Experts advise the following before signing over your secure operations to a managed security service provider (MSSP):
• Get a clue. Before you start thinking about whos going to be managing your security, decide what theyre going to be managing. Your firewall, intrusion detection, virtual private network, anti-virus, e-mail scanning and authentication are all pieces of the pie, and the baker you choose should be the best at cooking the particular piece(s) you want managed.
• Get a friend. Not Gus, the opinionated guy you always bump into at the supermarket, but someone who knows the difference between a router and a switch.
• Getting to know you. Pretend your MSSP is your babysitter. Check it out. Ask for references. Find out if it has a record. Go to its data center, and get it to show you just how it handles the drastic spills and emergencies that can happen.
• Get the contract. If only all relationships could begin with a service-level agreement. “I agree to be on time for our dates 99.999 percent of the time, and I promise you are right at least 50 percent of the time.” Your SLA should explain exactly what is being managed, how its being managed, and give you the right to have third-party consultants case the joint.
• Get some money. The difference between $2.50 and $5 is usually a light domestic beer versus a smooth-tasting, full-bodied import. In the case of your datas security, more money usually means the people watching your network are better experts making more money. That means they are less likely to fall asleep while working for you.
