MegaplanIT
Security & Compliance
Choosing The Right Security Services Partner
A Security Services Provider needs to be reliable and supportive. Have you been unable to find the right fit for your organization’s global, regional or local footprint? Is the dynamic demands of your computing environment, and the changing dynamics in your operational complexities a challenge for your organization? If so, you are not alone. The good news is that you are not unique in your quest to find a true partner for your current and future cybersecurity needs.  The best news is that the right Security Partner is available, but you need to perform the necessary up-front work to find them.Â
In this blog, we will cover the top 10 topics that you need to cover that will help you find a security and compliance partner that not only helps you keep your business operations secure, but protects your important client and payment data from quickly evolving threats.
The first step in this journey is to conduct data gathering, asking multiple types of questions, and perform company, financial and reputational research that will help inform your decision in selecting a new Security Partner.Â
The following Top 10 topics will help you get started and are highly recommended to establish a solid foundation for your decision making:
Core Business:
- What is the Security Partners’ core business?
- Is it consulting services or reselling of technology?
- Does the Partner offer vendor-agnostic services?
- Does the reseller model constrain or force a limited set of solutions being offered that may limit the ultimate set of cybersecurity capabilities?
- Does the partner offer testing, managed security, monitoring, compliance, advisory consulting and staff augmentation?
Core Competencies:
- Does the Security Services Partner have a state-of-the-art Security Operations Center that offers SOCaaS, MDR, EDR, and other modern relevant services that deal with active and dynamic threats? Does the SOC leverage multiple intelligence sources, threat analysis tools, and automation processes to ensure a single vendor is not relied upon?
- What are the Security Service Partners core competencies, and do they include full coverage of modern cloud architectures, SAAS, DevOps, and dynamic application delivery models to support business revenue streams?
- Are up-to-date core competencies the foundation of the business and how much of the primary revenue streams are related to these?
- How are these core competencies demonstrated in industry certifications, vendor partner levels, or 3rd party audits (PCI-DSS, SOC2, Industry Service Provider Certifications, Cloud Security Alliance)?
- Does the Security Partner help you proactively prevent risks in your environment and helps you solve your problems from a mitigation standpoint vs. only alerting on potential issues?
Â
Longevity:
- How long has the Security Services Partner been in business?
- Is there any risk of insolvency or lack of ability to meet SLA’s due to retention, staffing, or longevity concerns?
- Does the Security Services Partner maintain an adequate level of U.S. dedicated employees and overall staffing to meet varied demands?
Â
Unknown Financial or Legal Issues?
- Have you researched them from a D&B, legal entity, and outstanding claims perspective?
- Does the Security Partner have any outstanding litigation or legal judgments against it or any of its current staff?
- Is there any negative press or exposure from past engagements and how they were handled?
Â
Unforeseen Delivery Issues?
- Based on the industry, regulatory and oversight bodies that the Consultancy is engaged with (PCI-SSC, ISO, FedRamp, HHS), is the Security Partner in remediation or under review for any gaps in quality, consistency, or have any open findings that have not been addressed?
- Is there any feedback on industry platforms or social media that offer positive or negative feedback related to what it’s like to work with the Security Partner?
Â
Leadership Team and Staff Experience:
- Does the leadership team include a diverse background, base of experience, and a cross-industry perspective that strengthens the Security Partner’s services?
- Is there a comprehensive and progressive set of services that leverages this Leadership experience base?
- Does the staff have up-to-date and relevant certifications, experience, and credentials (PCI QSA, CISSP’s, GIAC, GPEN, SANS, etc.) leveraging decades of experience?
- Can the staff offer incident advisory planning (policy, procedures, tabletops) and incident response mitigation support in addition to alert notifications of unusual or abnormal activity?
- Can the Partner provide an extension of virtual, ad hoc, or dedicated Security Leadership to your organization based on your strategic and tactical needs?
Â
Company Ownership:
- What does the ownership of the company look like?
- Private, Public, or Venture Capital funded?
- How does this benefit what you can offer from a services standpoint or limit or constrain what can be offered?
- Does this ownership affect the ability of the Partner to be independent?
Â
A Balanced Perspective?
- How does the Security Partner provide a balanced approach in focusing on higher-level work across strategy, governance, planning, policies, procedures, guidelines, workflows vs. more tactical capabilities from technical prevention, detection, monitoring, response, and recovery capability standpoint?
- Does the partner offer a holistic approach to proactively test environments, identify the highest risk vulnerabilities and offer full remediation advisory services to address identified risks?
- Does the Partner work with modern integrated architectures and modern cloud delivery models?
- Does the partner actively manage client communication, project timelines, and client deliverables?
Â
Relevant References:
- What references are available that relate to your companies’ size, scale, and complexity and how has the Security Partner helped reduce risks and cyber exposure for similar companies?
- Do those references support the Security Partner’s ability to provide a clear and consistent set of deliverables and SLA’s, communicate quickly and effectively for any identified issues or threats, provided vertical-specific expertise, integrate with your ticketing and workflow solutions, and support any automation and API needs for efficiency?
Â
Demonstrated Expertise:
- What relevant stories are available, or case studies published where the Security Partner has demonstrated an ability to address your unique vertical challenges (operating constraints, seasonal demands, protecting your revenue models, monitoring challenges, regulatory or compliance requirements).
- Making sure you know what your company needs from your Security Partner will properly inform the discussion and help you ensure you can select the right Partner that delivers timely, relevant, and cost-effective services.
Looking For A Security Service Providor? We're Here To Help!
We look forward to talking to you about your upcoming Security Testing, Compliance Assessments, and Managed Security Services priorities. We are ready to help and discuss more information with you on our comprehensive list of services.Â
Share this post
Subscribe To Our Newsletter
Most Popular
Post By Topic
Industry Leading Certified Experts
Subscribe
Subscribe To Our Newsletter & Stay Up-To-Date
Explore Our Blogs
Whitepaper | 10 min Read
Developing An Effective Compliance Program
This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business. We will also outline critical steps towards developing and implementing a useful and effective Compliance Program.
New Service Offering | Contact Us
Ransomware Preparedness Assessment
As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? If not or if you are unsure, MegaplanIT is offering a Ransomware Readiness Assessment free of charge for up to 50 Systems.Â
ResourceGuide | 8 min Read
Cybersecurity Roadmap For 2022
Companies need to be aware of their current state, where they need improvement, and how to be proactive moving forward. Dialing in on the key elements your organization will need to succeed is a great starting point to having a full-fledged plan in place, and it all comes down to the fundamentals.Â
We're Here To Help
We look forward to talking to you about your upcoming Security Testing, Compliance Assessments, and Managed Security Services priorities. We are ready to help and discuss more information with you on our comprehensive list of services.Â
Make Our Team, Your Team!
Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.
Ransomware Assessment Preparedness
Cybersecurity Roadmap For 2022
Developing And Maintaining An Effective Compliance Program
As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack?Â
A Cybersecurity Roadmap details priorities and objectives to drive progress towards security goals. The roadmap follows a data-driven path based on answers to critical questions
This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business