Latest News  

Outsourcing security: What small businesses need to know

Forecasters predict that the booming managed security service provider (MSSP) industry will grow from $8 billion in 2015 to $30 billion by 2020.

2015-11-09 16:50:07

One question that small businesses often grapple with, especially in the early days of their development, is whether or not to outsource at least some aspect of their security, writes Ryan Berg in smallbusinesscomputing.com.

There are many instances when outsourcing computer, data, and network security makes sense:
• You may lack the appropriate in-house skills and resources
• You may not be in a position to make a full-time hire, let alone multiple hires
• You can't find the right person to fill a full-time role (Forbes expects our current cybersecurity workforce shortage to reach 1.5 million unfilled positions by 2019).
So does outside security help make sense for you? Possibly. But before you even think about outsourcing, you need to develop your own clear idea of what it is you actually need help with in the first place.

Outsourcing Cybersecurity 101

The simple truth is that you're not ready to outsource your small business security if any of these three points apply to your company.
• You can't clearly articulate your problem or goal
• You don't know where your assets reside or what data or systems you're trying to secure
• You don't have someone on board to actively own and manage the outsourced relationship

Small business owners must carefully avoid giving managed-security service providers the impression that they don't know what they need. The reality is many security vendors will see nothing but dollar signs; they may guide you to toward solutions that are easiest for them to implement instead of the solutions that best fit your needs.

Think of it this way: if you go to a brake shop because you think your car has a brake problem, you're more than likely going to cough up the cash for new brakes. Meanwhile, you may actually have a bigger issue with the car that remains unaddressed. Your shiny new brakes may work like a charm, but you can still get into an accident if the steering's off. And if you go back to the brake shop angry, they'll simply shrug and say of course they didn't protect you for that.

Advanced thought and planning is the best approach to outsourcing small business security. The worst thing you can say to a managed security service provider is, "I don't know where to start.

Outsourcing small business security works well only when you achieve these states:
• You have a clearly-defined problem to solve or goal to achieve.
• You find a vendor you work well with and can trust to deliver on your specific needs

There's no lack of outsourced security vendors from which to choose. But if you have a specific security goal that lends itself to outsourcing, you can whittle down the list to providers that specialize in that area. Then discuss these 10 essential topics with the managed-security service providers on your short list before you sign an agreement.

What to Ask Prospective Managed Security Service Providers

• Find out whether they've worked with small companies that are similar to yours in size, stage, and industry
• Get references
• Review their standards, policies, and procedures carefully
• Make sure all requirements and responsibilities will be documented in service level agreements (SLA) and/or statements of work
• Determine who on their side will manage your account and discuss your expected level of interaction (you don't want to enter a partnership expecting access to the Principal only to find out later that's not the case)
• Ask about reporting (what metrics do they measure, and how often do they report)
• Go over the game plan for incident response and recovery
• Ask about systems compatibility
• Make sure they can scale their protection as your company grows
• Have an exit strategy should the time come when you want to stop using their services

Small Business Security Caution

Remember, no one outside of your business values your business as much as you do. When you outsource aspects of your company's security you place your safety and success in their hands. You may pay for a level of professionalism, but when it comes down to it, an MSSP will act with its best interests in mind. Outsourcing isn't something you jump into quickly. Success requires a considerable amount of planning, discussion, and trust-building.

Ryan Berg is chief scientist at Barkly. A speaker, instructor, and author in the fields of security, risk management, and secure application development, Berg holds multiple patents. Prior to joining Barkly, he was chief security officer at Sonatype and chief scientist and cofounder of Ounce Labs.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
CrowdStrike opens a new center of innovation in Bucharest

CrowdStrike Inc., the leader in cloud-delivered endpoint protection, announced the official opening of its new Center of Innovation in the Pipera Technology District, Bucharest, Romania.

 Read Full article »
Romania leads in top of countries with highest number of cybersecurity incidents

Romania is leader in the top of jurisdictions recording the highest number of cybersecurity incidents with 14 attacks, followed by the Czech republic (11) and Hungary (8), according to the study "The Cybersecur

 Read Full article »
Oracle and KPMG study shows data security as priority for business leaders

In August 2018, Oracle applied a questionnaire with a number of questions about transformation technologies to a total of 4,000 respondents in 21 markets. Respondents were top managers in the following markets:

 Read Full article »
Colt Technology Services expands fibre network in four CEE cities

UK-headquartered Colt Technology Services said that it is expanding its IQ fibre network in Bucharest, Zagreb, Belgrade and Sofia as part of its plan for expansion in Central and Eastern Europe (CEE).

 Read Full article »
SAP Romania brings the cloud procurement solution SAP Ariba on local market

SAP Romania, the local subsidiary of the world's largest business software maker, has launched the SAP Ariba Snap program for the domestic market to support the digitization of specific procurement activities.

 Read Full article »
The software industry's input in Romanian economy was 5.4 billion Euro in 2018

According to the latest analysis of KeysFin, 17,000 companies operating in the Romanian software industry generate EUR 5.4 billion in turnover and employ 106,000 people generates 5.4 billion Euro in 2018 in Rom

 Read Full article »
Atos launches construction of global R&D Lab to drive innovation in Quantum Computing

Atos, global leader in digital transformation, officially launches the start of the construction of its new global Research & Development Lab dedicated to research in quantum computing.

 Read Full article »
Softelligence launches its own Academy to form specialists in insurance and banking

Specialized in business software development, Romanian company Softelligence announced it plans to increase its team by 50 per cent in the next two years, by hiring 100 to 150 new colleagues, the company announ

 Read Full article »
Romanian IT group Bittnet issued new bonds were traded on BSE

A new series of corporate bonds issued by Romanian IT group Bittnet Systems was admitted to trading on the main market of the Bucharest Stock Exchange (BVB).

 Read Full article »
Deloitte report: Two billion youth risk of being left behind in the Fourth Industrial Revolution workforce

Almost two billion youth worldwide risk of being left behind in the Fourth Industrial Revolution (Industry 4.0) workforce, which is changing at an increasingly rapid pace as a result of the emerging technologie

 Read Full article »
 
 
MOST READ ARTICLES
» Endava expands its IT team in Republic...
» The most appreciated companies from th...
» Workplaces, keeping up with the times
» CrowdStrike opens a new center of inno...
» Softelligence launches its own Academy...
» Oracle and KPMG study shows data secur...
» ROMANIAN OUTSOURCING AWARDS FOR EXCELL...
» Romania leads in top of countries with...
» Atos and Transilvania University launc...
» Oracle goes to Oregon Park, the buildi...
 
EDITOR CHOICE
How Tech-ready are companies?

Technology has made it easier and faster than ever to prepare, anticipate, implement, and get the job done for everyone, from the simple technology home user to all levels and departments of a corporation. Howe

 Read Full article »
Workplaces, keeping up with the times

For a company, being people-centric is a way of doing business and engaging employees in the company's operations and strategies in a way that provides a positive employment experience before and after the sell

 Read Full article »
Creating a valuable customer experience driven by core values of a company

As HR becomes more and more integrated within the company's long-term strategic business strategies, the digitalization and high-technologies impacting the processes also have to be mirrored at the level of HR

 Read Full article »
Ergonomics in practice - 5 tips for better health at work

Ergonomics is so much more than standing up during the day and sitting correctly. There are so many factors in our environment which also have an effect on our health, and influence our wellbeing at work. The

 Read Full article »
Technology, Mobility and Wellness make for the perfect workplace

The technology binge is pushing ahead the communities, businesses and all aspects related to work and workplaces in such a fast manner that we haven't noticed since the very booming of the office market. And as

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events