I'm reading a Gartner report about when to change managed security service providers (MSSPs) and I get to a spot about high turnover at the MSSP as being a red flag. This got to me because an argument to *use* an MSSP (or just any MSP) in the first place is that they will handle staffing for you so that you don't have to worry nights. Well, if they can't keep their staff, then who's to say going it alone and keeping it all in-house isn't the way to go?
Another area is if the MSSP is passing alerts on to clients without vetting them first - again, that's pretty much what happens when stuff is done in-house, with the hope that things get better over time. So, also again, why go to an MSSP in the first place, outside of only comparing current staff costs to MSSP up-front costs and not taking follow-on costs (monetary as well as knock-on effects) into account?