your safety and success in their hands. You may pay for a level of professionalism, but when it comes down to it, you ultimately own the security of your organization.
If a security incident happens it will be your name in the news, not your outsourced provider's. That's why it's so important to choose your partners carefully. Like any serious relationship, to succeed, you need to invest in plenty of open discussion so you can establish clarity, confidence, and trust.