3 security attributes to look for in a managed service provider
How organisations can ensure their managed service provider delivers on cloud security
Short of time?
With eight in ten of the biggest British businesses having suffered a serious cyber attack (according to GCHQ), organisations are acutely aware that the risks to their online services and data are today greater than ever – and growing fast.
As more businesses move their technology estate to the cloud, they need to be confident their technology partners can really deliver on cloud security – with the experience and depth to protect them better than they ever could themselves.
Traditionally, businesses have been skeptical when it comes to the security of cloud services. For most IT decision makers, the fear of moving to cloud technology is centered on a ‘loss of control’, with a Vanson Bourne survey suggesting 84% of UK CIOs worry that cloud causes them to lose control over IT.
>See also: 5 must-haves for managed service providers
The role of a managed service providers (MSP) is not only to deliver high-performance cloud-based technology services, but also to evidence and demonstrate that their approach to security and compliance is robust, scalable and perpetually fit for purpose.
When it comes to evaluating a provider’s capabilities, certifications clearly go a long way to building credibility – from business standards (e.g. ISO) through to technology (Cyber Essentials Plus) or sector (PCI DSS, HIPAA, Government) specific.
But it is also to a large extent about a holistic approach to security – an attitude. There are three key attributes organisations should look for in a MSP from a security perspective.
1. Understands the threat landscape
MSPs need to maintain an extraordinary understanding of the needs and requirements of your business and demonstrate the right level of knowledge and expertise to protect your systems and services.
Good MSPs need to look further than a simple summary of potential threats and a review of past incidents and concerns to the wider living global threat landscape, and consider its specific relevance and impact to you.
They must have detailed knowledge of the risk profile of your business and market, and understand who your staff, customers and other users are to accurately profile potential vulnerabilities.
A combination of current security intelligence and experience is vital if an MSP is to deliver a security service with sufficient detail and depth.
2. Shares responsibility
To define and deliver the optimal level of security, MSPs need to work very collaboratively with customers. This typically starts with CIOs and IT teams but ultimately cascades across the customer’s business.
Cloud security is a shared responsibility and to be at its most effective, it is crucial for organisations and MSPs to collaborate and cooperate.
Working with an MSP that can clearly define where responsibilities lie and help an organisation deliver end-to-end security and compliance without unnecessary overlap or, even worse, gaps, is vital.
3. Plays well with others
As the cloud market continues to expand, businesses increasingly find themselves working with more than one provider in order to meet their technology needs.
MSPs must have a proven ability to collaborate with your other cloud partners (other MSPs, SaaS providers, etc.) to maintain a consistent level of security, or offer a more integrated approach that allows customers to work through a single cloud integrator who manages the ecosystem relationships.
Managed correctly, the cloud can provide a perfectly secure environment to help support businesses. By partnering with the correct MSP, CIOs can be sure that any threats to data are detected, diagnosed, reported and ultimately remediated.
Sourced from Kevin Linsell, director of strategy and architecture, Adapt