With GDPR coming in next year, organisations need to become more aware of what service providers are doing to protect themselves and in turn protecting you. When selecting a provider, you need to prepared to grill them to ensure you are confident the level of protection your stakeholders and clients would expect is being provided.
A growing trend amongst Irish organisations is outsourcing specific security to managed security service providers (MSSPs). Firewalls, data hosting and vulnerability assessment are just some of the areas organisations now outsource.
The first question you need to ask is are they certified to recognised standards – ISO, PCI, and Cyber Essentials? It is important to know what standards they are working to and ensure they are compliant with GDPR. Data hosting, for example, is a service that organisations usually outsource. Hosting companies will provide their customers with servers which are physically locked which can only be accessed by a select few. This gives organisations a lot of control even though the provider does all the work. Do your due diligence and find out how effective their physical security system is and how frequently do they test their own systems against possible breaches.
No matter what aspects of your security you outsource, remember outsourcing relieves the burden of managing of security internally, but you are still ultimately responsible for the liability if there is a breach.
Things to consider when selecting an MSSP
- Choose an MSSP that you can trust if you have never worked with them.
- Choose an MSSP that understands your customer needs.
- Choose an MSSP that is financially stable.
- Choose an MSSP that is flexible and willing to cater for different business needs.
- Appoint one person or team as a contact point for MSSP to ensure smooth communication.
- Ensure your employees are aware of the agreement you have within the SLA.