
Forging a Sound Managed Security SLA
Managed security services are an attractive choice for SMBs. They deliver security services ahead of the resources and the expertise of SMBs at a foreseeable cost. By outsourcing security, companies are not just devolving loads; they are placing their trust and the responsibility for the security of their network, data, and compliance obligations in the hands of unknown. Hence, some level of assurance that service providers will deliver on what has been promised, and if not, ways to protect the user’s interests has to be established. The SLA is the retort to the uncertainty of assurance and protection.
SLA will explicitly list the services that the provider has to provide, how they will be implemented, how they will respond to customer requests, queries, and problems, and compensation and remedies to unsound situations.
"It's a starting point to make sure services you are contracting for are what you really looking for," said Burton Group analyst Eric Maiwald. "Without a contract that's reasonably well thought out, you really don't know what level of service to expect and what to do when service doesn't live up to expectations."
Small-scale providers are pliable
Large companies have the financial brawn to coerce service providers to customize SLAs according to their necessities. SMBs have to reconcile with the providers services or find another vendor who has more to offer in its SLA. Managed service providers monetize based on economies of scale that lets them garner services that are repeatable for users so the provider can make the most without investing more on its investment and training.
However, small service providers tend to be more flexible. They want to take advantage of the personalized service that they can provide. Small service providers definitely have their own limitations but they redress on these issues by relying on their benevolence through responding quickly to the customers.
Check Out: Top Managed Security Service Companies In APAC
Performance and Penalties
Customers commonly fall prey to the alluring promises of continuous service uptime, quick responses to requests, and detected security issues. But the inventory of attractive facilities comes at a cost. Before you select a provider, match your requirements with the services being offered. Always check if you need the extra services that require extra investment.
If you want good performance features quoted on the covenant, it clearly implies your desire to keep your website running 24/7. Now, a promise of 99.9 percent service uptime on the SLA sounds grand, but what if it drops by a half or one percent—this might cause the business to decline for a few days over the course of the year.
On the other side, if your business is more forgiving in terms of downtime and response time, you may not require such in-depth and rigorous performance promises and service. You can always opt for a smaller vendor who can offer cheaper prices and bespoke attention.
Even when you place monetary penalties for failure of SLA responsibilities, like a particular amount for an hour of downtime, it might not be a big deal for the providers, as they will compensate for charges with tranquility–use penalties as a brush off and stay in the business. Large enterprises can yield penalties plus some discomforting mulct from the service provider, but SMBs can’t do the same, given that they might receive a few bucks that the provider will barely notice, but not a proper compensation for the impact on their business.
Exit from an Unfit SLA
Verify the contract to check the terms that defines your exit. If the contract does not contain a positive escape clause, then look for other providers because departing will be your only option in case of facing significant problems.
Before you exit from the contract, make sure you have a ‘Plan-B’– a business continuity strategy like another service provider on hand. If you don’t have any options, check how long you can sustain with in-house expertise and if you can afford to survive without external services.
Providers with Insurance
Insurance is a good substitute for penalties and exit. You can always look for a provider who takes the responsibility for your exposure and covers your risk through insurance, since risk and penalties collected are incomparable. The insurance can be required to cover the cost of notifying the customer, damage to brand reputation and future business along with the monetary penalties.
"A good service provider–and this will be documented clearly in their contract–will have professional liability insurance that will in part or whole absorb the liability," says Charles Weaver, co-founder and president of the MSP Alliance. "That's what a client should be looking for."
Cipher the contract
Before you sign a contract, make sure it makes fiscal sense. Compare your budget and the quoted price. Check if hiring additional staff and buying new equipment can be at par with the investment you make on the managed security service.
Managed security service is lately getting a lot of attention. But a contract for a managed security service should not be done ad lib. Even if you outsource the tasks related to your organizations security, always remember that you are still ultimately responsible for your organizations security and managed security services are simply tools that give a hand to reach your goals.
Check out: Top Managed Security Companies
Featured Vendors
Retail Professional & IT Services Inc (RP&IT Services): Affordable IT Services for Retail Professionals
IntelliPoint Technologies: Efficient Operations through Network Automation and Cybersecurity Protection
VisiCore Technology Group, LLC: Certified Splunk Architects Offering Professional Consulting and Managed Services
Agile Transformation: Helping Organizational Leaders Transform their Culture to Healthy, High-Perfor
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance