Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm alsopredicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.It comes as no surprise, then, that organizations are looking to managed security services providers (MSSP) to either augment in-house security teams or provide risk-management services.\u201cMany organizations don\u2019t have the resources to build out a security operations center (SOC),\u201d says Scott Barlow, vice president of global MSP and cloud alliances at Sophos. \u201cMeanwhile, security is moving at a rapid rate, and it\u2019s tough to do it yourself. With internal IT staff focused on internal needs, companies really need to think about 24-7 security and threat hunting across their network. That\u2019s why we see a lot of co-managed IT and outsourcing tickets going to MSSPs these days.\u201dAn MSSP may be the answer, but businesses should take the time to do their homework before signing on. Here are six essential questions to ask when seeking assistance.1 \u2013 What types of certifications do your staff have?\u201cThere are a lot of certifications out there,\u201d Barlow says. \u201cFrom CompTIA to (ISC)2, there are many ways security professionals stay up to date on skills and the latest threats. But it is essential that they are up to date on certifications because the industry is constantly evolving.\u201dIt\u2019s important to start by understanding your staff\u2019s full suite of certifications, then determine what\u2019s needed to fill any gaps, Barlow says.2 \u2013 How do you secure on premise and public cloud assets?Many organizations have assets in the public cloud in addition to on-prem. It is important to determine how your MSSP can secure both. \u201cPublic cloud does not mean Microsoft 365,\u201d Barlow says. \u201cIt means that if you have workloads in Azure or Google Cloud Platform (GCP), can they confidently assure you that they can secure those assets and data? Ask how.\u201d3 \u2013 Can you support all my needs?Identifying your internal IT and security needs is paramount. For instance, is mobile security important? How about server protection? Email security? Making sure an MSSP can address all your IT and security needs is critical to the mutual success of an engagement, says Barlow. \u00a0\u201cYou want to get into specifics and learn how the provider can secure your varied IT needs.\u201d4 \u2013 How do you handle security awareness training?Awareness training, which teaches your employees about the role they play in helping to stop attacks and breaches, should be table stakes for an MSSP, Barlow says.\u00a0Ask what kind of services your potential provider offers and how they make that training engaging and memorable.5 \u2013 Do any of your tools pose a risk for our cyberinsurance coverage?Customers should ask what tools an MSSP uses to manage their environment, specifically with cyberinsurance coverage in mind. \u201cIt is important to know those details and ensure you qualify for cyberinsurance if you are the victim of an attack or breach,\u201d Barlow says.6 \u2013 Are you financially sound and can you provide references?Finding the right MSSP may require some investigating and interviewing, but don\u2019t be shy about asking difficult questions.\u201cYou want to do your due diligence to ensure the MSSP has the tools and services you need but is also solvent. If not, you might find yourself with a bunch of tools that don\u2019t work,\u201d Barlow says.Click here to learn more.