Five frequently asked questions about managed security services
Computerworld - The managed security service business is booming; it produced $900 million in revenue in 2001 and $1.5 billion in 2002. The Yankee Group forecasts that the market will grow to $2.6 billion by 2005. This research note underscores the ingredients in a successful engagement.
Should I select the same service provider to manage both IT services and security services?
The Yankee Group recommends a separate vendor for security services to avoid conflicts of interest between security and customer service. Administrators trying to serve the customer can view security processes as a hindrance to their ability to deliver the service within the agreed time frame.
To ensure that your security policies are being enforced, you should separate the security duties and employ dedicated staff. Leading service providers such as Electronic Data Systems Corp., AT&T Corp. and IBM offer both security and other infrastructure services. Dedicated security leaders include Internet Security Systems Inc., Symantec Corp., RedSiren, NetSec Inc., TruSecure Corp., Equant, Guardent Inc., VeriSign Inc. and Solutionary Inc.
What process should I follow when implementing a managed security service?
Your corporate security policies are the best place to start. The roles and responsibilities defined in these policies can be divided between outsourced and in-house security staff.
Identify those assets in the scope of the service, and negotiate a service-level agreement to manage these assets. This groundwork forms the foundation of your managed services contract and ensures that both parties have clear expectations.
It is also critical to ensure adequate staffing before, during and after the transition to a managed service. The difficulty in demonstrating return on investment for security and a shortage of skilled staffers has led to chronic understaffing within internal security teams. Do not assume that your managed service provider has staff to fulfill the contract. Ask for staffing approval and play an active role to ensure staffing is adequate.
How do managed security services affect corporate security risks?
If you've moved to the managed services model, you have reduced the risks in the scope of your managed service agreement. However, you, not the provider, are responsible for the consequences of a security breach, outage, information theft, or fraud. Trust your provider to enforce your corporate policies, but periodically verify that they do this effectively. Regular reassessment of overall corporate security risks and controls is vital, and it will help you understand how to get the most from the services you have chosen.
Managed security services increase some risks. For example, a service provider will ask for privileged remote access. If the risk analysis demonstrates that you still have significant
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!