Handing over control
Weighing it up
Nintendo plays the security game
Queensland company saves with security
When a good MSSP is employed, a company should be able to expect constant monitoring and management of both internal and external network operations, depending on the services assigned to your provider. The idea is that as a client, you should rest easy knowing a team of experts is monitoring patch updates and keeping up with world security trends.
However, like most outsourced services, companies will not be able to hand over their liability in regards to security to the provider. Modesto says what IT staff will be able to do though, is show higher management that they have taken big steps to make their company secure. Other benefits of handing over the lock and key are glaringly obvious, he says.
"Cost would have to be the biggest one, on top of expertise. You can have some tough service level agreements (SLAs) written," Modesto says. "But every security provider will tell you that security is one thing that can never be 100 percent assured -- you simply can't guarantee that. Having a managed security provider is all about minimising exposure and managing security effectively -- something a lot of businesses cannot afford. For good security your infrastructure needs to be managed by someone with the time and the right tools and skills set -- things that when dealing with security, are not cheap."
Australian e-mail security penetration tester Neal Wise, partner at Assurance.com.au, agrees. He says as far as labour and costs go, making your security problem someone else's can be a very attractive offer. "There are perceived cost savings with managed security, as security personnel are not cheap, and you get round-the-clock service-that is obviously the number one benefit in this time when so many threats loom," Wise says. "But you have to manage the security relationship right as no one is going to understand your security needs better than you are."
|"A business should consider moving to a managed security provider when they estimate that the risk of loss outweighs the cost of service."
-- James Turner, Frost & Sullivan
Melbourne-based MSSP Dimension Data has clients in Europe, the US, and South Africa. National security manger Neil Campbell says in all continents, cost is only part of the reason his clients choose managed over in-house models. "Most of our clients do not have the resources to deal with security properly so cost is one reason they turn to managed security, but a lot of people are also tempted by the fact that you are handing over that part of the business risk to someone else," Campbell says. "Many businesses find it is quite difficult to attract and maintain security personnel, especially if operating as an SME."