Five frequently asked questions about managed security services
Computerworld - The managed security service business is booming; it produced $900 million in revenue in 2001 and $1.5 billion in 2002. The Yankee Group forecasts that the market will grow to $2.6 billion by 2005. This research note underscores the ingredients in a successful engagement.
Should I select the same service provider to manage both IT services and security services?
The Yankee Group recommends a separate vendor for security services to avoid conflicts of interest between security and customer service. Administrators trying to serve the customer can view security processes as a hindrance to their ability to deliver the service within the agreed time frame.
To ensure that your security policies are being enforced, you should separate the security duties and employ dedicated staff. Leading service providers such as Electronic Data Systems Corp., AT&T Corp. and IBM offer both security and other infrastructure services. Dedicated security leaders include Internet Security Systems Inc., Symantec Corp., RedSiren, NetSec Inc., TruSecure Corp., Equant, Guardent Inc., VeriSign Inc. and Solutionary Inc.
What process should I follow when implementing a managed security service?
Your corporate security policies are the best place to start. The roles and responsibilities defined in these policies can be divided between outsourced and in-house security staff.
Identify those assets in the scope of the service, and negotiate a service-level agreement to manage these assets. This groundwork forms the foundation of your managed services contract and ensures that both parties have clear expectations.
It is also critical to ensure adequate staffing before, during and after the transition to a managed service. The difficulty in demonstrating return on investment for security and a shortage of skilled staffers has led to chronic understaffing within internal security teams. Do not assume that your managed service provider has staff to fulfill the contract. Ask for staffing approval and play an active role to ensure staffing is adequate.
How do managed security services affect corporate security risks?
If you've moved to the managed services model, you have reduced the risks in the scope of your managed service agreement. However, you, not the provider, are responsible for the consequences of a security breach, outage, information theft, or fraud. Trust your provider to enforce your corporate policies, but periodically verify that they do this effectively. Regular reassessment of overall corporate security risks and controls is vital, and it will help you understand how to get the most from the services you have chosen.
Managed security services increase some risks. For example, a service provider will ask for privileged remote access. If the risk analysis demonstrates that you still have significant
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts