No one could realistically debate the importance of IT services. To literally stay in business and serve their customers, every company needs a reliable network and data security. But the reality is that many can’t afford a full-time, in-house staff that’s up to speed with latest technology.
That’s why it’s become common to outsource IT services to a managed service provider (MSP). Part of that working relationship means that the provider assumes a certain level of responsibility for network security. Of course, you can’t leave everything in the provider’s hands. You’re still accountable for any breach in data security, even if the servers are located in someone else’s office space.
To make sure all of your bases are covered, it’s important to go over certain key aspects of the relationship. First, ensure that the MSP is able to comply with your very own security policies. Not only do you have to ask about their internal security policies, they should be glad to let you conduct an on-site audit to guarantee there is industry-standard oversight. This is critical no matter your industry, but can be especially vital if you have to comply with specific regulations, be they legal or otherwise. You must have an ironclad agreement from the provider that they can accommodate your needs.
With IT outsourcing, it’s also important how your data can be accessed. Does your provider (or potential provider) have strong identity and access management technology? They need to allow only authorized access to company data, with permissions being segmented based on data type, time of day, department, even the geographic location where the data request originated.
As you can see, due diligence around security is essentially an exercise in asking questions. Not just any questions, but the right questions so you can fully understand the provider’s capabilities, policies and procedures.
You need to know where their network and security operations are located. You need to know the details of their change control and documentation processes. You need to know all the details about their network, physical security systems, and protocols. You must know how often they update software, hardware and security technology.
But let’s not forget about privacy, which is vital not only for your data, it’s also key for customer data as well. Just as each industry can have different security compliance rules, data privacy regulations can vary across industries as well. Regulations can even vary depending on the country where the data is stored.
Luckily, providers of IT services, more and more, are folding these requirements into their working agreements. This is especially true with cloud providers, who are securing data off-site and, at the same time, complying with data privacy rules for each country. Interesting, they can actually end up providing better security than a company’s internal IT staff.
Bottom line: When outsourcing your IT services, the right provider is one who can give you the right answers.