MSSP

Choosing the Right MSSP: How CTOs Evaluate an MSSP Partner

Female walk in blue Sneakers And Arrow (Adobe Stock)

COMMENTARY: In today’s rapidly evolving cybersecurity landscape where threat actors continue to raise the stakes in terms of financial damage and reputational harm, a chief technology officer is not only expected to manage IT infrastructure but lead strategic security initiatives that protect their organization at all times.

Enter managed security services providers (MSSPs) — offering a compelling option for enhancing internal security capabilities. But choosing the right MSSP is more than a tactical decision. It’s no less a strategic partnership that helps secure an organization’s future.

A CTO should take their time, involve their team, and exhaustively test assumptions. In considering an MSSP, an astute CTO will understand their organization’s key security goals, such as extending 24/7 monitoring coverage, closing compliance gaps, reducing mean time to detect (MTTD) and response to threats, and ensuring appropriately aggressive response measures.

Winning the Business

Now, let’s turn it around. You want to be the MSSP of choice. As a CTO, I would expect the prospective MSSP (or MSP) to demonstrate a mindset of providing “outcomes,” not just “services.” For that matter, engage in strategic security conversations, not just technical ones, by showing you understand the organization’s business model, risk appetite, and compliance landscape. You can get a leg up by offering customized roadmaps that help shape their security strategy, not just react to it.

A CTO should expect information about real-time visibility into security operations, such as dashboards, telemetry, ticket statuses, and incident timelines with measured service level agreements (SLAs). As such, an MSSP that truly wants the business should share details of SLAs — and prove it with historical metrics.

CTOs want to know that you can seamlessly integrate into their environment, are tech-agnostic, or are deeply knowledgeable about their technology stack. CTOs need onboarding to go smoothly, with minimal lift and fast time-to-value. If you can provide APIs, playbooks, and integrations that plug directly into their existing workflows, IT service management, and SOC tools, that would be all the better.

An MSSP can gain new business by demonstrating exceptional responsiveness and communication. It’s a matter of being there 24/7 with real humans, not just ticketing queues, with clear escalation paths and defined points of contact. For that matter, use plain language, especially when speaking with non-technical stakeholders. Be as effective in the boardroom as you are in the SOC.

Additionally, an MSSP must be capable of more than a quick response and excellent communication. It’s no longer sufficient to detect suspicious activity, alert as necessary, and then decide how to act. Action must occur quickly. Isolation and containment should be baked into the outcome as a standard. Act on the threat with isolation and containment, then review and collaborate with the business regarding next steps.

As you build flexibility into your service model, offer modular, scalable service, either co-managed, fully managed, customized, or à la carte. Offering short-term contracts or trials can help reduce buyer risk and encourage long-term trust. A worthy MSSP will proactively seek feedback and act upon it. Therefore, make your processes iterative and visibly improve based on client insights.

CTOs Want MSSPs That Prioritize Data Backup Technology

As for a harsh dose of reality in the CTO-MSSP relationship, there are no guarantees an organization won’t be victim to a cyberattack. Prevention goes a long way, but a CTO needs to understand what defensive capabilities are in place should an attack occur. With the proper orchestration of immutable backup technologies, data can be preserved and operational continuity assured despite any ransom request. If an MSSP can show a CTO how it will protect their organization’s data — a matter of recovery over resistance — then it may very well earn that business.

CTOs know that when ransomware bypasses defenses and encrypts critical systems, a tested, available backup may be the only way to recover without paying the ransom. An available backup is more important than the backup being uncompromised. Proper recovery techniques account for the possibility of a backup being “compromised.”

In fact, immutable backups (those that cannot be altered or deleted by attackers) are becoming a non-negotiable feature among MSSP engagements, particularly in regulated industries like healthcare, finance, government, and manufacturing. CTOs want to a provider who thinks about total recovery, not just threat removal.


MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].

Brandon Williams

Brandon Williams is the chief technology officer of Chattanooga, Tennessee-based Fenix24. Brandon has more than 20 years of experience in networking, infrastructure design, implementation and security. He finds the most rewarding experiences are blending technology with security, providing resiliency/resilience to the business while maintaining excellent user experience.

You can skip this ad in 5 seconds