Choosing the right partner is among the life events worth fretting over to ensure the best decision is ultimately the one made. The process usually entails asking yourself—and often your potential partner—a battery of questions: will this partnership be mutually beneficial? Can I trust them, and will they always be honest? How will they support me, especially when it’s burdensome? Answering these questions with certainty does not come easy, which is why it becomes important to take the advice of those whom you trust and have been there before.
When searching for the right IT and cybersecurity partner, it’s imperative to not only consult current partners, but also understand industry best practices and know precisely what it is you need from the relationship.
Given the current state of the cyber threat landscape, it is no longer enough to have an IT partner who is merely supportive, affordable, knowledgeable, and available; they must also have a platform with an industry-leading toolset and the ability to provide your business with a strong cybersecurity posture. A strong partner should minimally have services in place that include proactive assessments, active monitoring and support, and rapid response in a worst-case scenario. This is especially true if working with a Managed Service Provider (MSP) as they have seen a drastic increase in cyberattacks since last year’s breach of Kaseya servers.
Threat intelligence indicates 90% of MSPs have experienced a cyberattack in the trailing 18 months, demonstrating a need for more than just service support from a potential partner (SOURCE). It is essential for all businesses to have the protection of a 24x7x365 Security Operations Center (SOC) capable of remediating threats on their clients’ behalf. Furthermore, there is no indication that such attacks will slow as small and mid-sized businesses (SMB) onboard with MSP partners who then assist in migrating business-critical data to cloud storage making immediate response vital.
Whether you are an SMB seeking a partnership with a successful MSP or an enterprise operation in need of more robust cybersecurity, there are several similar key to look fors in a partner.
If searching for an MSP Partner:
Ask how they assist customers with asset management and infrastructure planning. An organized MSP is a good MSP that will show you how they lay out documentation in clear and easy-to-read language. They should also plan for a full device life cycle, so you have an accurate look at the future of IT costs.
- Verify they have transparent and uncomplicated pricing. The best MSPs have clear packages of their offerings. They will not nickel and dime you with add-ons or upsells. If they have trouble producing a quote or telling you what their services cost, do not walk, RUN.
- It is important to choose a partner that will provide their security baseline as part of your service. If they cannot articulate it, then they likely do not have one, which is a huge red flag. A dependable MSP will have a security baseline based on your industry and compliance needs.
If solely seeking a cybersecurity provider, there is a slightly different set of must look fors:
- It’s vital to understand the kind of alerts they can ingest on your behalf. Furthermore, the alerts need to be monitored on a 24x7x365 basis. A good SOC should be monitoring Windows events, e-mail, and Firewalls at a bare minimum. If they can integrate with third-party storage or communication software, that is a bonus.
- Does the SOC prove compliance for SOC2 or similar frameworks? This is hugely important for keeping in compliance for anyone with Cybersecurity Maturity Model Certification (CMMC) or similar requirements. A good SOC will not only be able to provide this immediately when asked but is happy to discuss their controls to ensure their own security.
- A worthy partner must have the capacity to not only solve problems as they arise but prevent them from occurring in the first place. A meaningful SOC partner will emphasize proactive over reactive support, which would include active monitoring and real-time threat remediation. Being an alert factory is not enough, as most businesses do not have the staff to address alerts around-the-clock.
Without regard to the type of partner your business is seeking, there is a final must-ask question: what kind of service-level agreement (SLA) do they have on support requests? A good company will not only have a clear policy, but it should include a clause for breach of SLA that translates into dollars back to your company. The hallmark of a good MSP is responsiveness, which should never be an issue, particularly with a SOC, but it is nevertheless important to have in place.
For any business or MSP seeking to enhance the cybersecurity posture of themselves and their partners, SpearTip is an ideal partner as our cybersecurity services can be tailored to meet the needs of each unique business. Reach out to our team for more information regarding how we support our partners’ growth.