In today’s ultra competitive and global marketplace, 24/7 global connectivity and service availability has never been as important. The challenge of ensuring business continuity is further tested by the growing ingenuity of cyber criminals and the potential disruption of business from security breaches.

To maintain a competitive edge businesses are constantly looking for new ways to reduce operational costs and streamline internal processes.

One idea that is frequently discussed by IT Managers is whether to outsource elements of IT infrastructure that don’t provide company advantage, to reduce capital expenditure. For example, one area that is often outsourced is network security through a managed security service provider (MSSP).

Outsourcing network security to a MSSP can provide not only cost efficiency in comparison with in-house solutions but can also provide smaller organisations with access to specialist dedicated security resources they might not have in-house.

So far so good, how should an organisation choose a MSSP?

Initial research

Organisations must remember that the ultimate responsibility for network security still lies with them. It is therefore crucial that businesses do the right research into potential MSSP’s to understand if they are a good fit for your needs. You will primarily need to look at the size and expertise of the organisation, the technologies they use and if they employ a detailed Service Level Agreement.

Organisational reputation and skills

The first step is to assess the reputation and expertise of the MSSP. Find out who their current customers are and if they face similar challenges to your organisation. This will give an indication of whether the MSSP has the required knowledge to deal with the security threats your organisation faces and if they have the procedures in place to mitigate and deal with any breaches that occur.

Taking this a step further, businesses should find out how high a MSSP’s staff turnover is. If the turnover is high then this may raise questions over the level of experience your security team will have to manage the threats to your network.


The most important consideration when choosing a good MSSP is the technology and security solutions they use within their portfolio of services. Solutions should be compatible with existing equipment and infrastructure, which will minimise unnecessary network complexity. Anything else can lead to complex infrastructure and ultimately increase the risk of configuration mistakes which are a significant cause of breaches.

Businesses should also ensure that they ask for a list of all the technologies the MSSP uses. Do they have the latest security technology and, therefore, the capability to anticipate and adapt to future threats? As a minimum, the MSSP should be using proactive security solutions such as firewalls that can scan encrypted traffic as well as Intrusion Prevention Systems that actively scan the network for anomalies and malware.


For businesses that have all or part of their network virtualised it is crucial for them to determine if the MSSP provides virtual security solutions.

It is a common misconception that virtual networks are automatically protected by existing physical security devices. This however is incorrect and can leave the virtual environment vulnerable to attacks. Traditional physical security appliances will not be able to see traffic that resides within the virtual environment meaning viruses can easily spread throughout the network undetected by the security team.

Organisations therefore need to ensure the MSSP has security appliances which provide direct visibility into the virtual machines and protect the virtual environment from within. A competent MSSP will be able to place a virtual security appliance anywhere inside the virtual environment and this will give protection to even the most complex systems.


It is also advisable to look into the scope of the monitoring an MSSP will provide. To ensure accountability businesses should ask to enforce a detailed service level agreement (SLA) that clearly outlines what is expected from the MSSP in terms of performance and quality.

Businesses should find out if an MSSP is able to give controlled access to information in their security infrastructure as this will mean they will be able to access their security reports as and when required, retaining a level of control over their security. Many MSSPs will only allow customers’ access to monthly reports which will provide statistical details of security alerts – to many companies this is unacceptable. They will want and need to view all alerts the network generates in real time, for example details of attacks and threats, how quickly they were managed and what areas of the network were breached.

In the Service Level Agreement (SLA) the MSSP should also provide a well defined guarantee of commitment for device operation, incident response and details of the measures they take to ensure your business is not hit by the same attack twice. This will make the MSSP accountable and ensure that they fully understand your business requirements before any contract is signed.


When an organisation chooses to outsource network security it is often as a cost cutting measure, businesses therefore must ensure that the service they are receiving is cost effective. A Service Provider Licence Agreement (SPLA) is a ‘pay as you go’ model which will eliminate the risks associated with up-front investment. With SPLA, businesses pay on a monthly basis based on the number of licences they require per month.


A MSSP can help an organisation to operate a comprehensive security infrastructure without needing to recruit specialist internal resources or invest in associated technology. This means IT managers can invest more time on strategic initiatives that will help the business develop as opposed to handling routine day-to-day administrative tasks such as monitoring security devices.

However, businesses must never forget that the responsibility of security ultimately still lies with them. Even with the best MSSP in the world an organisation needs a focussed internal resource to monitor security via the MSSP and guarantee their network is operating effectively.