“Cyber security has reached the top of the boardroom agenda,” said James Hanlon of Symantec. The cyber security strategy lead for EMEA with the company told TechPro that high profile breaches and threats have made this inevitable. “With a reported global shortage of cybersecurity professionals, some companies are struggling to recruit, build and maintain their in-house security capabilities,” added Hanlon.
Such factors of course, make a compelling argument for the managed security services market and indeed this particular area seems in good health at present. Eamon Moore, managing director for E-MIT Solutions did note though that there are some companies who have seen the warning signs and, if possible, hire in that expertise. “It has been a mixture of both, in our experience,” he said, with divisions between those going down the managed route and those choosing to handle increased security threats in-house.
For instance, Moore said that the concept of “shadow IT”, which is, he said, “a security breach in its own right”, is one “major” security concern which he sees being handled internally on a common basis. “In our experience, Irish businesses will carry out an analysis of their internal network for applications and resources that are running without their knowledge,” he said. However even after this in-house initiative, he made the point that companies are then “likely to look to a managed security service to enforce the usage and IT policies set by management.”
Through outsourcing the monitoring of their estate, businesses can gain better insights into any difficult to detect events which could affect them. We’re also seeing an industry shift from purely providing security protection, to having the ability to switch on incident response capabilities to any threats, which is becoming an increasingly popular emergency and managed service, James Hanlon, Symantec
For the most part, Moore said, “We are seeing Irish businesses in the SME space that are looking to protect their businesses through a managed service offering as the specialist knowledge that is required to run in-house is far too costly and resource-intensive for many organisations.”
‘Multiple’ advantages
CTO of Ward Solutions, Paul Hogan said that in short the advantages of managed security services providers (MSSPs) over in-house solutions are “multiple”. They provide organisations with “access to resources that they could not otherwise afford to maintain internally,” he argued. Solutions director at Trilogy Technologies, Rob Paddon added that his company has benefitted from “a number” of businesses looking to them as “they do not have the staff or expertise in-house to successfully manage all of the components that a full security environment require”.
Paddon continued that there is now “widespread acknowledgement” that IT security management is “not simply about buying firewalls and endpoint products but is about how the appropriate policies and standards are designed into the ICT infrastructure”, and as such encourages outside help in approaching such a complex area. Karen O’Connor, general manager service delivery for Datapac said too that at this point Irish organisations are “highly aware of security threats,” but was quick to add that despite all the steps forward, there are still companies here which are “lagging in the implementation of adequate security systems”.
In our experience, Irish businesses will carry out an analysis of their internal network for applications and resources that are running without their knowledge. However even after this in-house initiative, companies are then likely to look to a managed security service to enforce the usage and IT policies set by management, Eamon Moore, E-MIT Solutions
Piecemeal approach
“Organisations often take a piecemeal approach to security rather than treating it in a holistic and strategic manner,” said O’Connor. “They are reactive rather than proactive which leaves them in a very vulnerable place when dealing with growing volumes of cyber threats,” she added. With all this in mind, O’Connor commented that in recent months she’d seen more and more security-related services being outsourced.
“Managing security in-house has become a complex and multidimensional task. Working with a certified and experienced partner will not only remove the complexity associated with the threat landscape but also provides integrated and/or tiered solutions that work better together in targeting multiple threats,” she said.
Specialist assistance
With the decision made for many companies to go down the managed services route when it comes to security then, what do they expect from these options? Many, said O’Connor, are investing in unified threat management (UTM) solutions, end-user and data protection, as well as application security. “They also often seek specialist assistance with preventive auditing tasks such as penetration testing or PCI compliance,” she said, echoing Paddon’s earlier point.
Paddon himself said the major “emerging area” for him in the managed security space is “around securing the LAN and extended LAN infrastructure”. This, he said, means “monitoring for anomalous activity, checking policies and permissions in real time and also monitoring and managing data and database security is becoming a standard part of an overall service.”
Subscribers 0
Fans 0
Followers 0
Followers