Author: AlienVault VP Global Channel Sales Mike LaPetersManaged Security Services Providers (MSSPs), like any other business, are a factor of its People, Process, and Product. Let's assume you’ve just closed the first sale of your MSSP service, Now What? Implementation or as I call it “The Fun Part”, is the next step. So how do you know what to implement? Who’s responsible for which parts? How do I know it’s complete? The answer is a simple one: Make a List.Besides the practicality of the list itself there are also many other advantages to this diligence. When you’re starting service with a customer, you’re also entering into what you hope is a long-term relationship. Setting the tone early on in this relationship is very important. If you act haphazardly or give off the impression of disorganization it could impair the relationship you need to survive.Let’s look at the scenarios with and without a list:
With a List
Without a List
No device or use case gets missed
Turn-Up process incrementally drives to completion
Engineer knows precisely what to integrate
The customer knows exactly what’s being monitored
Responsibilities are clearly defined
Tasks can be managed and assigned appropriately
Helps you scope the time needed for implementation
Customer wonders how you missed an event
Implementation never ends
Fingers get pointed
Audits may fail because data is missing (consequence of the above)
Operators have no clear guidance
No clear definition when service begins
Gathering this information is also useful for post-implementation activities. For instance, during your event review, your in house security analysts will already have some contextual information to use when performing their investigations. This will increase the initial fidelity of your service and bolster the customer’s perception of your service.
Lastly, this list should be something that is signed by you and the customer. This is especially important if your list includes an assignment of responsibility. The sign off process is a mutual agreement between you and the customer, clearly stating which aspects of the turn-up you and the customer are each responsible for. This has a similar significance as your Service Level Agreement and can be used for reference if delays are introduced.To get you started I’ve created a sample list. Feel free to use it but most importantly modify it. The services you offer and your experience will influence the creation and the ongoing edits of the document. You may also want to consider translating this information into a wiki or similar system for each customer.Download this MSSP sample checklist document (Microsoft Word format) for your team to customize.
Mike LaPeters is VP global channel sales at AlienVault. Read more AlienVault blogs here.
Russia's invasion of Ukraine features alleged cyberattacks. Follow this Russia-Ukraine conflict timeline for cyber & kinetic warfare updates, and guidance for MSSPs worldwide.
