Gartner Blog Network


MSSP Client Responsibilities – What Are They?

by Anton Chuvakin  |  October 9, 2014  |  1 Comment

Let me tell you a secret: MSSP is not a box that you throw your money in, and security comes out screaming! Sadly, many would say that the only reason they went with a Managed Security Service partner is to avoid doing any security on their own. However, if you decided to go with an MSSP and not with an in-house capability (such as internally-staffed SOC with SIEM tool at the center) …


… YOU STILL HAVE RESPONSIBILITIES!

This post is an attempt to outline my thinking about such responsibilities and create a structured approach to analyzing them. Intuitively, there are some things that an enterprise MUST do to allow the MSSP to help them (e.g. deploy their sensors, give them credentials for device management, etc). Still, there are more responsibilities that allow the MSSP to help the client better.

In any case, think of this table NOT as a comprehensive list, but as a framework to organize examples:

Value | time –> During on-boarding / before service During MSSP service consumption
To enable service delivery (MUST) Deploy sensors, share network diagrams and access credentials, provide contacts, etc Notify on asset and network changes, access changes, contact info, etc
To enable maximum value from the MSSP
(SHOULD)
Refine & share a security policy, have IR plans, provide detailed asset and context info, etc Respond to alerts (!), remediate systems, declare incidents and run IR, jointly tune the alerts, communicate changing security priorities, etc

An expanded version of this type of a visual should become your shared responsibility matrix, that will actually enable you to benefit the most from your MSSP relationship. BTW, one MSSP succinctly states in their policies: “The Customer is responsible for all remediation activities.” What about compliance, you may ask? An excellent question – to be handled in the next post :-)

P.S. Of course, there will be people who will insist that “if you want it done well, do it yourself” (that may be true, but it does not mean this route is always the most cost-effective). On the other hand, there will be people who will say “… but security is not our core competence” (eh.. as if locking the doors is)

Blog posts related to this research on MSSP usage:

Category: monitoring  mssp  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on MSSP Client Responsibilities – What Are They?


  1. […] ← MSSP Client Responsibilities – What Are They? […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.