Securing all fronts

Summary:Securing what is sacred to a business takes more than just a new program -- it can be a full-time job, which at times is better left to the experts.ContentsBenefitsHanding over controlWeighing it upSLA securityCase studiesNintendo plays the security gameQueensland company saves with securityThe start of the 21st century has redefined the word "security".

Handing over control
Weighing it up
SLA security
Case studies
Nintendo plays the security game
Queensland company saves with security

When a good MSSP is employed, a company should be able to expect constant monitoring and management of both internal and external network operations, depending on the services assigned to your provider. The idea is that as a client, you should rest easy knowing a team of experts is monitoring patch updates and keeping up with world security trends.

However, like most outsourced services, companies will not be able to hand over their liability in regards to security to the provider. Modesto says what IT staff will be able to do though, is show higher management that they have taken big steps to make their company secure. Other benefits of handing over the lock and key are glaringly obvious, he says.

"Cost would have to be the biggest one, on top of expertise. You can have some tough service level agreements (SLAs) written," Modesto says. "But every security provider will tell you that security is one thing that can never be 100 percent assured -- you simply can't guarantee that. Having a managed security provider is all about minimising exposure and managing security effectively -- something a lot of businesses cannot afford. For good security your infrastructure needs to be managed by someone with the time and the right tools and skills set -- things that when dealing with security, are not cheap."

Australian e-mail security penetration tester Neal Wise, partner at, agrees. He says as far as labour and costs go, making your security problem someone else's can be a very attractive offer. "There are perceived cost savings with managed security, as security personnel are not cheap, and you get round-the-clock service-that is obviously the number one benefit in this time when so many threats loom," Wise says. "But you have to manage the security relationship right as no one is going to understand your security needs better than you are."

"A business should consider moving to a managed security provider when they estimate that the risk of loss outweighs the cost of service."

-- James Turner, Frost & Sullivan
Wise says managed security increases its attractiveness 10-fold when benefits such as constant patch updates and the securing of Web applications can be seen. "Web applications are the most direct way for attacks to occur, and most businesses realise this," Wise says. "If someone wants access to a system, no matter how good the managed security is, they will find a way of gaining it. The benefit of managed security services that work properly is the response time to this."

Melbourne-based MSSP Dimension Data has clients in Europe, the US, and South Africa. National security manger Neil Campbell says in all continents, cost is only part of the reason his clients choose managed over in-house models. "Most of our clients do not have the resources to deal with security properly so cost is one reason they turn to managed security, but a lot of people are also tempted by the fact that you are handing over that part of the business risk to someone else," Campbell says. "Many businesses find it is quite difficult to attract and maintain security personnel, especially if operating as an SME."

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.