How to Hire & Evaluate Managed Security Service Providers for Insurance
May 10, 2017
Managed security service providers (MSSPs) are managed service providers that have decided to specialize in the security of data. They work in much the same way as regular providers but they specialize in data security, backups, and disaster recovery services. Some companies will rely on both types of providers to handle their data, but if you ask the right questions and get the right people for the job, then you should only need one provider to handle all of your data needs.
Consider them Part of the Company
Finding a good managed security service provider, or MSSP should be about interviewing them just as if they were an employee you wish to hire for a position within your company. The provider should understand what your business model is and how you do things within your corporation. Then they should pitch to you how they can integrate their services into your business model, so there is a positive working environment between both entities.
You need to remind the providers that you are an insurance company and there are certain requirements based on that fact. There may be certain laws in your state about how data is handled. Your data cannot be stored on international computers and must remain in the United States according to federal laws. There may also be certain industry protocols in place for how your data is handled.
Afford them a Holistic View of your Company and Expectations
A managed service provider needs to take a holistic approach to your company. You have expressed your concerns and needs to them, and expressed your expectations for their management of your data, so what is next? Have them explain to you exactly how they will meet your needs. Ask them about the technologies they will use to meet your needs. Firewalls are a given, but will they have VPNs and wireless protocols in place to handle virtual technologies or mobile access to your servers.
You should also find out if the provider will work with your management teams to solidify processes and procedures set in place by your company. Get information about how they can help you with training your employees concerning cybercrimes and disaster recovery.
There is no doubt the service provider knows how to handle servers and maintain data centers, but how experienced are they with handling data for insurance companies? It is always okay to ask for references and have the provider name companies they have worked with. Also, ask about their employees’ certifications. There are some providers that will say they can handle a job, but they may do not have the right people for the job. Ask if they have a specialist for your specific needs.
Another consideration is the internal management model within their company. In other words, find out how they escalate or manage issues. Some companies will have a junior-level technician look at a situation, and if they cannot handle the issue then they will escalate it to a senior tech. Other companies will immediately have the issue sent to a senior tech, which evaluates the problem and then allocates it to the most qualified junior tech. Neither of these techniques is necessarily wrong, but it is good to learn about the structure the provider uses. You should also ask how the process they use will benefit your company needs.
Whatever is agreed upon must be written down. It is imperative that all promises are followed with a signature. Don’t forget that the solutions you ask for may be more expensive than what you think, so be detailed in each solution and verify the price. Push a little at key points and try to get a package at a reduced cost. Get a free assessment from ToSS C3, and find out what they can do for you today. Move your insurance firm into the future; request a quote today!
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.