If you’re entering the market for a new managed security service provider (MSSP), you’re not alone. The demand for security partners has grown nearly 20% each year since 2017 and is expected to continue this trend well into 2022, according to a new report. The rapid growth in this space has ushered in a flood of new MSSPs with varying degrees of competency.
It’s true, there are many great companies that have been providing security services for a decade or longer but the rapid growth in the industry has also allowed a lot of shoddy upstarts to survive despite providing seemingly valueless “security” to clients that put their trust in them. So how can you find a good MSSP for your business?
Here are 6 questions to ask a prospective managed security service provider:
#1. Do you provide assessments?
Assessments are a common offering from legitimate MSSPs before any solution or service is sold. If an MSSP is rushing to sell you a service and they haven’t even performed and assessment of your business and network, how can they possibly know what your needs are? Security providers often charge prospective clients for a preliminary assessment before they even start talking business. An engineer will use network scanning technology to identify any major red flags and deliver prioritized recommendations to your company. Twinstate Technologies offers many different assessments including a free dark web scan and report.
#2. What are you trying to protect for my organization?
Think about what’s really important to you. What data and what assets are you really trying to protect at your organization? What are your crown jewels, your company secrets that must be protected? Find out if the security partner you’re evaluating can truly protect what you hold valuable or do they just want to throw a firewall on your network and call it a day?
#3. What are the relevant threats my company faces?
If you’ve already made a list of your most valuable assets, now it’s time to think about who are you afraid of? Who’s the biggest threat to your company -- is it contractors, competition, groups overseas, nation-state sponsored attacks or is it threats closer to home? Is it your employees with access to all your company documents or third-parties you trust to handle processing your data? Until you know who you need to be protected from, your security provider won’t be able to protect you to the best of their ability.
#4. What’s the average tenure of your employees and what certifications do they hold?
The shortage of IT talent is one of the top emerging risks facing organizations. Hiring the right people internally to secure your business is a significant challenge. That’s likely part of the reason you’re looking for an MSSP. Find out what certifications their staff have and how often the go through training and education programs. Some of the most prestigious certifications to look for are the GSLC, GISP, CISSP, and GCIA. Not to brag but Twinstate Technologies holds an astounding number of certifications.
#5. Do you provide reports? What kind and how often?
Request a sample report as well as walk through of the information that is being reported on. Keep in mind, for compliance reasons you may need to have certain reports conducted periodically so ask about the frequency of reporting too.
#6. How confident are you in your ability to respond before data is compromised?
If you’re looking for a new MSSP, they should be monitoring your environment 24x7 and ready to respond at a moment's notice. You want to find a security who can reduce both the likelihood of a successful attack on your business as well as minimize the impact of any successful attacks or malicious activities. Many providers, including Twinstate Technologies, offer strict service level agreements that they adhere to. If you have a serious outage we will respond within 2 hours.
Work with the professionals.
For a guided experience, you can work with our experts to find the right managed security services from Twinstate Technologies for you. Tell us about your company, get advice , explore plans, and receive hands-on service.