Sanjay Ahuja, VP, Middle East and Africa, AGC Networks, explains why organisations need to leverage Managed Security Services (MSS).
We are getting close to the point (if we aren’t there already!) where we need to acknowledge that trends like Big Data, BYOD, cloud, mobile, social and virtualisation are no longer ‘emerging’ technologies that enterprises can leverage to gain a competitive advantage. One could argue that these technologies are critical business enablers that all enterprises need to leverage if they are to remain competitive. According to the Cisco Global Cloud Index, from 2013-2018, the Middle East and Africa is expected to have the highest cloud traffic growth rate in the world with a GAGR of 54 percent and cloud workloads are expected to grow at a CAGR of 39 percent for the same time period.
Faced with the growing number of cyber threats, it is imperative that enterprises make IT security their number one priority, particularly as we continue to make the push towards ‘Smart Cities’ and ‘E-Government’. Unfortunately between the pace of technological advancement, shortage of skilled IT resources in the region, and the pressure on IT departments to focus on business critical infrastructure and services, security tends to get lost in the shuffle. It is against this backdrop that enterprises should consider outsourcing the implementation, operation, and management of their IT security to third party vendors; commonly referred to as Managed Security Service (MSS) providers.
In addition to freeing up IT resources to focus on business critical functions, there are essentially four key arguments in favour of making the switch to MSS.
Security is a 24/7 job
Unlike most other IT functions, security is not an 8:00am – 5:00pm, Sunday – Thursday, job! Enterprises need to be vigilant against attacks 24 hours a day, 7 days a week, 365 days a year; something that requires a significant investment in terms of technology and manpower.
Managed Security Service providers ensure that enterprises get a bespoke set of services based on their needs and their appetite for handling risks in the environment. MSS also builds in an unmatched level of redundancy thus providing enterprises with 24×7 availability.
Access to latest technologies
Combatting cyber-attacks can be likened to a game of ‘Whack-a-mole’! Given the pace at which technology is evolving, just when you think you have snuffed out a threat in one area, a new threat crops up in another. It is impractical from both a cost and logistics standpoint for enterprises to keep upgrading their infrastructure and software to keep up with the ever changing threat landscape.
Ideally, every enterprise should have a mirrored test environment for creating and testing correlation rules. Turning a rule on in production can easily have unexpected, adverse effects such as flooding or slowing the application. A test environment is a must if an enterprise is to effectively manage the system without causing problems across the organisation. The cost associated with such a setup can be prohibitive; another reason to switch to an MSS provider.
Leverage global experience
One of the biggest advantages of MSS providers is their ability to leverage the learnings and expertise from across the globe. Most MSS providers have operations across all the major continents and have, in all likelihood, had to prepare for or counter just about every threat out there. This gives them a decided advantage over in-house teams and allows them to be proactive and put systems and plans in place to protect enterprises in the region.
Economies of scale
Opting for MSS will result in a substantial reduction in Total Cost of Ownership (TCO) – similar to other ‘as-a-Service’ offerings, MSS gives enterprises the flexibility to significantly reduce their CapEx and transition to an OpEx model. These savings can then be reinvested in IT infrastructure, services and applications that will have tangible business benefits and positively affect the bottom line.
Access to talent pool
Staffing a true 24x7x365 Security Operation Center (SOC) requires a minimum of seven full-time employees for one setup. While IT departments, network groups or even security teams may have the talent/expertise, they rarely have the current and well-practiced skill set that is required to execute real-time or even batched security event analysis, on the millions of events that are generated from their environment on a daily basis, to find the one or two true security incidents. To provide the necessary skill sets, analysts must receive periodic training which adds thousands of dollars in annual investments. Of course, nothing can compensate for experience, and finding employees that have this experience can be time-consuming and costly. One must also consider the costs of turnover should personnel critical to the daily operation of the technology depart.
Not having the proper security personnel puts tremendous pressure on IT departments to recruit, train, compensate and retain a 24×7 security staff. Tools such as SIEM for example, are not easy to understand out of the box and by no means easy to use. Learning how they work takes weeks, if not months, of training depending on the specific SIEM technology and the personnel’s background.
MSS Integrators allow in-house security teams to spend their time focusing on strategic efforts, instead of having to spend their time and energy on keeping complex technology up and running, performing event analysis and managing security technology.
According to Gartner, by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk. Believing that ‘it won’t happen to me’ would be a mistake and given the strain on internal IT resources, enterprises would be well served to leverage MSS. While there is no magic formula, at a very minimum, enterprises should consider outsourcing Vulnerability Management/Penetration Testing (VM/PT), the management of the infrastructure components (including firewalls, UTM, IPS/IDS), Security Incident and Event Management (SIEM), Data Loss Prevention (DLP) and Mobile and Channel Security.