ICT Section
Submit newsAdvertiseSubscribe
NewsPress OfficesCompaniesJobsEventsPeopleMultimediaFeaturesOpinionMy Biz
AdvertiseSubmit news

Industries

All industriesAgricultureAutomotiveConstruction & EngineeringEducationEnergy & MiningEntrepreneurshipESG & SustainabilityFinanceHealthcareHR & ManagementICTLegalLifestyleLogistics & TransportManufacturingMarketing & MediaPropertyRetailTourism & Travel

Features

BizTrendsIMC ConferenceIAB Bookmarks AwardsOrchids and OnionsPrism AwardsLoeries Creative WeekMore Sections..

In the news

ASUSAltronSAICAEnquire about a company Biz Press Office
Agriculture
Automotive
Construction & Engineering
Education
Energy & Mining
Entrepreneurship
ESG & Sustainability
Finance
Healthcare
HR & Management
ICT
Legal
Lifestyle
Logistics & Transport
Manufacturing
Marketing & Media
Property
Retail
Tourism & Travel

News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Subscribe & Follow

Advertise your job vacancies
    Post your Job Ad here >>

    Trending

    2 days 7 days 30 days By Industry
    Search jobs

    Jobs

    More jobsSubmit a jobOpen account

    ICT

    Five tips when considering managed security services

    Andrew KirklandBy Andrew Kirkland
    17 May 2013
    17 May 2013
    Recent reports suggest that the managed security services (MSS) space, which increased by 12% to US$13 billion in 2012, will continue to grow rapidly. For businesses looking to partner with a MSS provider (MSSP), this article will provide tips which may assist in properly assessing your IT security environment before engaging a MSSP for outsourced services.

    1. Decide whether your management needs are primarily compliance- or security-based: If compliance-based, are you looking for help with tasks, like log aggregation and roll-up reporting, that directly address compliance, governance and audit requirements? Or are you looking for more hands-on support for configuration changes, policy updates and more granular visibility into security events and remediation assistance? The answer to these questions will help determine the breadth and depth of the services you contract for and the price you will pay.
    2. Understand where your support strengths and gaps are in your IT security organisation: Is the skillset you have impacted by budget constraints or the challenge of finding and retaining the right skill level and talent? Do you need to augment existing resources? Determining this will help in evaluating MSSPs in terms of their flexibility for shared versus full management responsibilities between your organisation and the outsourced entity; and in assessing, for example, if a self-service option for access to captured data and intelligence for certain services is adequate to address your needs.
    3. Determine your IT organisation's ability to detect and combat threats against your business: Do you possess security data analytics skills with the ability to disseminate threats and "out of the norm" behaviour? Are you able to effectively aggregate and review log data in real-time and parse data traversing your email and web gateways? Again, answers here will dictate if you require real-time management support and perhaps more advanced managed services such as web application firewall, network access control, secure web gateway technologies, or multi-factor authentication, over traditional perimeter security control services such as firewall/UTM and intrusion detection/prevention.
    4. Measure your internal total cost of ownership for information security management: Have you calculated the full-time equivalent (FTE) costs of your staff resources or how much it would cost to retain resources with necessary IT security expertise? What are your annual capital expense outlays for information security management? How much do you pay for software, licensing and maintenance? How much of your business operations are moving to the cloud? Answers to these questions will help determine the level of potential resource and cost savings that a MSSP can realistically provide.
    5. Determine if and where you have invested in security technology that is just sitting on the shelf or is out of date: Due to budgetary and resource constraints have you been unable to effectively leverage information security technologies you made an original investment in? Is the technology you have managed to deploy out of date? MSSPs can provide real value in helping not only to deploy technology consistently, but also maintaining the technology to ensure it is keeping pace with the evolving information security threat landscape.

      In using these tips as a basis for discussions with MSSPs, be sure to understand and clarify service level agreement (SLA) commitments, particularly in the areas of time windows for notification, response, support coverage and items such as failed hardware replacement for premise-based services. It is also important to have a good understanding of the scope of support. Beyond web portal access and telephone, does support extend to items including, for example, auto-notification alerting (e.g. email, text) and the ability to track progress of remediation efforts for identified security events for audit and compliance purposes?

      It is also advisable to determine with the MSSP where management responsibilities may begin and end. This touches on SLAs, but becomes more important in shared management models where the business requires some level of access to the technology to, for example, analyse data or update policy rules.

      Finally, obtain a good understanding of a MSSP's fee structure. Does the MSSP offer annualised or monthly service subscriptions? Do they charge separately for premise-based equipment? Are there any explicit licensing and maintenance costs?

      While not an exhaustive list, these points are intended as a guide to help prepare you for an intelligent, informed discussion regarding your specific security needs with the goal of moving beyond simple cost savings to determining the real value a MSSP can provide.

      6. Share this article
      NextOptions

      About Andrew Kirkland

      Andrew Kirkland is the country manager for Trustwave in South Africa.

      NextOptions
      Let's do Biz