17 Oct How to Choose the Right MSSP Provider (Top 5 Criteria)
If you have been following our blog for the past few weeks, you will know that we have been focusing on the well-known virtues of third-party managed IT security solutions, otherwise known as managed security services providers (MSSPs).
With a whole variety of solutions and services on offer, from email security to firewall management to authentication services, you are undoubtedly spoilt for choice – not by solution but also by the third party providing it.
[You may also be interested to read “5 Cloud Solutions That You Didn’t Know Existed“]
So what and how to choose?
Take a look at our top 5 criteria for selecting the most suitable MSSP.
1. High Levels of Uptime and Availability
One of the most important factors cited when using a third-party managed or hosted solution, is the level of uptime and availability which is maintained.
Nothing can be more disruptive to your organisations operations than a critical service being unavailable, particularly when you have a lack of control over it.
MSSPs will highlight an average uptime percentage, which is likely to be above 90%. Make sure to compare this with other providers so you can choose the one which gives you highest operational guarantees.
Also, take a look at the compensatory schemes for when service levels go below the expected values. For example, some MSSPs will offer complimentary days on your next subscription as an apology.
2. Relevant Certifications
Aside from uptime, another often cited reason for using MSSP solutions and services, are the specialised skills which the MSSP has at its disposal.
MSSPs have often made sure to become certified in their solutions and services to provide confidence in their offerings.
Having highly competent staff managing those solutions and services assures you that they are configured to high standards, well maintained and that any potential down-time will be reduced to an absolute minimum.
3. A Strong Data Centre
One clear distinction among many an MSSP is whether they have their own data centres or use one of the commercial operators, such as Microsoft Azure or AWS.
In terms of the strength of their solutions and services, I wouldn’t want to assume one is better than the other. However, do question which one suits your organisation strategy best.
For example, consider whether you are a Microsoft aligned organisation and if Azure would be a better choice; or whether the data centres are located in suitable geographical locations.
Using commercial data centres inherits the confidence of the larger brands. However, on the other hand the MSSPs lack of 100% control is perhaps a secondary risk.
[You might also be curious to read “Cloud Hosted Software is more secure than your Data Centre (4 Reasons Why)“]
4. Suitable Pricing Options
This might seem obvious but there are a variety of pricing options in the MSSP world; and some might be less beneficial than others.
Certainly it can be accepted that cloud solutions and MSSP solutions have been a big driver towards greater adoption of subscription pricing. However, does this pricing model really work for you?
We could write an entire blog series on the differences between perpetual and subscription pricing. Yet, consider that when solutions and services are considered over a longer period than 5 years, they are often more expensive as a subscription.
Make sure you scrutinise the pricing against your own usage forecast whilst keeping in mind the ability to grow or shrink the solution as required.
5. Positive Customer Reviews
MSSP’s love to point out which customers consume their services and solutions, and which industries they work in. This is likely to be something which they highlight on their website or other marketing materials.
In particular, ask MSSPs which organisations they work with in a similar industry of field.
Working with an MSSP who is providing a solution to a similar organisation suggests that they are likely to already have a good grip on what your requirements might be; or highlight relevant areas you might not have considered.