Finding the Right Security Partner

Published: July 12, 2006

See other Security Tip of the Month columns

If you are looking for a partner who has proven expertise in delivering security solutions that can help your business, here are some questions and criteria to consider before making your decision.


Are they a Microsoft Partner Program Certified or Gold Partner?

Microsoft Certified and Microsoft Gold Certified Partners are independent organizations that have the knowledge, skills, expertise, and commitment needed to help implement solutions that match your exact business needs. Microsoft Certified Partners have undergone specialized training, and they demonstrate proven expertise in the areas in which they are certified. Every Gold Certified Partner for Security Solutions also has a documented history of satisfied customers, verified by Microsoft, for the security solutions they provide.

What is their Microsoft Partner Program competency?

If you want to ensure that you are working with a partner who truly understands the security dynamics of the IT infrastructure and who has expertise with Microsoft security and business products, partners who have the Microsoft Security Solutions Competency are your best choice. Partners who have achieved the Security Solutions Competency have proven their proficiency in using Microsoft technology to provide security solutions that help protect your information assets.

Services and Solutions

What types of security services and solutions do they provide?

Before you look for a partner, it is important to identify your security needs so that you can create a list of potential partners based on a match between your needs and the security services and solutions the partners provide. For example, do their services include:

  • Security audits (across which platforms?)

  • Security policy and process development

  • Risk management consultation

  • Compliance and governance

  • Windows Server and Windows Client security

  • Messaging and collaboration server security

  • Network and perimeter security

  • Identity and access management

  • Firewall, application acceleration server, and caching solutions

  • Secure data backup and retrieval

  • Intrusion detection

What kind of support do they offer?

It is also important to assess a partner's support services. For example, do they provide 24/7 remote or onsite security support? What levels of support will they provide? Look for a service level agreement that defines how quickly they will respond to problems, and what level of after-sales support they offer. Another aspect of the support equation is security training—can they provide it or recommend reputable partners? Will they have the resources to grow with you in the future?


Do they apply consistent frameworks and practices in their operations?

Ask to see documentation about their processes, and verify that their processes will work within your defined security policies and procedures. It is also a good idea to make certain that the partner will support your change management processes as they begin to work on your specific issues.

Can they commit to a specific schedule and budget for a given project?

The first question to ask is will the partner be able to do the work with their own staff, or will they have to subcontract? The second question is what is the fee structure? Depending on the project, it is possible to agree on a flat fee, an hourly or daily rate, or an ongoing retainer. You should also determine if the partner is willing to break down their cost structure and allocate costs to different stages or activities, keeping in mind that you want accurate information before any work is commissioned.

How do they approach documentation?

Any company you partner with should supply you with a proposal for the work that includes a budget, timetable, and reasonable specification. The proposal should be written in a way that is easy to understand. If the proposal is satisfactory, you should then create a written contract that specifies what is going to be done and by whom. Make sure to include dates, deadlines, equipment, costs, and so on. Even if you do not have a formal contract drawn up by attorneys, make sure that the details of the work are written down and agreed to in some form.


After you have a list of potential partner candidates, ask for references. Talk with customers who have worked with the partner, and assess whether a similar experience would fit your needs.

Next Steps

Finding potential partners to help you with your security technology needs is simple. Visit the Microsoft Resource Directory ( today and search for Microsoft Certified and Gold Certified Partners in your area who have a business focus on security solutions. Finding the right partner may prove a little more challenging, however the benefit of having a safe, secure IT infrastructure is worth the challenge, every time.