Choosing an Effective Managed Security Services Partner. An Allstream / Dell SecureWorks White Paper



Similar documents
Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

MANAGED SECURITY SERVICES

Current IBAT Endorsed Services

Symantec Residency and Managed Services

Fortinet s Partner Programme

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Managed Security Service Providers vs. SIEM Product Solutions

$ Drive awareness and increase participation. National account program. Flexible managed Security Solutions for hospitality

Advantages of Managed Security Services versus In-house Security Information Management (SIM)

Information Security Services. Advantages of managed security services vs. in-house security information management (SIM)

How to Develop a Log Management Strategy

Accelerate Private Clouds with an Optimized Network

A Look into the Cloud

Simply Sophisticated. Information Security and Compliance

Focus on your business, not your infrastructure. A buyer s guide to managed infrastructure services.

Vulnerability Management

SUCCESS FACTORS IN SELECTING THE RIGHT TICKETING SYSTEM

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Network Consulting Engineer

How To Protect Your Network From Attack From A Network Security Threat

shaping tomorrow with you Reliable Innovation, Easy Cooperation, Real Value

Enterprise Service Bus 101

Managing Your Data Assets

White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise

BUYER S GUIDE TO ENTERPRISE SOFTWARE SUPPORT

Turn Your Business Vision into Reality with Microsoft Dynamics GP

Turn Your Business Vision into Reality with Microsoft Dynamics GP

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Solving the Security Puzzle

Caretower s SIEM Managed Security Services

Turn Your Business Vision into Reality with Microsoft Dynamics GP

Improving Inside Sales Production with Automation

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor. April 2014

Turn Your Business Vision into Reality with Microsoft Dynamics GP

IBM Global Business Services Microsoft Dynamics CRM solutions from IBM

Simplifying Human Resource Management

Talent Management Leadership in Professional Services Firms

CHOOSING AN INFORMATION SECURITY PARTNER

The Next Generation of Security Leaders

McAfee Security Architectures for the Public Sector

Selecting a Managed Security Services Provider: The 10 most important criteria to consider

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

SS&C Outsourcing Services: Beyond Hosting

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

How To Buy Nitro Security

Migrating from Managing to Coaching

Cisco Remote Management Services for Financial Services

Our Passion for Service Can Make a Difference for You

Comtech Systems Inc.

Rapid Global Business Solutions, Inc. HR MANAGED SERVICES GET BACK TO BUSINESS GERMANY INDIA SINGAPORE MEXICO CHINA

9 Reasons Your Product Needs. Better Analytics. A Visual Guide

Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise

Setting the Record Straight About Cloud-Based Contact Centers

The Numbers Game: An in-depth look at alert management in Europe. security Reimagined

SALES EXECUTION TRENDS 2014

Building a SOC - Staffing

The Ultimate Guide to Customer Relationship Management

Real-Time Security for Active Directory

Your guide to hosted data centres: How to evaluate potential providers

Insurance Industry Expertise

PDQ Tek. PDQpos.com. 760 Veterans Circle; Warminster, PA

Answering Four Core Questions about Practice Valuation

WHITE PAPER BUILDING A BUSINESS CASE FOR PAPERLESS TREASURY SOLUTIONS

Life insurance policy administration: Operate efficiently and capitalize on emerging opportunities.

Cloud-Based Contact Center Infrastructure Market Report

At Eganknight we re the essential link between business and people. EganKnight Culture

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Increase success using business intelligence solutions

THE CLOUD: PROGRESS AND POTENTIAL

Enhanced Enterprise SIP Communication Solutions

PROCUREMENT OUTSOURCING: The 10 Things Companies Really Want to Know

ADP Comprehensive Outsourcing Services

How To Save Your Organization $147,000. Preventing Fraud.

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

Best value security report

How To Manage Log Management

Managed Services. Business Intelligence Solutions

Five Key Considerations for Selecting Cloud Recovery Services

Symantec Control Compliance Suite. Overview

II. Supports the department in implementing the strategy established by management.

Remote Management Services Portfolio Overview

Engagements The Key to Understanding the Customer Journey: What to Measure and Why

Engage Customers with Service Excellence

Client Engagement and Compensation Guide

Best Practices: ERP Vendor Reference-Checking WHITE PAPER. Expandable Software, Inc.

Successful Outsourcing of Data Warehouse Support

Tax Compliance Getting You Down? Atlantax Systems Will Pick You Up.

SAP Managed Services SAP MANAGED SERVICES. Maximizing Performance and Value, Minimizing Risk and Cost

CONTINUOUS LOG MANAGEMENT & MONITORING

Maximize potential with services Efficient managed reconciliation service

The Information Assurance Process: Charting a Path Towards Compliance

Sector-leading support and in-depth expert knowledge

top ten reasons B2B Companies outsource their marketing

Business Continuity protection for SIP trunking service

Right-Sizing Electronic Discovery: The Case For Managed Services. A White Paper

Transcription:

Choosing an Effective Managed Security Services Partner An Allstream / Dell SecureWorks White Paper

2 Managed Security and Consulting services can deliver strong value to your security program. A Managed Security Services Provider can enhance your security posture, improve security operations efficiency, facilitate compliance efforts and reduce overall security program costs. Choosing the right Managed Security Services Partner is critical to maximizing the value you gain from the relationship. With many providers to choose from, finding the right partner for your enterprise can be a difficult proposition. Once you create a shortlist of vendors that offer the Managed Security or Consulting Services you need, differentiating one from the other is where the challenge begins. The following outlines some of the factors you should consider when determining which provider will deliver the most value for your enterprise. At a high level, these factors fall under three areas: Passion, Expertise and Trust. These areas may seem intangible at first, but each one is clearly illustrated by several factors that can be seen and experienced throughout the provider/client relationship. Providers should be an extension of your team and, as such, they must possess the same qualities you would look for in a team member. You can identify these factors at many times throughout the evaluation process, including during reference checks, facility tours and face-to-face meetings. Finding a provider that possesses the factors below will help you identify a true security partner that will deliver a highvalue to your enterprise. Passion Passion can be intangible, and unfortunately, a rare characteristic. But when demonstrated, it is very apparent. A provider that possesses true passion will make sure that their services deliver value to your enterprise because they believe what they do is more than just a job. To find passion in a provider, the first factor you want to look for is responsiveness. The initial opportunity to see this factor is early in the evaluation process. When interacting with the provider s sales people, ask yourself the following: Are your questions being answered promptly and accurately? Are the sales rep and engineer genuinely enthusiastic when discussing their offerings? Is there a strong effort made to bring all the right resources to the meetings, i.e. technical, management, demos, etc? Answering yes to these questions will provide a good indication that they really want your business and are truly excited at the prospect of being your service provider. Moving into the delivery process, the provider should consistently exceed the response times guaranteed in their Service Level Agreements, perform Consulting engagements in a timely fashion and have any issues resolved promptly. Going above and beyond is the next attribute that demonstrates passion. For this factor, you will want to find a provider that consistently goes the extra mile to deliver an effective service that exceeds your expectations. Here are some ways you can tell if a provider will go above and beyond for you: Can SLA s and contract terms be negotiated within reason?

3 Am I penalized for making changes as my objectives may change during the relationship? Can the provider support our unique requirements and environment today and in the future? During the service delivery, you will want to find a provider whose team will do whatever it takes to help you achieve your security goals. While this may seem obvious, many providers will limit the extent of what their team will perform without penalizing you for these services. This can result in hidden costs to your enterprise and can come at a time when you need the providers assistance the most. The last major characteristic that illustrates the passion of a service provider is employee satisfaction. A provider who truly possesses passion will have team members that view their jobs as more than work and take great pride in what they do every day. This translates into a very high level of service that does more than just satisfy clients it exceeds their expectations of what value a service provider can deliver. A good indicator of this is the yearly percentage of existing clients that choose to end their relationship with the provider. Having more than 5-10% of their clients refuse to renew services is a tell tale sign of a provider whose team just goes through the motions and is not passionate about providing top-notch security services. In addition to high renewal rates, you want to find a provider whose team members are active in the security community. This could be in the form of research contributions, playing an active role in training organizations like SANS, making presentations at conferences and events, participating in open source projects or actively participating in a variety of message boards and mailing lists. Attaining bios and searching for the names of some of their technical staff on the Internet are good ways to find out if security is just a job to them or if it is truly something that brings them satisfaction. Expertise When you re looking for a provider to help with a security project, expertise is crucial to delivering effective services. In most cases it s really the provider s specialized expertise that you re after. Of the three major factors needed to find an effective security service partner, expertise is perhaps the most tangible and the most apparent. The first indication of expertise is the provider s focus. Does the provider offer dozens of services across many different areas of security? Do they sell both products and services? Ideally, the provider focuses all their resources on delivering best-of-breed services that address specific areas such as threat and vulnerability management, identity management or compliance. A focused provider will have specialists with in-depth experience performing the necessary services, providing you with a wealth of knowledge to tap for your specific project. A high-level of focus is a major contributor to the provider s ability to deliver a consistently effective service over the long term. Certifications and other industry credentials are another way to help determine the provider s level of expertise. All certifications are not created equal. Some were developed to provide the holder with general knowledge concerning many areas of security, while others focus on providing in-depth, technical skills that are applicable to specific subject matter. For instance, while the CISSP is a great certification, its main purpose is to provide a high-level set of security management skills. This is far more applicable to security executives, high-level policy and program consultants and even auditors than it is to a provider s security analyst team. SANS GIAC certifications are much more technical and appropriate for a provider s team of analysts. The GIAC Intrusion Analyst and Incident Handler certifications provide these highly technical and specialized personnel with a base of skill sets that they rely on to effectively monitor, analyze and respond to threats. The provider s assessment, forensics and incident response consultants should also posses more

4 technical certifications such as the GIAC Forensics Analyst. In addition to the type of certifications, it is also important to look who holds them and what percentage of the technical team they comprise. An effective provider will require all team members to attain certifications and possess a 100% certified team, ensuring that all of their technical resources have a very high level of expertise. Experience is also a key component of expertise. Experience grants technical staff a familiarity with the task at hand and the variations that can occur at a moment s notice. Experienced Analysts and Consultants provide more effective and efficient services, relying on the knowledge they ve gained over the years to make better decisions and streamline activities. The tenure of the technical team, the number of years of overall security experience and the number of years spent delivering specific security services all contribute to a provider s expertise. The tenure and stability of the management team also impacts a provider s expertise as it relates to the long-term direction and priorities of the company. Another way to determine a provider s expertise is to examine their staffing structure. Many Managed Security Services Providers utilize a tiered staffing model where junior analysts handle the initial point of contact and then escalate issues to more senior staff. In most cases, this is done at the expense of customer service in order to compensate for an overall lack of expertise within the security team. On the Consulting side of security services, it is common to have a more experienced consultant kick off the engagement and report the findings, but have a more junior person perform the actual assessment. This tiered approach can often result in poor service execution and plenty of frustration for the client. When looking at the provider s level of expertise, you want to make sure that they rely on a non-tiered structure and that all service delivery is performed by true security experts. The last factor in evaluating to expertise is the service delivery platform. The only way to deliver and demonstrate effective Managed Security Services is to have a purpose-built security information management (SIM) platform that is flexible, scalable and highly efficient. Commercial SIM platforms lack the flexibility and scalability necessary to support diverse security environments across hundreds or thousands of clients. An effective provider will have developed their own proprietary SIM platform that is designed specifically to support the unique requirements of providing Managed Security Services. Having a platform that was developed in-house will also enable the provider to adapt this technology as needed to the ever-changing security landscape. This is critical to the provider s ability to support your future technology infrastructure and requirements. Trust Trust may be the most critical factor to identify an effective Security Services Partner. Delivering effective services to your enterprise will require teamwork between the provider s staff and yours. Without trust, teamwork and communication will depreciate and objectives will not be met. Evaluating the delivery methodology that the provider utilizes is an effective way of determining if you can truly trust the provider. Historically, most providers have delivered their managed and consulting services in a black-box fashion where the only visibility the client had was when they received a periodic activity report. This method does not provide the transparency needed to establish trust in a security services relationship. To facilitate trust, the provider should give you complete service delivery transparency via an open service delivery methodology. This provides you with realtime visibility into the managed and consulting services being delivered. Core to this methodology is real-time reporting and continuous communication with the provider. For Managed Security Services, the provider should include a secure, web-

5 based client interface that provides real-time security information with their services. This will enable you to see the status of your security posture, as well as the performance of the service provider and the actions they are taking to protect your enterprise. For consulting services, they should provide an audit trail of all the activities they perform on a daily basis and hold frequent meetings with your team to discuss the progress of the engagement. An open service delivery methodology is key to building trust and establishing a true security partnership with your provider. Vendor neutrality is becoming an increasingly important component of trust as well. Consolidation in the security market by product vendors has left very few pure-play security services providers. However, objectivity is critical to delivering effective security services. A security services provider must be vendor neutral in order to support your current and future best-of-breed infrastructure as well as provide expert advice that is aimed at improving your security instead of selling you more products. Vendor neutrality is a core element of trusting a security services provider to consistently do what is right for your enterprise. Another factor that must be weighed when searching for a provider you can trust is their track record of fulfilling promises. It is easy for a provider to make lofty commitments during the sales cycle that cannot be delivered by the provider s technical team. When performing reference calls with a provider s existing clients, you should discuss the provider s initial commitments and find out if the provider delivered 100 percent of what they promised. This can include commitments to support devices, provide additional features that are not typically included and the successful completion of all objectives in a timely manner. Consistently fulfilling commitments is a strong indication of an effective and trustworthy Security Services Provider. The last factor that can be used to identify whether or not you can trust a provider is their financial viability. Many service providers, both pure-play and services divisions of the large product vendors, are not built on a sound business model. A profitable business model ensures not only the long-term viability of the provider, but also its ability to be consistent and not be forced into letting short-term financial issues determine their long-term strategies. A profitable provider is also able to become even more effective over time by reinvesting its earnings into research and development. Financial viability creates a company that is built to last and can be a long-term partner to your enterprise. Conclusion An effective Managed Security Services Provider will possess Passion, Expertise and Trust that you can see everyday. These factors are fundamental to delivering services that consistently exceed client expectations. With many providers to choose from, you can use these factors to find the providers that will be committed to helping you achieve your goals by forming a true security partnership with your team.

Connect with confidence through Allstream and Dell SecureWorks Together Allstream and Dell SecureWorks deliver a unique blend of cloud-based and managed security services that are unrivalled by other Canadian information security service providers. The combination of deep expertise in voice, data and IP networking, in conjunction with intense focus on intelligent defence and threat visibility, allow our customers to connect with confidence. Allstream is recognized as an industry leading communications provider to Canada s Fortune 100 and mid-market Businesses. Dell SecureWorks provides world-class information security services to help organizations of all sizes protect their IT assets, comply with regulations and reduce security costs. For more information about Managed Security Solutions Call now 1 855 299-7050 visit allstream.com/security or email us at connect@allstream.com About Allstream Allstream is the only national communications provider working exclusively with business customers. Our focus is helping you simplify IT operations to improve productivity, maximize performance and manage costs. Our IP solutions are delivered on a fully managed, fully secure national network and backed by our industry-leading commitment to customer service: The Allstream Service Guarantee. About Dell SecureWorks SecureWorks is now a part of Dell. Dell SecureWorks is recognized as an industry leader, providing world-class information security services to help organizations of all sizes protect their IT assets, comply with regulations and reduce security costs. To learn more, visit www.secureworks.com. Allstream 200 Wellington Street West Toronto, Ontario M5V 3G2 Call, visit or follow us at: 1 855 299-7050 www.allstream.com blog.allstream.com Copyright 2009-2011 Dell SecureWorks, Inc. All rights reserved. All other products and services mentioned are trademarks of their respective companies. WP_22155 V2 11/14 Allstream Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information