This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

Wade Woolwine Presents at MIRcon 2013Wade Woolwine Presents at MIRcon®

As a complement to my MIRcon® 2013 presentation titled
“Getting the Best Bang for the Buck with Managed Security
Providers” and to address some questions I received from the
audience, I have prepared a quick summary of my presentation.

Many businesses consider outsourcing key IT and security
functions as part of a budget reduction plan, increased efficiencies
for IT services, or simply because there’s a need for a capability,
but no time to build it internally. Too often we see companies
similarly approach outsourcing; selecting vendors via
“bake-off”, signing the contracts, and loosely
implementing the service. In the best case, the net result of this
approach leads to service delivery that only marginally improves the
company’s security posture; in the worst case, a total failure of
service implementation.

The following steps provide a
framework for how to get the best out of managed security service providers.

Phase 1 – Prior to Selecting a Vendor:

  • Have a defined set of requirements that not only drive your
    business goals for the managed service, but also complement your
    existing capabilities and processes. These requirements should be
    blessed at the highest levels of leadership and will facilitate
    the vendor selection and contracts negotiations.
  • Have a clear picture of who will need to be involved in the
    entire process. Selecting the right stakeholders will ensure that
    all requirements are defined, that all existing technology and
    processes are represented, and that all stakeholders have the
    opportunity to buy into the effort.
  • Inventory all existing processes and technology affected by the
    integration of a managed security provider.

Phase 2 – Selecting a Vendor:

  • Use the data points acquired during the first phase to ensure
    the vendors you select meet the minimum requirements you’ve
    defined as critical and whose technology and service delivery
    processes can best be integrated seamlessly with your defined
    processes and technology.
  • Select your vendor using real world scenarios. In order to get
    the best understanding of how the service will be delivered, it’s
    important to see the service in motion within your environment.

Phase 3 – Inking the Deal:

  • Ensure that your legal or contracts team has a full
    understanding of your requirements (and hopefully has been
    represented as a stakeholder). This will ensure that these
    requirements are effectively defined in the contract and
    explicitly define what’s expected of and been agreed to deliver by
    the vendor.
  • Ensure executive sponsorship of the project. This will ensure
    that funding and support is in place to facilitate implementation
    and any issues that may arise down the road.

Phase 4 – Managed Service Kick-Off:

  • Define critical points of contact. This should include the
    executives supporting the initiative, the primary and secondary
    project main points of contact, and any technical or management
    resources impacted by the implementation of the managed service.
    Ensuring complete representation during the kick-off call will
    drive efficiency in communication and expectation setting for you
    and your managed service provider.
  • In-depth technical implementation coordination should happen
    outside of the initial kick-off call. Allowing the technical
    representatives from both sides to communicate requirements and
    implementation details will provide for a smooth technology roll-out.
  • Ensure that points of contact and areas of responsibility are
    well understood to minimize confusion and finger pointing down the road.

Phase 5 – Disaster and Incident Dry-Runs:

  • Depending on the criticality of the service provided by the
    vendor, it might be important to simulate a disaster or incident
    to allow for a complete exercise of a high stress event. Doing
    this exercise will ensure that you are not learning process or
    technology failures in the heat of the moment and provides a safe
    avenue for stakeholders to see the effectiveness of
    disaster/incident response.

Phase 6 – During the Life of the Contract:

  • Communication between the customer and service provider
    throughout the life of the contract is critical. From regular
    service updates to feedback on how to improve, communication will
    ensure success over the life of the relationship.
  • Communicating change to limit impact. Whether on the customer or
    the managed service provider side, any change has the opportunity
    to result in degraded services or ability to delivery services.

No matter what business driver leads to looking to an outside
vendor to provide services, investing the same time and effort into
a managed service as you would if your business were building the
capability itself will result in successful implementation. These
six detailed phases will ensure that all of the pieces are in place
for an effective relationship between the customer and service

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,