South Africa
ICT Section
Submit newsAdvertiseSubscribe
NewsPress Office NewsCompaniesJobsEventsPeopleMultimediaFeaturesOpinion
AdvertiseSubmit news

Industries

All industriesAgricultureAutomotiveConstruction & EngineeringEducationEnergy & MiningEntrepreneurshipESG & SustainabilityFinanceHealthcareHR & ManagementICTLegalLifestyleLogistics & TransportManufacturingMarketing & MediaPropertyRetailTourism & Travel

Features

IMC ConferencePendoringBizTrendsBizTrendsTVLoeries Creative WeekOrchids and OnionsThe Lead CreativeMore Sections..

In the news

Bizcommunity.comStoneBluegrass DigitalXLinkMoonsportBullion PR & CommunicationEnquire about a company Biz Press Office
Agriculture
Automotive
Construction & Engineering
Education
Energy & Mining
Entrepreneurship
ESG & Sustainability
Finance
Healthcare
HR & Management
ICT
Legal
Lifestyle
Logistics & Transport
Manufacturing
Marketing & Media
Property
Retail
Tourism & Travel

News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

Submit content

My Account

Advertise with us

Subscribe & Follow

Trending

2 days 7 days 30 days By Industry
Advertise your job vacancies
    Post your Job Ad here >>
    Search jobs

    Jobs

    More jobsSubmit a jobOpen account

    Five tips when considering managed security services

    Recent reports suggest that the managed security services (MSS) space, which increased by 12% to US$13 billion in 2012, will continue to grow rapidly. For businesses looking to partner with a MSS provider (MSSP), this article will provide tips which may assist in properly assessing your IT security environment before engaging a MSSP for outsourced services.
      Andrew KirklandBy Andrew Kirkland
      17 May 2013
      17 May 2013

    1. Decide whether your management needs are primarily compliance- or security-based: If compliance-based, are you looking for help with tasks, like log aggregation and roll-up reporting, that directly address compliance, governance and audit requirements? Or are you looking for more hands-on support for configuration changes, policy updates and more granular visibility into security events and remediation assistance? The answer to these questions will help determine the breadth and depth of the services you contract for and the price you will pay.
    2. Understand where your support strengths and gaps are in your IT security organisation: Is the skillset you have impacted by budget constraints or the challenge of finding and retaining the right skill level and talent? Do you need to augment existing resources? Determining this will help in evaluating MSSPs in terms of their flexibility for shared versus full management responsibilities between your organisation and the outsourced entity; and in assessing, for example, if a self-service option for access to captured data and intelligence for certain services is adequate to address your needs.
    3. Determine your IT organisation's ability to detect and combat threats against your business: Do you possess security data analytics skills with the ability to disseminate threats and "out of the norm" behaviour? Are you able to effectively aggregate and review log data in real-time and parse data traversing your email and web gateways? Again, answers here will dictate if you require real-time management support and perhaps more advanced managed services such as web application firewall, network access control, secure web gateway technologies, or multi-factor authentication, over traditional perimeter security control services such as firewall/UTM and intrusion detection/prevention.
    4. Measure your internal total cost of ownership for information security management: Have you calculated the full-time equivalent (FTE) costs of your staff resources or how much it would cost to retain resources with necessary IT security expertise? What are your annual capital expense outlays for information security management? How much do you pay for software, licensing and maintenance? How much of your business operations are moving to the cloud? Answers to these questions will help determine the level of potential resource and cost savings that a MSSP can realistically provide.
    5. Determine if and where you have invested in security technology that is just sitting on the shelf or is out of date: Due to budgetary and resource constraints have you been unable to effectively leverage information security technologies you made an original investment in? Is the technology you have managed to deploy out of date? MSSPs can provide real value in helping not only to deploy technology consistently, but also maintaining the technology to ensure it is keeping pace with the evolving information security threat landscape.

      In using these tips as a basis for discussions with MSSPs, be sure to understand and clarify service level agreement (SLA) commitments, particularly in the areas of time windows for notification, response, support coverage and items such as failed hardware replacement for premise-based services. It is also important to have a good understanding of the scope of support. Beyond web portal access and telephone, does support extend to items including, for example, auto-notification alerting (e.g. email, text) and the ability to track progress of remediation efforts for identified security events for audit and compliance purposes?

      It is also advisable to determine with the MSSP where management responsibilities may begin and end. This touches on SLAs, but becomes more important in shared management models where the business requires some level of access to the technology to, for example, analyse data or update policy rules.

      Finally, obtain a good understanding of a MSSP's fee structure. Does the MSSP offer annualised or monthly service subscriptions? Do they charge separately for premise-based equipment? Are there any explicit licensing and maintenance costs?

      While not an exhaustive list, these points are intended as a guide to help prepare you for an intelligent, informed discussion regarding your specific security needs with the goal of moving beyond simple cost savings to determining the real value a MSSP can provide.

      6. Share this article
      NextOptions

      About Andrew Kirkland

      Andrew Kirkland is the country manager for Trustwave in South Africa.
      TopicsNext
      Top stories
      Marketing & Media
      Expand
      Retail
      Expand
      Finance
      Expand
      ICT
      Expand
      Education
      Expand
      Construction & Engineering
      Expand
      Entrepreneurship
      Expand

      Latest jobs

      Tips
      C# Application ArchitectREMOTEE-Merge IT Recruitment30 Sep
      Salesforce DeveloperCape Towne-Merge IT Recruitment30 Sep
      Intermediate COBOL DeveloperJohannesburgE-Merge IT Recruitment29 Sep
      Data AnalystJohannesburgE-Merge IT Recruitment29 Sep
      Data Analytics ManagerCape TownE-Merge IT Recruitment29 Sep
      Junior Software EngineerREMOTEE-Merge IT Recruitment26 Sep
      Senior Developer (C# & Java)REMOTEe-Merge IT Recruitment26 Sep
      Senior Salesforce DeveloperCape Towne-Merge IT Recruitment25 Sep
      Senior C# Software ArchitectREMOTEE-Merge IT Recruitment25 Sep
      Bizops AssociateCape TownThe Talent Boom25 Sep
      More jobs
      Automotive
      Expand
      HR & Management
      Expand
      Healthcare
      Expand
      Property
      Expand
      Logistics & Transport
      Expand
      ESG & Sustainability
      Expand
      Tourism & Travel
      Expand
      Agriculture
      Expand
      Legal
      Expand
      Manufacturing
      Expand
      Energy & Mining
      Expand
      Lifestyle
      Expand
      Let's do Biz