What To Look For In A Managed Security Provider - Page 4
Security-Readiness of Your Provider's Own Network
One can think of an MSP as a highly-specialized Application Service Provider (ASP). As such, you should expect an MSP to employ the same--or better--in-house security practices you'd expect from any ASP. Ian Poynter and Dianna Kelley offered excellent advice on this topic in their Insight column, "Ten Things To Ask Your ASP". Among the questions they recommend asking: Is your ASP's facility physically secure? Has the ASP's architecture and code been independently reviewed? What is the ASP's disaster recovery plan? How does the ASP safeguard your information from other customers and its own employees? Make sure that, while your MSP is guarding customer networks, it doesn't leave a NOC "back door" open to attack.
Fortune 500 companies who already outsource IT operations may look to these existing outsourcers for integrated network security services. Similarly, business-grade network service providers like Sprint and MCI/WorldCom may be the first place their subscribers will look to "add" outsourced security. But, as a Forrester Research brief suggests, companies should also consider MSPs like ISS eServices that specialize in security: "Look to suppliers that have a strong track record [and] live or die on the business." Finding the right MSP isn't simple, but knowing what questions to ask can help get you started.