To help keep your organization’s digital information and resources secure, there are a number of best practices and security considerations to keep in mind when contracting with managed service providers:
- Perform a detailed risk assessment and enforce associated mitigations before working with a managed service provider. Some considerations include:
- How a cloud service (if used) is implemented and managed
- Who has access to data and how it is secured
- The intended purpose of engaging with the managed service provider
- Potential challenges that may arise during incident detection and response, such as the managed service provider’s availability during off hours
- Keep operating systems and software up to date.
- Ensure that an MSP follows organizational security, privacy and legislative requirements.
- Find out how closely the MSP adheres to an IT security management framework.
- Use secure computers with multifactor authentication, strong passwords, few access privileges and encrypted network traffic to administer the cloud service.
- Do not provide the MSP with account credentials or access to systems outside of their responsibility.
- Use cryptographic controls to protect data in transit to and from the MSP.
- Consider full data encryption for critical information while at rest and while maintaining control of encryption keys.
- Employ full hard-drive encryption to ensure data at rest on storage media is not recoverable should the MSP replace or upgrade physical hard drives.
Source: Zywave, 2019.
No comments:
Post a Comment