| |||||||||
| |||||||||
Current Filter: >>>>>> Are you being properly served? Editorial Type: Industry Focus Date: 09-2014 Views: 3093 Key Topics: Security Managed Security Outsourced IT Cybercrime DDoS Key Companies: Espion IP EXPO Europe Key Products: Key Industries: Government | |||
| Managed security services are designed to help improve information security. but how well do they perform this function? The picture is one of varied results, it would seem. Managed security services are designed to help you improve your information security - either by outsourcing your security operations or supplementing your existing security teams. What managed security services providers promise is the expertise, knowledge and infrastructure that you need to secure your information assets from Internet attacks, often saying that this can be done at a fraction of the cost of in-house security resources. Does the reality live up to the promises, though? Or could you rely on your own internal resources to deliver equally secure systems at lower cost, all under much tighter personal control? Or would an MSP bring far better operational, financial and strategic efficiencies across the enterprise?
COHESIVE STRATEGY "Operating a 24X-7X-365 Security Operations Center (SOC) is often the answer to meeting these concerns. However, all the associated headaches in setting up a SOC may prove too costly or resource intensive to implement, not to mention the difficulty in trying to find, train and retain highly-skilled, sought-after IT security personnel. Every organisation needs to first evaluate its own risk tolerance before considering implementing its own SOC or utilising an outsourced managed security service provider SOC," Spelman comments.
DEDICATED TEAM "The risks to outsourcing security are broadly the same as many types of outsourcing. Hidden charges, for example, can pose significant risk to an organisation with a security function outsourced, as anything not covered in the contract will be the basis for additional charges." A good example of this is outsourced (cloud) DDoS mitigation services, says Spelman, whereby the organisation is unsure of its allowable quota or allowable duration of a volumetric attack. "In this instance, an organisation may be charged exorbitant fees as a result of an attack which is not within the agreed 'bracket' of protection or, worse, the MSSP terminates the service on exceeding the agreed attack threshold, causing downtime for the organisation and possibly irreparable damage to the underlying systems and reputation of the organisation," he advises.
RISK VERSUS REWARD "However, for organisations that process or store sensitive data under any kind of regulation mandate (industry, geolocation or otherwise), outsourcing IT security may be complex, problematic or even illegal. This can be due to the limitations enforced by the service level agreements and audit controls that the MSSP provide and, in fact, also the level of assurance that an organisation is given," he adds.
Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |