Enterprise CIOs, CSOs and VPs of security need business outcomes and a positive ROI from their MSSP. One way to achieve this level of trust is with radical transparency with zero trust, as it gives in-house security teams the ability to view details around their security events, triage decisions and analyst notes to help them better operate and secure their business.
Radical transparency was born out of frustration expressed by enterprise executives citing a lack of transparency and the “black box” nature of their relationships with their service providers.
Radical transparency means your customers see everything your analysts are doing. Customers work from the exact same interface and access all consoles, audit logs, analytic rules, playbooks, and Service Level Agreement (SLA) metrics as your internal team, creating a transparent environment.
The key to delivering radical transparency is the willingness to put your customers on the same platform as the provider. If you’re not willing to share your internal analytics process, analysis and notes with your customer, or allow your customers to hold you accountable, are you really giving them an opportunity to trust you to provide a quality service?
Customers want detailed information from how you close incidents that aren’t escalated to what kind of filters and logic are put into the engine itself. MSSPs should be open and transparent and be held accountable for what they are being paid to do. The current platforms and structure of managed security services doesn’t support this kind of transparency, and as a result, providers are not being held accountable for a quality service.
The zero-trust approach – guilty until proven innocent – is critical to this process. Analysts assume each event is bad until proven otherwise, building out playbooks and automation actions to prove that out at scale.
At any point, your customers should be able to question, critique, give feedback and adjust expectations. All playbooks and automation actions are visible, creating trust by giving customers the ability to verify exactly what the MSSP is doing, across the board by seeing into every single incident, analytic action and note taken by the provider.
Due to the subjective nature of human analysis, there is also a need to ensure the quality and consistency of security analysis. It’s possible to automate the sampling of alerts for review and scoring, with the scores being based on the speed, accuracy and consistency of analysis.
A focus on continuous improvement of security analysis and a full, transparent view can help build customer trust by allowing them to independently assess the quality of the investigations. This mitigates human error with a consistent and predictable review of alerts.
While this approach might be “new” and “radical” now, it is quickly becoming the industry standard demanded by enterprise organizations seeking MSSPs.