Tips for Getting the Most From an MSSPCybersecurity Expert Vito Sardanopoli on Common Pitfalls to Avoid
How can organizations get the most out of managed security services providers and avoid common pitfalls? Cybersecurity expert Vito Sardanopoli, an experienced CISO, offers top tips.
"There are times when the managed security services provider may become a little lax, and that impacts the quality of service they offer," warns Sardanopoli, an experienced CISO who now provides consulting services as a virtual CISO - most recently at New Jersey-based Atlantic Health System.
That's why relationship building is critical when dealing with an MSSP, Sardanopoli says.
"Ten or 15 years ago, there was less urgency around managed security services providers and their services. But nowadays, it's much more a critical service they provide, and there's even a more acute need to actively manage that relationship," he says in an interview with Information Security Media Group.
While some managed security services providers are offering more comprehensive incident detection and response services, some of these companies are not yet qualified to effectively provide those services, he contends.
"They want to be in the space, but they don't quite have those capabilities. And there are lots of variations in what they offer," he says.
Need for Scrutiny
Whether an organization is working with a well-established services provider or is contemplating engaging a new MSSP, "you really have to evaluate them on an individual basis to scrutinize their capabilities," Sardanopoli says. "You have to make sure that entity will provide a level of service that's going to be effective for your organization."
Smaller and midsized healthcare organizations that have limited internal security resources are often in an ideal position to establish a relationship with an MSSP that can provide comprehensive services, he says.
But larger healthcare entities with growing internal security teams also can potentially benefit from partnering with an MSSP to get up to speed quickly "in establishing a means to identify and respond to threats effectively," he adds.
Sardanopoli is a member of the Department of Health and Human Services Healthcare Industry Cybersecurity Task Force, which focuses on identifying and addressing opportunities to improve cybersecurity practices across the healthcare industry. At ISMG's Healthcare Security Summit, to be held Nov. 13-14 in New York, he will discuss the task force's top cybersecurity recommendations.
In the interview (see audio link below photo), Sardanopoli also discusses:
- How managed security services are evolving to meet the changing needs of healthcare organizations;
- The types of services offered by MSSPs that can potentially be beneficial;
- Other tips for working with MSSPs and additional mistakes to avoid.
Sardanopoli is principal owner of the consulting firm Vantage Cyber Risk Partners, which provides virtual CISO services. Over his career, Sardanopoli has helped to build and advance cybersecurity programs and information technology capabilities for organizations in a number of industries, including healthcare, financial services and retail. These roles have included CISO for Quest Diagnostics, Atlantic Health System, Tiffany & Co. and The American Stock Exchange.