3 Questions to Ask When Evaluating Managed Security Service Providers (MSSPs)


With the uptick in phishing attacks, ransomware and headline-grabbing data breaches, many SMBs (small and midsize businesses) are realizing they simply can’t handle security on their own. Instead, they are looking to MSSPs to provide the security expertise, technology and staffing they lack, a trend that’s fueling the growth of the worldwide MSSP market from $14.3 billion in 2014 to nearly $32 billion in 2019 (a CAGR of 17.3%).

It’s no wonder. As more organizations leverage mobile technology, the cloud and Internet of Things (IoT), they also face an ever-growing wave of more sophisticated attacks as internal IT staff and capabilities are stretched to the breaking point. This is why many SMBs are increasingly looking to MSSPs for:

  • Security expertise: Security isn’t a part-time job. With sensitive corporate data residing anywhere from an internal data center, to the cloud to even employee mobile devices, few IT staffers have the breadth and depth of expertise to ensure it all stays secure. Consequently, security is divvied up among several staffers, none of whom have the bandwidth to do the job right. MSSPs, on the other hand, can invest in a variety of staffers, each with their own specific expertise, certifications and toolsets; and leverage them across multiple clients, ensuring all receive the benefits of deep security expertise.
  • Cost savings: Instead of incurring expenses in the security tools, infrastructure and human resources necessary to keep a multi-faceted digital business secure, many SMBs are realizing the cost savings of outsourcing security tasks such as pen-testing, threat intelligence and log monitoring. Paying for these capabilities as a subscription enables you to do more with less.
  • Quick time-to-market: Getting a new data center or IT initiative off the ground is hard enough without first becoming an expert in securing the new infrastructure and applications. Good MSSPs help ensure new initiatives get up running fast without sacrificing security.

Still, organizations must realize that not all MSSPs are created equal. To ensure the MSSP you choose is up to the task, make sure your MSSP has the right:

  • Industry expertise: Outsourcing something as critical as security requires a partner that not only knows security but also the specific threats facing you, your industry and applications. Choosing an MSSP with expertise in your industry ensures you won’t get stuck with plain vanilla capabilities.
  • Collaborative mindset: No one knows your network like you do. Ensure you put the right processes and communications channels in place to keep your MSSP up to speed on what “normal” looks like so it has the context it needs to evaluate alerts quickly and effectively. Ensure it knows which applications and business units are most sensitive, and update this data over time, so it can dial up or back security appropriately.
  • Accountability: Confirm whether the MSSP you contract with is the same entity providing the work. Unfortunately, many MSSPs have been known to chase profits by signing up new customers and then offloading the job to third parties. All too often, critical tasks are passed off to an offshore company with little insight into your business or priorities. You’re stuck dealing with a middleman — leaving you less, not more, secure.

neteffect technologies can help you navigate the pros and cons of technology and security outsourcing. Call us at 704-688-7170.