When to Leverage a Managed Security Services Provider (MSSP)

November 6, 2019 | 2 min read

BlueVoyant

Mighty Guides is pleased to present the results of our recently conducted independent research in an upcoming guide, "2019 End User MSSP Survey" sponsored by BlueVoyant. The goal of this research, which involved outreach to 3,000 business leaders, is to examine the reasons why businesses choose to leverage a service provider.

BlueVoyant will be providing the research results and commentary over the next five weeks.

Increasingly, companies are turning to MSSPs to help manage their security practice. Several factors are driving this trend, including:

  • the growing complexity of IT environments,
  • the growth in sophistication and intensity of cyber threats,
  • the difficulty in finding and hiring experienced cyber security professionals,
  • and challenges in implementing state-of-the-art security technologies.

For many companies, one of the most difficult security decisions they have to make is whether it is time to seriously consider contracting with an MSSP. That decision impacts how they allocate security budgets, how they develop security strategy, and who is responsible for which aspects of security.

Although some experts say categorically you should be working with an MSSP if security is not your core business, most companies approach the service provider question by examining their own strengths and weaknesses. This typically begins by asking the most fundamental question of all, which is what you need your security strategy to do for you.

To find out more about how security professionals view their own security practice, Mighty Guides sent the following survey question to about 3,000 professionals:

Which of the following is the most important objective of your security practice?

  1. Minimize cyber risk to the business to ensure continuous business operations.
  2. Protect the customer’s sensitive personal data and corporate intellectual property.
  3. Create a secure IT environment as cost effectively as possible.
  4. Keep up with the most current regulatory requirements and cyber threats.

In addition to understanding what is the most important objectives of a security practice, you also must understand your greatest challenges. To find out more about that, we asked the security pros the following question:

Which of these are the greatest challenges in managing a cyber security program?

  1. Providing adequate coverage of basic security operations.
  2. Constantly putting out fires, preventing the best use of our security team’s skills.
  3. Finding the cybersecurity skills and resources we need to implement and monitor security technologies, and respond to the latest threats.
  4. All of the above.

The largest group of respondents reported being challenged by multiple issues, any one of which represents a potential weakness in the security practice.

With these basic understanding of objectives and challenges, you must then drill deeper into your practice to see what you must do to address those challenges, and if you have the resources and skills in house to address them.