Managed security services is one of the fastest growing market segments in the security marketplace, according to Gartner, which reports that by 2005, 60% of enterprises will outsource the monitoring of at least one network boundary security technology.
It, therefore, comes as no surprise that more and more organisations are turning to managed security service providers (MSSPs) for a range of security services that (they hope) will ultimately reduce costs and access skilled staff whose full-time job is security.
Increasingly, information security investment decisions are taken in the context of business risk, and partnering with a proven MSSP can enable you to accept, avoid, mitigate or even transfer this risk.
Managed security services encompass six key categories:
* On-site consulting;
* Remote perimeter management;
* Product resale;
* Managed security monitoring (MSM);
* Managed vulnerability/penetration testing service;
* Compliance monitoring.
Organisations, therefore, need high-quality strategic and practical guidance on how to work with these emerging MSSPs in order to maximise their own information security.
The range of services offered by MSSPs varies in their ability to meet an organisation`s security requirements, including the availability, confidentiality and integrity of information assets. Thus, it is vital that an organisation specify its specific security requirements.
The benefits
Cost: The cost of a managed security service is typically less than hiring in-house, full-time security experts. An MSSP is able to spread out the investment in analysts, hardware, software and facilities over several clients, reducing the per client cost.
Staffing: A shortage of qualified information security personnel puts tremendous pressure on IT departments to recruit, train, compensate and retain critical staff. The cost of in-house network security specialists can be prohibitive. However, when partnering with an MSSP, the outsourcing, the hiring, training and retaining of skilled staff become its problem.
And what`s even more, an MSSP is likely to retain security experts by offering a range of career opportunities and positions from entry level to senior management, all within the information security field.
Facilities: MSSPs can also enhance security simply because of the facilities they offer. Many MSSPs have special security operations centres (SOCs) located in various parts of the country. These are physically hardened sites with state-of-the-art infrastructure managed by trained personnel.
Security awareness: It is difficult for an organisation to track and address all potential threats and vulnerabilities as well as attack patterns, intruder tools, and current best security practices. An MSSP is often able to obtain advance warning of new vulnerabilities and gain early access to information on counter-measures. Also, an MSSP can advise on how other organisations handle the same types of security problems.
Despite the numerous benefits of partnering with an MSSP, it`s still critical that a good working relationship is established to build trust. The reality is that any MSSP has access to sensitive client information and details about the client`s security posture and vulnerabilities.
Also, one of the greatest risks comes from inadequate, incomplete planning and infrequent communication and review between the provider and the client. This partnership can fail at any stage. Like any business relationship, it requires attention, care and due diligence.
Share