Five frequently asked questions about managed security services
Computerworld - The managed security service business is booming; it produced $900 million in revenue in 2001 and $1.5 billion in 2002. The Yankee Group forecasts that the market will grow to $2.6 billion by 2005. This research note underscores the ingredients in a successful engagement.
Should I select the same service provider to manage both IT services and security services?
The Yankee Group recommends a separate vendor for security services to avoid conflicts of interest between security and customer service. Administrators trying to serve the customer can view security processes as a hindrance to their ability to deliver the service within the agreed time frame.
To ensure that your security policies are being enforced, you should separate the security duties and employ dedicated staff. Leading service providers such as Electronic Data Systems Corp., AT&T Corp. and IBM offer both security and other infrastructure services. Dedicated security leaders include Internet Security Systems Inc., Symantec Corp., RedSiren, NetSec Inc., TruSecure Corp., Equant, Guardent Inc., VeriSign Inc. and Solutionary Inc.
What process should I follow when implementing a managed security service?
Your corporate security policies are the best place to start. The roles and responsibilities defined in these policies can be divided between outsourced and in-house security staff.
Identify those assets in the scope of the service, and negotiate a service-level agreement to manage these assets. This groundwork forms the foundation of your managed services contract and ensures that both parties have clear expectations.
It is also critical to ensure adequate staffing before, during and after the transition to a managed service. The difficulty in demonstrating return on investment for security and a shortage of skilled staffers has led to chronic understaffing within internal security teams. Do not assume that your managed service provider has staff to fulfill the contract. Ask for staffing approval and play an active role to ensure staffing is adequate.
How do managed security services affect corporate security risks?
If you've moved to the managed services model, you have reduced the risks in the scope of your managed service agreement. However, you, not the provider, are responsible for the consequences of a security breach, outage, information theft, or fraud. Trust your provider to enforce your corporate policies, but periodically verify that they do this effectively. Regular reassessment of overall corporate security risks and controls is vital, and it will help you understand how to get the most from the services you have chosen.
Managed security services increase some risks. For example, a service provider will ask for privileged remote access. If the risk analysis demonstrates that you still have significant
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!