6 Questions to Ask Before You Hire a Managed Security Services Provider

Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm also

predicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.

It comes as no surprise, then, that organizations are looking to managed security services providers (MSSP) to either augment in-house security teams or provide risk-management services.

“Many organizations don’t have the resources to build out a security operations center (SOC),” says Scott Barlow, vice president of global MSP and cloud alliances at Sophos. “Meanwhile, security is moving at a rapid rate, and it’s tough to do it yourself. With internal IT staff focused on internal needs, companies really need to think about 24-7 security and threat hunting across their network. That’s why we see a lot of co-managed IT and outsourcing tickets going to MSSPs these days.”

An MSSP may be the answer, but businesses should take the time to do their homework before signing on. Here are six essential questions to ask when seeking assistance.

1 – What types of certifications do your staff have?

“There are a lot of certifications out there,” Barlow says. “From CompTIA to (ISC)2, there are many ways security professionals stay up to date on skills and the latest threats. But it is essential that they are up to date on certifications because the industry is constantly evolving.”

It’s important to start by understanding your staff’s full suite of certifications, then determine what’s needed to fill any gaps, Barlow says.

2 – How do you secure on premise and public cloud assets?

Many organizations have assets in the public cloud in addition to on-prem. It is important to determine how your MSSP can secure both. “Public cloud does not mean Microsoft 365,” Barlow says. “It means that if you have workloads in Azure or Google Cloud Platform (GCP), can they confidently assure you that they can secure those assets and data? Ask how.”

3 – Can you support all my needs?

Identifying your internal IT and security needs is paramount. For…