If your organization must navigate complex compliance requirements, protect valuable intellectual property (IP), or manage customers’ personally identifiable information (PII), chances are you’ve at least considered managed data protection services.
The decision isn’t a small one, and most companies understandably want to optimize their ROI when choosing and implementing such a solution. That’s why we’ve put together a shortlist of the three tips that help us deliver the best experience to our clients—and should help you start strong with a high-quality managed data protection program.
1. Know what you don’t know … and what only you know
Companies approve the use of managed data protection services for a variety of reasons. Perhaps you intended to run an in-house program but haven’t been able to find the right expert to head up the effort. Perhaps you’re under time constraints, or you’re dealing with industry or regulatory demands.
Whatever your reason for working with a data protection partner, two things are equally important:
- Don’t start the project with preconceived ideas of how your service will look on a granular level.
- Do engage with your partner as an active participant in your data protection program.
Our most successful clients work with us not simply because they want to check data protection off their to-do lists. These organizations are actively engaged in protecting their critical information assets—and hiring an expert partner in data protection provides gives them access to expertise and tools they wouldn’t have otherwise.
We are experts in protecting critical data, but your team are the experts in which data assets are most important to your business, how they are stored and used, and how much risk you can tolerate. Yes, you can purchase and implement one-size-fits-all solutions that don’t take these factors into account—but that isn’t why you hire a data protection partner.
We approach each client’s solution from the top down, focusing on a strategic design that then drives our adaption of our proven services to meet your specific needs. The result isn’t a service offering that you must conform to; it’s one that should conform to your unique demands.
To optimize your results:
- Help your managed data protection provider understand what makes your situation unique.
- Expect the provider to customize the service around you—or at the very least, explain why they’re suggesting one service or technology over another and what you can do to get the best performance and results from that solution.
- Be ready to offer continual, honest feedback as the project progresses (more on that in a minute).
Keep in mind that your service provider’s job is to make you successful.
We aren’t there to usurp your IT department (data protection and IT are completely different functions). Nor do we seek to override your decisions about your own data. In fact, we want you to take any ideas we provide and make them your own.
2. Commit to clear communication
As you might surmise, the level of partnership we just described requires regular, clear communication. If a vendor isn’t providing or asking for this, buyer beware.
Your data protection services provider should ask a lot of questions and should always be willing to answer your team’s queries. Communication is important at every phase:
- Each department should understand how to work with the provider to develop program requirements during the design phase.
- The provider should offer ongoing reporting to your team on milestones and KPIs during implementation.
- You’ll want to provide feedback about how the solution is working and offer guidance during the validation phase.
On a related note, your internal communication, both before and after choosing a protection solution, must include executive stakeholders.
Clients who have an engaged executive sponsor for their data protection program are 3x more likely to succeed than those that lack executive support.
3. Get ready for an evolution
Implementing a new manage data protection service can be overwhelming. We suggest that clients look at this challenge as a process rather than a project. Take things one step at a time.
Begin by making sure you understand the various pieces that comprise a robust data protection program and the decisions you’ll need to make at each step:
- Application management. Which data protection products and technologies are right for you? How will the provider guarantee uptime and availability?
- Rule sets and policies. How will the provider customize and implement rule sets to fit your needs?
- Event triage. After rules are put into place, how will the service provider deal with high volumes of security events to weed out the noise of false positives? How will they identify which business processes are authorized and which are broken? Will adhere to service level agreements (SLAs) that guarantee specified response times?
- Incident management. What will the provider need from your team to determine how best to manage data and event attributes, escalate events for action, and begin remediation?
- Which KPIs will the provider measure?
Remember, managed data protection is an ongoing evolution.
Ideally, your service provider will help you go from an ad hoc, reactive approach to a fully or almost-fully automated process that enables continual adaptation to the threat landscape.
Ready to get started?
Now that you know how to optimize your use of a managed data protection service, how should you get started? We can provide a no-risk security assessment that will give you an idea of the effort and cost involved. Contact us for details.