So you’re buying a managed security service
Over the years I’ve worked with a number of organisations who are struggling with an outsourced security monitoring service provider. These relationships can fail for a number of reasons, and it’s not always (or even most often) just the fault of the provider. Yes, there are poor service providers out there, but equally there are naive clients who make poor procurement decisions.
Having been on both sides of the monitoring equation, I thought it might be useful to write down my thoughts on how you, as a potentially procurer of said services, can ensure you do it right.
1. Be clear about your requirement
This is easier if you’re only looking for monitoring of one service (e.g. o365) vs a large procurement effort to monitor all elements of an organisation. Whichever you’re doing, having documented requirements is an important place to start. Example monitoring requirements might include;
- Successful and failed user logins
- Location users connect from
- Password changes, or rests
- Malicious files detected by antivirus
2. Understand what you will be getting from the service provider
Some important questions include;
- What are the providers response times when they detect something suspicious?
- And what information will they give you?
- What sort of scheduled reporting will they do (i.e. weekly summary of activity)?
- Where does their response to an incident stop, and where does your response start?
3. You can outsource the monitoring, but not ownership of the problem
In other words, you can’t just sign a contract and forget about it. You need an informed someone to interface with the service provider, and to review and respond (see the last bullet above) to the alerts they send you. There is no point in security monitoring if you are not able to take action when informed of an issue.
The above are a short set of guidelines, and as I said at the top this is going to be more work if you are looking at a large security monitoring outsourcing project. If you are doing that, and want help, please get in touch. Likewise if you’ve already signed the contract and things aren’t going well, contact us. We’ve helped organisations turn around problematic relationships with providers in the past. And finally, if you’re a small or medium sized company looking for security monitoring of cloud services or websites, get in touch! We have a service just for you.