Jobs

Full-Stack Developer - C#/Angular 2+ Durban
Senior Front-End Developer Johannesburg
Data Integration Specialist - Fund Accounting Johannesburg
Corporate Sales Executive Pretoria
Corporate Sales Executive Boksburg
Corporate Sales Executive Pinetown
Senior SQL Developer Cape Town
Data Analyst George
Biz Dev Ops Lead Johannesburg
Intermediate Data Scientist Johannesburg

Five tips when considering managed security services

17 May 2013

Recent reports suggest that the managed security services (MSS) space, which increased by 12% to US$13 billion in 2012, will continue to grow rapidly. For businesses looking to partner with a MSS provider (MSSP), this article will provide tips which may assist in properly assessing your IT security environment before engaging a MSSP for outsourced services.

Decide whether your management needs are primarily compliance- or security-based: If compliance-based, are you looking for help with tasks, like log aggregation and roll-up reporting, that directly address compliance, governance and audit requirements? Or are you looking for more hands-on support for configuration changes, policy updates and more granular visibility into security events and remediation assistance? The answer to these questions will help determine the breadth and depth of the services you contract for and the price you will pay.

Understand where your support strengths and gaps are in your IT security organisation: Is the skillset you have impacted by budget constraints or the challenge of finding and retaining the right skill level and talent? Do you need to augment existing resources? Determining this will help in evaluating MSSPs in terms of their flexibility for shared versus full management responsibilities between your organisation and the outsourced entity; and in assessing, for example, if a self-service option for access to captured data and intelligence for certain services is adequate to address your needs.

Determine your IT organisation's ability to detect and combat threats against your business: Do you possess security data analytics skills with the ability to disseminate threats and "out of the norm" behaviour? Are you able to effectively aggregate and review log data in real-time and parse data traversing your email and web gateways? Again, answers here will dictate if you require real-time management support and perhaps more advanced managed services such as web application firewall, network access control, secure web gateway technologies, or multi-factor authentication, over traditional perimeter security control services such as firewall/UTM and intrusion detection/prevention.

Measure your internal total cost of ownership for information security management: Have you calculated the full-time equivalent (FTE) costs of your staff resources or how much it would cost to retain resources with necessary IT security expertise? What are your annual capital expense outlays for information security management? How much do you pay for software, licensing and maintenance? How much of your business operations are moving to the cloud? Answers to these questions will help determine the level of potential resource and cost savings that a MSSP can realistically provide.

Determine if and where you have invested in security technology that is just sitting on the shelf or is out of date: Due to budgetary and resource constraints have you been unable to effectively leverage information security technologies you made an original investment in? Is the technology you have managed to deploy out of date? MSSPs can provide real value in helping not only to deploy technology consistently, but also maintaining the technology to ensure it is keeping pace with the evolving information security threat landscape.

In using these tips as a basis for discussions with MSSPs, be sure to understand and clarify service level agreement (SLA) commitments, particularly in the areas of time windows for notification, response, support coverage and items such as failed hardware replacement for premise-based services. It is also important to have a good understanding of the scope of support. Beyond web portal access and telephone, does support extend to items including, for example, auto-notification alerting (e.g. email, text) and the ability to track progress of remediation efforts for identified security events for audit and compliance purposes?

It is also advisable to determine with the MSSP where management responsibilities may begin and end. This touches on SLAs, but becomes more important in shared management models where the business requires some level of access to the technology to, for example, analyse data or update policy rules.

Finally, obtain a good understanding of a MSSP's fee structure. Does the MSSP offer annualised or monthly service subscriptions? Do they charge separately for premise-based equipment? Are there any explicit licensing and maintenance costs?

While not an exhaustive list, these points are intended as a guide to help prepare you for an intelligent, informed discussion regarding your specific security needs with the goal of moving beyond simple cost savings to determining the real value a MSSP can provide.