Strategy: How to Get Your MSSP In Line With Expectations

Dec 20, 2012


Strategy: How to Get Your MSSP In Line With Expectations

MSSPs can be an effective addition to your security portfolio, or they can be a real drag on your operations. For most companies, the reality of working with a managed security service provider is somewhere in the middle.

Any managed service provider should lift at least some cost and effort burden from IT ­professionals’ shoulders. In a perfect world, an MSP meets all service-level requirements, ­follows escalation procedures to the letter and provides five nines (at least) of uptime. Of course, some of your providers will be better than others at meeting these goals. Should you cut all ties with providers that aren’t even close? Perhaps, but sometimes it’s hard to tell where they — and your organization as a result — stand.

Some security service providers promise the moon to get your business, then disappear after you’ve signed the contract. Others almost — but don’t quite — meet service-level ­agreements. Some providers will be up front when they have dropped the ball, while ­others hope you don’t find out, setting the IT department up for a doozy of a blindside.

There’s an art to managing security service providers after the deal is done. In this report, we offer some methods for assessing your MSSP’s performance in a variety of areas and ­provide recommendations for what to do if it’s not meeting expectations — especially ­contractual expectations. (S6311212)

Research Report