MSSP Success Series – Make a List

January 20, 2015 | Joe Schreiber

Managed Security Services Providers (MSSPs), like any other business, are a factor of its People, Process, and Product. This series will offer insight into each of those factors and offer practical ways for MSSPs to achieve success - and end users might also find this information helpful.

Have A List And Check It Twice!

You’ve just closed the first sale of your MSSP service, Now What? Implementation or as I call it “The Fun Part”, is the next step. So how do you know what to implement? Who’s responsible for which parts? How do I know it’s complete? The answer is a simple one: Make a List.

Besides the practicality of the list itself there are also many other advantages to this diligence. When you’re starting service with a customer, you’re also entering into what you hope is a long-term relationship. Setting the tone early on in this relationship is very important. If you act haphazardly or give off the impression of disorganization it could impair the relationship you need to survive. Let’s look at the scenarios with and without a list:

With a List Without a List
  • No device or use case gets missed
  • Turn-Up process incrementally drives to completion
  • Engineer knows precisely what to integrate
  • The customer knows exactly what’s being monitored
  • Responsibilities are clearly defined
  • Tasks can be managed and assigned appropriately
  • Helps you scope the time needed for implementation
  • Customer wonders how you missed an event
  • Implementation never ends
  • Fingers get pointed
  • Audits may fail because data is missing (consequence of the above)
  • Operators have no clear guidance
  • No clear definition when service begins

Gathering this information is also useful for post-implementation activities. For instance, during your event review, your in house security analysts will already have some contextual information to use when performing their investigations. This will increase the initial fidelity of your service and bolster the customer’s perception of your service.

Lastly, this list should be something that is signed by you and the customer. This is especially important if your list includes an assignment of responsibility. The sign off process is a mutual agreement between you and the customer, clearly stating which aspects of the turn-up you and the customer are each responsible for. This has a similar significance as your Service Level Agreement and can be used for reference if delays are introduced.

To get you started I’ve created a sample list. Feel free to use it but most importantly modify it. The services you offer and your experience will influence the creation and the ongoing edits of the document. You may also want to consider translating this information into a wiki or similar system for each customer.

Download a Word document you can use to create your checklists.

Joe Schreiber

About the Author: Joe Schreiber

Some random dude on the Internet.

Read more posts from Joe Schreiber ›

TAGS: mssp

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial