Creating a Successful Relationship with a MSSP
If you outsource network security to a managed security services provider (MSSP), do they know the right thing to do for your business when they respond to a security incident?
"Well, of course they should know," you might think. "After all, they're supposed to be the experts, right?"
Experts in security, yes, but experts in the unique issues and conditions for your business today? Probably not.
Using the security as a service (SaaS) offerings of a provider like MegaPath doesn't mean you get a "I won't have to do or worry about a thing" type of relationship. Instead, making this relationship successful for your business needs your involvement, both initially and when responding to an incident.
Initially, take the time to spell out notification and escalation procedures so the provider knows how to respond to an event, and at what levels; and in turn, you know what to expect for alerts and actions from the provider.
When responding to security incidents, a managed services provider may not have the luxury of knowing your business priorities and day-to-day issues as well as internal staff, so expecting them to make the most appropriate response without getting sufficient insight from you would be shortsighted.
Be prepared to participate in the incident response activity by working with the MSSP to identify appropriate responses based on your business priorities in that particular situation. For example, a retailer wouldn't want to completely shut off its Internet connection in response to a distributed denial of service attack that occurs during the holiday buying season. With this kind of advance preparation, you can work with your security services provider to respond as a team, without wasting time determining who is the authority and response owner, and how to coordinate response activity.
Question of the day: What do you think makes for a successful relationship with a managed services provider?