The pros and cons of MSSPs
Part 1: 10 reasons to outsource security
Computerworld - More companies are outsourcing part of their security infrastructure, including firewalls, intrusion-detection systems and virtual private networks, to managed security service providers (MSSP).
There are many reasons why outsourcing may be a cheaper and better way to go. Note that I said "may be" because everything depends on your requirements. If your requirements dictate that all your security devices must be in-house and only two administrators will have access to them, then outsourcing isn't for you. So the first thing you need to do is to document your requirements.
Here are some reasons why outsourcing is an option.
MSSPs can get much better deals from vendors than you can on your own, so hardware and software will be cheaper. Let's do some simple calculations. If you decide to run firewalls in-house, the cost of a pair of Cisco Systems Inc.'s PIX 525 retail plus maintenance is about $20,000. The cost of a dedicated security engineer plus training will cost at least $110,000. (That's a low figure because I haven't added corporate overhead, which could be another 30% to 40%.) Take that over three years, the usual length of the depreciation period, and it costs about $10,000 per month. You can get it for much cheaper with an MSSP.
Generally, you can get a decent service-level agreement (SLA) for $1,000 to $2,000 a month. Over three years, that's quite a big savings.
2. Hardware upgrades
This section may be different depending on the MSSP, so be sure to ask if you are looking to outsource. Basically, hardware gets obsolete very quickly. If you buy your own hardware, in three years, you'll have to spend more money to upgrade. The original investment you made will become a paperweight. But if you go with an MSSP, you can get the hardware upgrade as part of your SLA. For example, let's say Nokia Corp. decides to upgrade its IP350 system to a faster processor. The MSSP would be able to upgrade you for free, whereas without one, you would have to spend money on your own.
3. Software upgrades
As with hardware upgrades, you can get software upgrades included in your deal with the MSSP. Software upgrades are sometimes part of the product maintenance cost (Cisco's PIX 6.1 to 6.3) or an additional cost (Check Point 4.1 to Check Point NG). On your own, you would have to shell out a 15% to 25% maintenance fee, plus whatever additional cost there is to upgrade. With an MSSP, the cost would be covered by the SLA.
4. Vendor support
Because MSSPs buy so much
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts