September was usually the most active “budget” month for my Credit Union. Hours were spent writing the business cases and justifying expenditures. One area that rarely met any opposition was an investment in IT security infrastructure. The potential impact of a data failure far outweighed any capital line item or expense! And if you are like most Credit Union CIO’s, you’ve locked down your request for implementing some variation of managed security solutions in 2015. Taking the next step and selecting an actual service provider can prove to be much harder than securing budget dollars! Why? Because MSP’s (managed server providers) come in all flavors these days so what are you supposed to look for when choosing? We’ve put together our top 10 list of things to look for when selecting your MSP:
1) Do they understand what they’re protecting? – I struggled on whether to list this as the first item or not (over #2 Expertise) but my Credit Union grassroots won out. You should feel comfortable that your MSP understands our industry and the commitment we have to serve them and their communities. Member information security is paramount. Credit unions have unique regulatory requirements that the MSP should be well versed in as well. Ask potential providers what they know about Credit Unions? GLBA? Appendix A Part 748? and so on.
2) Expertise (Staff and Company) – Pretty much goes without saying I’d think – but you’ll want to ask for evidence on the MSP’s expertise in the industry. Professional certifications and references are great ways to check into a providers background. If the MSP is partnered with other suppliers for part of these services. A detailed list of questions to ask in this area is provided on the SANS site – you can access that here. Is managed security a core product for the MSP or just an add-on? You’ll want a service provider who has demonstrated focus and commitment to securing Credit Union infrastructures.
3) Customizable solutions – Granted – the technology has to be good but it also has to fit your needs! A good MSP will not force you into a one-size-fits-all security solution. The service provider should offer an assortment of solutions that can readily address a variety of environments. No service provider can be in exolpert in all possible solutions. They should, however, be able to offer a choice of products that can complement each other and provide a solution that offers an optimal amount of protection.
4) Incident Response – Stuff happens and when it does you’ll want all hands on deck – IMMEDIATELY. When negotiating terms with an MSP, work to get a good understanding of response times and be sure to communicate your recovery time objectives (RTO). If they don’t match – keep looking!
5) Reporting – This may seem insignificant at first glance but keep in mind the responsibility to protect your Credit Union stays with you even if you outsource. A robust and accessible reporting system gives you the “eyes” you need to stay on top of the managed security efforts you’ve contracted for.
IT security doesn’t have to keep you up at night! With a managed security provider, you’ll be able to rest easier knowing your infrastructure is managed 24/7/365 by qualified experts with more than adequate resources! Need help assessing your IT security needs? Reach out to our engineers today!