Paul Rummell, the former chief information officer for the Government of Canada, has some interesting perspectives on the managed security service provider market. In a recent blog entry, he describes the 10 key criteria for choosing a managed security service.
Here's Rummell's list:
- Does the IT security managed services vendor understand your business and all its’ risks?
- Are they ‘on top of their game’ to proactively protect and manage you environment?
- Are they cost effective?
- Can they work with your executives and team?
- Do they have offerings that will fit into all of your environments and be proactive in averting all reasonable treats?
- Do they have a good range of products and services?
- Can they communicate well on what they are doing and what counter measures they are taking?
- Can they lead you and your organization through appropriate transitions and changes to make this effective not just around your systems and process, but embed proper security in all that all you and your organization ode?
- What are their best practices for the security domain?
- How are they evolving on a day-to-day basis to protect the information assets of their client organizations and their vital information assets?