Meet the Bloggers

Vaune Carr, Principal Consultant, BT Global Services

Rob Jamison, Manager, Network Intelligence, Managed Security Solutions Group, BT Global Services

Jill Knesek, Chief Security Officer, BT Global Services

Sushila Nair, Product Manager, Managed Security Solutions Group, BT Global Services

Ben Rothke, Senior Security Consultant, BT Global Services

Pete Russo, Senior Marketing Manager, BT Global Services

Bruce Schneier, Chief Security Technology Officer, BT Global Services

Ray Stanton, Global Head of BT’s Business Continuity, Security & Governance Customer Capability Unit

Jim Tiller, Vice President, Security Professional Services, North America, BT Global Services

Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

Twitter Blogroll About BT

SecureThinking > Tags

Posts tagged Enterprise Management Associates

Friday, July 16, 2010

To outsource or not? That is the security question

By Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

Dramatic increases in vulnerabilities and threats coupled with growing compliance requirements have made security into one of the most challenging domains of IT management.  How can organizations make the most of limited resources without sacrificing strategic business priorities? How can organizations deliver security management at scale, from day one?  

Recent research from Enterprise Management Associates indicates that organizations are turning to managed security services to address these concerns.  In fact, spending is on the rise as more businesses dedicate resources in this area over the next 12 months.

So what has driven this change?  Typically, organizations have been wary of outsourcing in general, let alone giving up control when it comes to securing their more critical assets.  One main driver is that organizations have to do more with less.  As security threats continue to evolve and become more sophisticated; organizations have a better understanding of the implications to their business, yet they oftentimes lack the resources to effectively manage the threats internally. 

While change is in the air, there is still some uncertainty on the option of outsourcing.  So here is our take on the value provided:

  • Specialize and highly trained resources: The fact is that attacks evolve every day.  Technologies to protect against these attacks need to evolve to meet the sophistication of new attacks.  But tools alone can’t protect your organization.  By outsourcing, organizations have access to highly trained analysts who utilize the most advanced tools and expertise.  It is difficult for organizations, even at a global level, to maintain this type of internal resource.
  • Keeping on top of the latest: Ongoing training for specialists can be a drain on resources.  Continuous professional development requirements should be a part of your MSSP’s responsibilities since threats, attack vectors, attack patterns, and technologies are changing constantly.  When considering an MSSP, ensure that your vendor requires their teams to be certified and recertified on a regular basis.  
  • A broader view: Ultimately, the greatest advantage of turning to an MSSP is that vendors have a broader view of events.  An MSSP will see significantly more events than a single company and will have a global view of these events.  This means MSSPs can detect patterns of attacks and see attacks develop in real-time, allowing for quick remediation and in some cases, prevention of an attack all together.  

So when asked if an organization should outsource security or keep it inside, it may not be a simple answer, but each organization should evaluate options and determine which method is best for their needs.  To learn more, go to http://bt.counterpane.com/managed-security-solutions.html

Posted at 4:07 PM in SecureStrategies | No Comments »
Tags: , , ,

Bookmark and Share

subscribe - log in