Managed security service providers (MSSPs) specialize in making enterprise-class security services affordable for small to midsized companies. Instead of paying for in house security service management, companies can now receive first rate security management in a variety IT security disciplines at a much lower price, such as antivirus management, firewall management, intrusion detection and prevention, system configuration and management and virtual private networks. While almost all companies need security management services, the degree to which they benefit from implementing IT services depends on the benefits they hope to achieve. For example, companies that use MSSPs in order to reduce staff size typically benefit from employing a range of managed services, while companies that are interested in achieving best-of-class expertise in a particular area benefit by making their service needs more isolated. Regardless of what determines your company’s need for IT consulting management, you have to remember one thing: the degree to which your company will benefit from IT consulting management depends largely on the quality of an IT services provider. With this in mind, there are three questions that you should ask of IT consulting firms before you trust them with your company’s security needs.
How many Clients does a Firm have and what are its Financials?
While a large number of clients doesn’t necessarily indicate that a firm offers unbeatable quality, it does show that the firm has done well enough with its previous clients to quickly generate new business interest. To get a better perception of an MSSP’s quality of service, it’s a good idea to ask for references that pertain to clients that were once in your position (i.e. company type and security needs). In addition to asking for particular references, it’s also a good idea to ask for a copy of an MSSP’s financials. The last thing that you want is a company that folds before it can fully deliver on its services.
What are a Firm’s Procedures in the Event of a Security Incident?
Although the point of hiring an MSSP is to ensure that security incidents do not happen, most companies eventually experience a security incident, whether from within the company or from without. An experienced MSSP will be able to tell you exactly how it deals with specific security incidents, as well as provide you with anonymous case studies to back up their claims. If you encounter a firm that claims to never experience security incidents, don’t take it as a positive sign. Either the company lacks experience or provides services that don’t work as acutely as they should.
How Do a Firm’s Given References Compare to its Non-Preferred References?
Judging a company’s quality of service by its preferred references is like judging man’s character based on the opinion of his mother. Every company has a group of references that will rant and rave about its services. But in order to get a realistic idea of how well a MSSP satisfies its customers, you need to talk to some of its non-preferred references. If you find that these references offer a vastly different opinion of a company’s performance than do its listed references, you should consider the fact that you may end up becoming a non-preferred reference as well.