ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
As a complement to my MIRcon® 2013 presentation titled
“Getting the Best Bang for the Buck with Managed Security
Providers” and to address some questions I received from the
audience, I have prepared a quick summary of my presentation.
Many businesses consider outsourcing key IT and security
functions as part of a budget reduction plan, increased efficiencies
for IT services, or simply because there’s a need for a capability,
but no time to build it internally. Too often we see companies
similarly approach outsourcing; selecting vendors via
“bake-off”, signing the contracts, and loosely
implementing the service. In the best case, the net result of this
approach leads to service delivery that only marginally improves the
company’s security posture; in the worst case, a total failure of
The following steps provide a
framework for how to get the best out of managed security service providers.
Phase 1 – Prior to Selecting a Vendor:
- Have a defined set of requirements that not only drive your
business goals for the managed service, but also complement your
existing capabilities and processes. These requirements should be
blessed at the highest levels of leadership and will facilitate
the vendor selection and contracts negotiations.
- Have a clear picture of who will need to be involved in the
entire process. Selecting the right stakeholders will ensure that
all requirements are defined, that all existing technology and
processes are represented, and that all stakeholders have the
opportunity to buy into the effort.
- Inventory all existing processes and technology affected by the
integration of a managed security provider.
Phase 2 – Selecting a Vendor:
- Use the data points acquired during the first phase to ensure
the vendors you select meet the minimum requirements you’ve
defined as critical and whose technology and service delivery
processes can best be integrated seamlessly with your defined
processes and technology.
- Select your vendor using real world scenarios. In order to get
the best understanding of how the service will be delivered, it’s
important to see the service in motion within your environment.
Phase 3 – Inking the Deal:
- Ensure that your legal or contracts team has a full
understanding of your requirements (and hopefully has been
represented as a stakeholder). This will ensure that these
requirements are effectively defined in the contract and
explicitly define what’s expected of and been agreed to deliver by
- Ensure executive sponsorship of the project. This will ensure
that funding and support is in place to facilitate implementation
and any issues that may arise down the road.
Phase 4 – Managed Service Kick-Off:
- Define critical points of contact. This should include the
executives supporting the initiative, the primary and secondary
project main points of contact, and any technical or management
resources impacted by the implementation of the managed service.
Ensuring complete representation during the kick-off call will
drive efficiency in communication and expectation setting for you
and your managed service provider.
- In-depth technical implementation coordination should happen
outside of the initial kick-off call. Allowing the technical
representatives from both sides to communicate requirements and
implementation details will provide for a smooth technology roll-out.
- Ensure that points of contact and areas of responsibility are
well understood to minimize confusion and finger pointing down the road.
Phase 5 – Disaster and Incident Dry-Runs:
- Depending on the criticality of the service provided by the
vendor, it might be important to simulate a disaster or incident
to allow for a complete exercise of a high stress event. Doing
this exercise will ensure that you are not learning process or
technology failures in the heat of the moment and provides a safe
avenue for stakeholders to see the effectiveness of
Phase 6 – During the Life of the Contract:
- Communication between the customer and service provider
throughout the life of the contract is critical. From regular
service updates to feedback on how to improve, communication will
ensure success over the life of the relationship.
- Communicating change to limit impact. Whether on the customer or
the managed service provider side, any change has the opportunity
to result in degraded services or ability to delivery services.
No matter what business driver leads to looking to an outside
vendor to provide services, investing the same time and effort into
a managed service as you would if your business were building the
capability itself will result in successful implementation. These
six detailed phases will ensure that all of the pieces are in place
for an effective relationship between the customer and service
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.