FEATURE: CYBERSECURITY
//////////////////////////////////////////////////////////////////////////
Permissions and accountability: To
successfully deliver security services, MSSPs
will almost definitely need to login to the
client’s environment remotely. CIOs must
therefore consider what kind of visibility
they can expect their MSSP to require and
whether they can provide records of their
access. Also, CIOs must have a clear picture
of what their MSSP’s resources are doing
and when
KPIs: As an MSSP is an external provider,
CIOs need to have a well-defined method of
monitoring the quality and effectiveness of
their services. This means ensuring the MSSP
can provide KPIs, incident reports, weekly/
monthly reports and customer portals that
matches business requirements
Consistency: All humans are different
and so too are the security analysts
delivering the service. But a varied service
experience is not a desirable characteristic
in managed services. CIOs must therefore
understand what measures/technology
their MSSP has in place to ensure all
security incidents are handled with quality
and consistency
Technology integrations: Businesses get
better results when things work together.
CIOs must determine how their MSS
partner enables technologies to talk to
each other to share intelligence and enable
orchestrated actions
Harish Chib, Vice President, Middle East and
HARISH CHIB, VICE
Africa,
Sophos
PRESIDENT,
MIDDLE EAST AND
AFRICA, SOPHOS
The role of an MSSP has become more
ingrained and pivotal to many SMBs, where
the MSSP can sometimes even rise to the
level of a virtual CIO for some clients. The
word ‘virtual’ is the key when discussing
next-gen MSPs.
Harish Chib,
Vice President,
Middle East and
Africa, Sophos
• Which can act as a virtual CIO
A good MSSP will be able to provide both
the high-level and user-level guidance for
your needs, acting as a resource for the
answers, software, hardware and more
• Which is always available
Organisations are no longer tied to one
machine, one server or one location and
their corresponding IT security needs have
increased accordingly. MSSPs should meet
these needs by being constantly available,
wherever and whenever – through a SaaS-
based management console. They should
have the right tools which give you the
flexibility that matches your mobile needs
• Which is a proven security provider
A proven security provider ensures his
tools provide top of the line security and
protection. You are able to offer secure,
uninterrupted service to your stakeholders
because you’ve got them covered against
outside threats. The MSSP should be
working with the right vendors who can
provide next-generation security that can
combat known and unknown threats.
An MSSP can be the first and last line of
defence against cyberthreats
On-site visits and standard set business
hours are no longer enough – organisations
need and expect their MSSP support to be
available on-demand, 24/7. Rajpreet
Kaur, Senior KAUR,
Research
Analyst, at
RAJPREET
SENIOR
Gartner
RESEARCH ANALYST, AT GARTNER
Organisations should choose an MSSP that
matches their growing need for security and
business. They should choose an MSSP who
is adapting itself according to the changing
needs. Choose an MSSP: • Clearly list the security services
requirements you have
• Outline them into deliverables
• Analyse the capabilities of your in-
house team
60
INTELLIGENTCIO
• Decide the type of model you are looking
for to utilise the MSSP – an outsourced
model or a hybrid model (which will also
involve your team)
• Design a clear scope of work
• Discuss the type of MSS partner suitable
for you, as discussed before – an evolving
mid-sized player, an international player
or established local player
• If you are open to all the above,
get responses from one player from
each category
• Once you’ve checked the deliverables and
pricing, make a final call on selecting the
best provider for you n
Rajpreet Kaur, Senior Research Analyst,
at Gartner
www.intelligentcio.com