Digital transformation has resulted in business cycles becoming faster and companies adopting technologies such as Big Data analytics, Internet of Things, mobility, blockchain, and cloud to gain additional agility, efficiency, and cost reductions.
This evolution brings with it new risks and threats, many of which are cyber security-related.
In order for organisations to operate optimally, security has to be fully aligned with the business and considered an enabler rather than a cost.
According to numerous surveys on the maturity of security services and operations, it takes a minimum of three years for organisations to reach a defined level of maturity in this area.
Ongoing improvements and enhancements are also required to maintain a given level of maturity.
Cyber security skills are in high demand, yet in short supply. The talent problem is further exacerbated by challenges in motivating and retaining such skills given their high level of demand.
Why engage a Managed Security Service Provider (MSSP)?
Security outsourcing and partnering with a Managed Security Service Provider (MSSP), if properly aligned, designed and managed, has multiple operational, tactical and strategic benefits to a business.
– It addresses the cyber security skills shortage by allowing clients to gain access to the required security expertise without concerns over direct budgets and efforts to train experts and remain up-to-date with the rapidly evolving threat landscape. A MSSP can establish 24/7/365 service, providing access to expertise around-the-clock. The business only needs to describe the Service Layer Agreements (SLA) required to secure its operations.
– It addresses any gaps in security processes by introducing a well-established, efficient, and complete set of security procedures and processes, customised and aligned with the business. Such an approach can help address security threats in an effective manner while also ensuring compliance requirements are met.
– There are cost savings to be made by the business by not requiring higher budgets for in-house services. Costs related to a MSSP are predictable; releasing the business from the high cost of maintenance, staff/training, aging systems, retention challenges and ownership. The pricing model also changes from capex to opex; which is an attractive option for organisations with limited capital expenditures.
– Scalability of MSSP services will ensure faster business expansion as the outsource services are scalable compared to in-house services. In summary, customers are able to receive a world-class service at lower cost, while also being able to spend less time and effort managing their internal security services, enabling them to focus on their core business. Security would therefore be of higher return on investment with a MSSP.
Criteria for successfully selecting a MSSP
– Trust: Outsource your services to trusted MSSPs to secure the required level of confidentiality, particularly for sensitive data. The MSSP shouldn’t be a source of threat to your business.
– Experience: Secure your business and services by selecting a MSSP with the required experience in the domain and which has invested in refining its processes and technologies.
– Cost: The MSSP should be able to provide different and flexible delivery and support models for the business to be able to select the most convenient one that aligns with requirements and risk appetite.
– Compliance: The MSSP should be able to demonstrate its capability to meet the necessary compliance requirements and regulations of the business.
– KPIs: Establish a partnership in which SLAs are communicated, agreed upon, and monitored.
– Skills: Ensure the MSSP possesses the right people, who are skilled, trained, certified and experienced, and will be able to add value to your business environment.
– Technology and integration: Besides the commodities, experienced MSSPs invest in developing customised solutions that can be integrated with the customer’s technologies and services.
– Stability: Ensure that the selected MSSP is financially and operationally stable, possessing a good market reputation for providing quality services over time without compromise.
– Processes: The MSSP should have the policies, processes, procedures, standards and guidelines to allow delivery of a process-driven service to clients versus an ad hoc delivery model.
– Delivery Experience: The MSSP should be involved in ongoing dialogue with the client with respect to the delivery of high-quality services including portals for monitoring the client’s services and security posture. The MSSP also needs to deliver a compelling user experience and clearly defined communications channels with the business.
About the author
Mahmoud Kaddoura, Senior Manager – Operations at DarkMatter. He may be contacted via the corporate Twitter handle, GuardedbyGenius