The CISO wanted an improved relationship with their MSSP, as it had evolved into a black box setup where they knew very little about what was happening despite monthly service reviews. The client did not have any in-house technical security expertise, and their relationship manager working with the MSSP was more familiar with operational service providers with time-based SLAs. They were not convinced of the usefulness of metrics being delivered, and did not feel heard or understood when raising concerns.

Review and improve the relationship with the MSSP, ensure that monthly service reviews became useful for the relationship manager to understand the organisation’s security posture and areas that needed focus, and provide an independent review for the organisation leadership.

Using broad industry experience we carried out a series of discovery workshops with the client and MSSP, initially independently from each other, to understand current managed service provision, the history of the relationship, and each organisation’s culture and priorities. We also reviewed the service agreement and SLAs on service provision against the priorities of the CISO and the wider business.

With the findings from the workshops and an understanding of the client organisation’s business strategy we then worked with stakeholders in different processes along with the relationship manager on both the client and MSSP side to understand where needs were not being met.

Following the two week discovery period we defined a new set of requirements and desired metrics for the service to match the CISO’s priorities, stakeholder’s needs, and to provide useful and usable measures for the client’s relationship manager.

Findings were presented in a report to the CISO and we worked with the client and MSSP to change the service provision and measurements to match the desired vision.

During the review areas of over- and under-provision were identified. In areas of under-provisioning the offering was renegotiated, with more usable metrics and a more targeted solution. Where controls were over-provisioned a reduction, or in some cases removal, was negotiated. Overall while spending in under-provisioned service areas increased, there was a 14% reduction in annual cost.

Redesigning metrics to be usable by the relationship manager and meaningful to the CISO and peers increased satisfaction with the service throughout the organisation, allowed for more effective demonstration of compliance during standards audits, and increased the credibility of the security function throughout the leadership team.

Identifying and increasing investment in critical security processes allowed for, in the most dramatic case, a reduction of the SLA timeline, and a reduction of the average time to complete a ticket from 22 days to 4 days.