The importance of the customer portal for MSSPs
In conversations with MSSPs and expert analysts at firms like Forrester one key requirement for MSSPs is the need to provide access to a customer portal that contains key information about the security services that are being provided; traditionally a web-based offering, the need to access through desktop browsers and mobile devices has become evident.
MSSPs “Show and Tell”
MSSPs that provide monitoring services often have service levels and escalation processes defined with customers, but the notification of alerts is a fine balance – pass too many and the customer risks getting overwhelmed and may question the value of the triage and assessment services provided. However, by passing too few there could be a feeling that either there are no issues or that they are being missed. This has led to a need for reporting on the service performance and issues that are quietly being dealt with by the MSSP SOC team.
In reality, this is where the demand for a customer service portal came from – a way for the MSSP to present information around:
- Alerts and their stages
- Volumes of events and stored data
- The service level performance on triage and analysis investigation
- More in-depth reports and statistics
It also gives the customer:
- Full view of the event/alert/incident pipeline
- A clear view on service level performance and hence value for money
- The ability to check to see if wider events are affecting their business
“I’ve heard about this, are we seeing it?”
A great example of where a customer portal might be useful is when a large scale, well-publicised cyber security problem is at play – like the WannaCry ransomware outbreak. Companies might want to know if they are being probed, or targeted or if there are actual or potential infections.
A security operations web-based portal display
An MSSP that is busy handling a major, widespread problem affecting multiple clients doesn’t need lots of people ringing them up to ask questions about their own status, and customers might not want to wait for a weekly, scheduled report to see if it is affecting them. Particularly if there are upper levels of management asking “Are we affected by this?”.
The importance of a cyber security portal
A clear, accessible cyber security customer portal that shows the current status, the states of detection and investigation, the trends over time and the percentage of compliance with service levels is invaluable. It doesn’t replace the MSSP picking up the phone or sending an escalation email when a problem has arisen, and it doesn’t replace monthly service reports or summaries; but it does provide a level of confidence in a service that is vital both for the MSSP to provide and for the customer to receive – and on their own terms.
A portal then is a must, and all that remains is to make sure it is clear, visually appealing, and easy to use. An interface where data is presented which can be zoomed or drilled-down into, and the customer can take control over how much detail they access: What are those 3 high alerts shown on a top-level pie chart or traffic light display? How does this month’s trend graph compare to a one-year time window?
Finally…
With the rise of mobile phones, tablets and other portable devices, the need for any MSSP portal to be “mobile friendly” or able to be delivered as an App is also emerging as a requirement. No one would want to operate a SOC on a mobile phone screen, but it is useful to receive service status updates or charts of current issues through this mechanism. So MSSPs must also consider this delivery model for customer interactions.
