Five frequently asked questions about managed security services
Computerworld - The managed security service business is booming; it produced $900 million in revenue in 2001 and $1.5 billion in 2002. The Yankee Group forecasts that the market will grow to $2.6 billion by 2005. This research note underscores the ingredients in a successful engagement.
Should I select the same service provider to manage both IT services and security services?
The Yankee Group recommends a separate vendor for security services to avoid conflicts of interest between security and customer service. Administrators trying to serve the customer can view security processes as a hindrance to their ability to deliver the service within the agreed time frame.
To ensure that your security policies are being enforced, you should separate the security duties and employ dedicated staff. Leading service providers such as Electronic Data Systems Corp., AT&T Corp. and IBM offer both security and other infrastructure services. Dedicated security leaders include Internet Security Systems Inc., Symantec Corp., RedSiren, NetSec Inc., TruSecure Corp., Equant, Guardent Inc., VeriSign Inc. and Solutionary Inc.
What process should I follow when implementing a managed security service?
Your corporate security policies are the best place to start. The roles and responsibilities defined in these policies can be divided between outsourced and in-house security staff.
Identify those assets in the scope of the service, and negotiate a service-level agreement to manage these assets. This groundwork forms the foundation of your managed services contract and ensures that both parties have clear expectations.
It is also critical to ensure adequate staffing before, during and after the transition to a managed service. The difficulty in demonstrating return on investment for security and a shortage of skilled staffers has led to chronic understaffing within internal security teams. Do not assume that your managed service provider has staff to fulfill the contract. Ask for staffing approval and play an active role to ensure staffing is adequate.
How do managed security services affect corporate security risks?
If you've moved to the managed services model, you have reduced the risks in the scope of your managed service agreement. However, you, not the provider, are responsible for the consequences of a security breach, outage, information theft, or fraud. Trust your provider to enforce your corporate policies, but periodically verify that they do this effectively. Regular reassessment of overall corporate security risks and controls is vital, and it will help you understand how to get the most from the services you have chosen.
Managed security services increase some risks. For example, a service provider will ask for privileged remote access. If the risk analysis demonstrates that you still have significant
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!