Sunday, 26 March 2017
Assess Your MSSP to Prepare For and Reduce Downtime Damages
In the hyper active connected world, more businesses are aware of the increasing number of dangers that low cyber security brings along. In fact, with the Internet of Things (IoT), the security risks are far more prevalent where it is spread across governments and corporate enterprise networks as well as in consumer’s homes. Cisco, in its Visual Networking Index (VNI) predicts that by 2020, there will be more than 26 billion IP network-connected devices and the global internet traffic will be 92 times greater than global Internet traffic in 2005. This undoubtedly raises not just the security risks, but also calls for more rigorous measures to tackle the problem.
Coupled with the increasing numbers of connected devices, there is a daunting environment where the cyber security threat landscape is constantly changing. Hackers are getting stronger with more sophisticated tactics every day, lack of education of malware that can be transmitted through mobile devices and no clear-cut BYOD policies, careless employee behavior, outdated security software, etc. With larger number of organizations making strong investments in IT restructuring to boost business revenues, it brings on the added disadvantage of the lack of skilled professionals to run, maintain and service the IT infrastructure.
Many organizations are now turning to Managed Security Service Providers (MSSP) to build on their security needs and help protect their networks and data. In fact, according to a Markets & Markets study, the Managed Security Services market is expected to grow from $17.02 billion in 2017 to $33.68 billion in 2021, at a Compound Annual Growth Rate (CAGR) of 14.6% during the forecast period and will be adopted across business sectors including healthcare, telecom, education, government, BFSI and retail segments.
To have an effective strategy while working with an MSSP, companies must evaluate and conduct risk assessments and ensure that they get the best out of their services provider. This include knowing a few things:
• How well does the MSSP understand your business model to recommend and implement the services and solutions? Lack of understanding can be disastrous and a sure shot for future complications
• Focus on working with an MSSP that has domain expertise to ensure their understanding of the business requirements
• Do they have a 360 degree approach to security which includes the whole range of technology, including hardware as well as software and more importantly, how will they tackle regular updates requirement?
• How strong is the MSSP in terms of disaster recovery, back-up, business continuity, etc.?
• Evaluate the company’s policies on risk management, skills training, processes and systems.
• How does the MSSP comply with industry standards and certifications?
• How will the MSSP provide and implement the right access control systems to the devices as well as logs. What is the reporting system?
• Understand the technology that the MSSP has in place for pre, during and post a security attack
• Meet and evaluate the security skills of the person/team that will be assisting in the company’s day to day workings
• Draw up a well drafted service-level-agreement which clearly spells out the services and implementation, and the processes and systems that will ensure quick response to requests and issues
• To make the services more cost effective, are they capable of providing flexibility in the usage patterns?
• Should the customer be involved in any way with payments, they should ensure that the MSSP has Payment Card Industry Data Security Standard (PCI DSS) certification. This reduces the focused efforts on strict guidelines that need to be followed as well as ensures that the service is cost beneficial
• Will the service include 24×7 monitoring and management of the required Infrastructure?
• Do they have a SOC and have enough built use cases for handling incidents?
And finally, MSSPs bring along major positive impact in tackling the cyber security needs, but one has to remember that collaboration is the key to ensuring best results. It needs to filter down from the management and not just left to the workings of the IT service provider or the internal IT department.