Free Trial
Products Products
MSP360 Backup Backup and Recovery
MSP360 Backup Backup and Recovery
Overview
back up DATA FROM
Windows VMware/Hyper-V MacOS Microsoft 365 Linux Google Workspace
BACK UP DATA TO
AWS Google Wasabi Azure B2 Local
MSP360 RMM IT Management MSP360 Connect included
MSP360 RMM IT Management
Overview
MONITOR AND MANAGE
Windows macOS Linux
Prevent cyber threats
Endpoint threat prevention and protection (powered by Deep Instinct)
MSP360 Connect Remote Access
MSP360 Connect Remote Access
Overview
Connect FROM
Windows Android MacOS iOS
Connect TO
Windows MacOS
Pricing
Pricing Pricing
MSPs Internal IT
Solutions Solutions
Business type
Industries
MSP IT Departments Small Busness
Healthcare Education
Business type
MSP IT Departments Small Busness
INDUSTRIES
Healthcare Education
use cases
ENDPOINT PROTECTION
Ransomware Protection Endpoint Threatbr
Prevention and Protection
powered by Deep Instinct
Remote Access
Web-Based Remote Access Remote Support Remote Access Remote Work Remote Collaboration
IT Management
Patch Management Monitoring and Alerting Remote Device Management SNMP Monitoring
Backup and Recovery
Server Backup Backup for Windows Backup to AWS Desktop Backup Backup for MacOS Backup to Wasabi File Backup Backup for Linux Backup to B2 Image-Based Backup Backup for VMware/Hyper-V Backup to Azure SQL Server Backup Backup for Google Workspace (GSuite) Backup to Google Cloud Synology NAS Backup Backup for Microsoft 365 (O365) Back Up Locally Recovery
Not sure if MSP360 is for you?
Request a Call
Resources Resources
MSP University Blog Whitepapers and Assets Videos Webinars Events Customer Stories Forum
Support Support
US-Based Support My Cases Open a Case Knowledge Base Online Help
Partners Partners
technology partners
AWS Wasabi Backblaze Google Cloud Microsoft Azure Deep Instinct
Partners
Resellers Distributors Become a Partner
ALLIANCE PARTNERS
Leet Cyber Security
Company Company
About Legal Information Events Careers Leadership Team Contact Us Trust Center
Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
The MSP’s Guide To Vetting Cybersecurity Vendors

The MSP’s Guide To Vetting Cybersecurity Vendors

The MSP’s Guide To Vetting Cybersecurity Vendors

As the cybersecurity market grows, it has become increasingly difficult for managed service providers to assess the value of third-party vendors. Typically, MSPs must now assess hundreds of different products, even within a fair niche product category, and each with different features and price points. In this article, we’ll take a look at a basic set of practices for assessing different cybersecurity vendors for MSPs, and show you how to get the most out of your interactions with them.

Introduction

By far the most important first step in assessing vendors is to decide which functions you need to outsource, and which can be better done in-house.

Some functions, like legal services, have long been outsourced, and this remains the best approach for most MSPs.

Today, there are also cybersecurity vendors for a huge variety of different functions; solutions exist for hardening your backup systems, improving the security of your OS, and even Dark Web monitoring. In this context, it is critical that you decide exactly what you need from a cybersecurity vendor, and have a clear idea of how contracting their services is going to improve your profitability.
ON-DEMAND WEBINAR

Ransomware: Prevent or Recover
Watch the webinar and prepare yourself and your customers with the right approach and the right tools
New call-to-action
Webinar icon

How To Assess Vendors

Ideally, the way that MSPs assess cybersecurity vendors should be through a rigorous and repeatable assessment process. The MSPAlliance's MSP Verify certification requires MSPs to have a vendor assessment policy that itemizes all the vendors the MSP uses, what level of risk they bring to the MSP, and what steps the MSP has taken to validate the credentials of the vendor. This is a great place to start when developing an assessment process.

  New call-to-action

This said, there are some tools for assessing cybersecurity vendors that have been produced by industry groups, and these can be extremely useful in providing a systematic framework. One of these is the Cloud Security Alliance's Consensus Assessment Initiative Questionnaire. This tool contains an industry-standard list of questions that you can put to any potential vendor, and even provides a scoring system that allows you to rank prospective providers across a number of key metrics.

Beyond looking at the key features that a vendor can offer you, and assessing how outsourcing these processes will affect your bottom line, there are two further issues to look at.

The first of these is the question of accountability. Security breaches and malware infections can be hugely expensive, and only the best online backup vendors are willing to take responsibility for them. Ideally, you should be able to agree with your vendor what will happen if their products fail, and this should include any monetary compensation that they will pay you in this case.

The second issue, and one that is often overlooked, is the security of the vendors themselves. It might sound strange to assess a cybersecurity company on the basis of their OWN cybersecurity, but in some cases companies who promise to make your security stronger have not applied the same standards to themselves. Outsourcing SQL database administration is one of the leading causes of MySQL password leaks, a breach which can take weeks or months to recover from.

Further reading Guide to Vendor Risk Assessment

Questions To Ask

Rather than buying privacy tools off-the-shelf, you should see your interaction with your cybersecurity vendor as a mutually beneficial business partnership.

The key to building this kind of partnership is to know when to question your cybersecurity vendor, and what about. There are a couple of key trends in the cybersecurity industry – the growth of 5G networks and the rise of the Software as a Service (SaaS) model – that will have major impacts on the way that cybersecurity vendors work in the coming decade. Any vendor worth their salt will be able to tell you how they are preparing to meet these challenges.

As Foster explains, these are key questions to ask because they relate directly to the sustainability of your business in the medium term. They are important because they are about "real-world customers and real-world use cases. There's a lot of people and solutions that look really good on paper, but when it comes to actual implementation, there's no comparison."

The Bottom Line

Despite the number of cybersecurity vendors out there and the range of products they offer, you should not feel intimidated when it comes to choosing one. Ultimately, what you are looking for in a vendor are the same features you would expect in any business partner: a responsible approach to managing risk and taking responsibility for it, and a willingness to work with your MSP to tackle emerging issues.

As long as you go into the process with a clear plan of what you want from a vendor, and a similarly clear plan of how this is going to affect your bottom line, everything else is a negotiation.

FREE ASSETS
MSP’s Assets to Stay Safe from Phishing
  • Phishing response checklist
  • Phishing awareness training slides
  • Anti-phishing posters
New call-to-action
Anti-phishing assets