Managed security services: Three can’t-be-ignored questions

IT departments have long been leery about working with third parties on protecting the data that matters most to their users, but there are ways to make a more informed decision. Start here


“Stop Me If You Think You’ve Heard This One Before.” It’s a cool song by The Smiths, but it’s also the sentiment IT professionals must be thinking when leading off yet another discussion around managed security services as a cost-effective way to administer the network architecture.

It seems to be an oft-heard refrain, but there’s a reason for it:  In a world of tightening budgets, cloud computing, regulatory changes and ever-present malware attacks, outsourcing a complex IT infrastructure grows more appealing from a security standpoint. While it’s true that it may not be a solution for every organization, the business case for managed security is one that grows more compelling every year as the industry matures. And with IT research firm Gartner’s recent predictions that 10 per cent of overall IT security enterprise capabilities will be delivered in the cloud by the year 2015 — translating to an increase of vendors offering managed security services around cloud delivery — it’s perhaps time that organizations wade back into the network managed services debate.

In selecting a managed security services provider, there are three considerations technology decision makers and network managers should consider in making an informed business decision:

What’s the overall risk to the business? As today’s network data grows more complex, mobile users will continue to climb in number, and security and malware threats seem ever more insidious by the quarter. So does it make more sense to work with a third party compared to investing and maintaining network technology in-house? And are the current in-house technology investments too entrenched and costly to walk away from? These are the fundamental questions organizations should be asking. If there is one thing that’s a constant, it’s that organizations are traditionally both conservative and reactive when it comes to network security. Moving to a managed security model blows this line of thinking up, leaving in its wake a measured approach that focuses on proactive management in terms of network maintenance and optimization.  So in considering making a move, organizations should ask the vendor hard questions about prescriptive security controls around the data centre and network.

Does the math add up? There is an unassailable logic around managed network security, particularly around shared services: lowering the overall operating costs and boosting the effectiveness/agility of the IT department team are both reasons for moving to a managed IT support model. The managed services industry has matured – now’s the time to understand the market (pricing and the inherent difference between pure-play, security management and IT outsourcing providers), along with reviewing security operations/staffing levels to determine what potentially works best in-house and what can be potentially managed by a third party moving forward.

What are the real security implications? Savvy network managers are already detecting a perceptible industry shift towards the very notion of dealing with a third party in outsourcing network security. From an in-house perspective, can the IT team cost-effectively develop best practices that protect critical company data?  Do trends such as mobile and BYOD seem too complex to handle? Are the in-house security audit services up to snuff? Would a third party be better positioned to provide real-time security intelligence in minimizing data breaches? Taking advantage of a managed security services provider enables organizations to theoretically be at the head of the curve when thinking of intrusion detection systems, managed firewalls and cloud security services.

On the face of it, it’s perhaps easy to shrink from the very idea of enabling a third party to handle security around intrusion detection and forensic analysis. If you haven’t considered (or even dismissed) the value of a managed service provider, it’s perhaps time to do a rethink. It’s a network security tune that many organizations should be already singing.

Start your security journey by taking a closer look at Allstream’s limited-time-only Secure Internet offer

1 Comment

  1. Very interesting!

    Steven WS / 3 years ago