When you outsource IT services to a managed service provider (MSP), it stands to reason that the provider takes on considerable responsibility for securing that environment. Ultimately, though, it is still your company and, therefore you, who must share the responsibility for securing every piece of data.
With that in mind, here are four tips to help ensure that your data remains secure, even if it is not held within the four walls of your own data center.
1. Conduct security due diligence
Before you sign a contract with an MSP, ask a lot of questions about its security policies and procedures. In a recent blog post, Comcast’s Glenn Katz offered up no fewer than 37 questions to ask before signing a managed services contract, many of which focus on security. Questions include:
- Where are your network and security operations located? If they are located offshore, what security and business continuity guarantees will the provider make?
- What are your change control and documentation processes?
- What network and physical security systems and protocols do you have in place?
- How frequently are the security systems updated?
2. Verify compliance with security policies
In addition to simply asking what security policies a provider has in place, conduct an on-site audit to ensure proper oversight. The provider should allow you to inspect its data center and talk to the administrators who run it about how they provide security. This is especially true if you have government or industry regulations to comply with; you’ll need assurances that the MSP can meet those requirements. The right to conduct such audits should be written into your contract.
3. Ensure privacy requirements are met
Similarly, different industries and countries have stringent rules about data privacy, so you must be careful about where your data is physically stored. There is good news on that front, according to this blog post by Mike Wilkinson, VP Product Marketing at BroadSoft:
“Fortunately, cloud providers are increasingly taking note of these requirements. By securing data off-site while meeting country-specific data management requirements, cloud providers are stronger from a security standpoint than if a business relies on internal IT operations and on-premises data facilities.”
4. Ensure that effective identity and access management is in place
When your data is living off-site, the way you control access to it becomes essential. You need effective identity and access management (IAM) tools in place to ensure only those people who are authorized to access your data can get at it, and only on your terms. That may include using tools such as two-factor authentication for certain users or data, along with tools that let you control who can access which sorts of data, and when. For example, if someone is attempting to access financial records at 3:00 a.m. from a country with which you don’t conduct business, that should be a red flag. Similarly, you need to be able to quickly turn off all access when an employee leaves your organization.
Signing on for IT services from an MSP can be an effective way to quickly and cost-effectively expand your IT capabilities. Following these four tips will help ensure that your data is also safe and secure in the process.
Learn more at our Comcast Business community.