Latest News  

Outsourcing security: What small businesses need to know

Forecasters predict that the booming managed security service provider (MSSP) industry will grow from $8 billion in 2015 to $30 billion by 2020.

2015-11-09 16:50:07

One question that small businesses often grapple with, especially in the early days of their development, is whether or not to outsource at least some aspect of their security, writes Ryan Berg in smallbusinesscomputing.com.

There are many instances when outsourcing computer, data, and network security makes sense:
• You may lack the appropriate in-house skills and resources
• You may not be in a position to make a full-time hire, let alone multiple hires
• You can't find the right person to fill a full-time role (Forbes expects our current cybersecurity workforce shortage to reach 1.5 million unfilled positions by 2019).
So does outside security help make sense for you? Possibly. But before you even think about outsourcing, you need to develop your own clear idea of what it is you actually need help with in the first place.

Outsourcing Cybersecurity 101

The simple truth is that you're not ready to outsource your small business security if any of these three points apply to your company.
• You can't clearly articulate your problem or goal
• You don't know where your assets reside or what data or systems you're trying to secure
• You don't have someone on board to actively own and manage the outsourced relationship

Small business owners must carefully avoid giving managed-security service providers the impression that they don't know what they need. The reality is many security vendors will see nothing but dollar signs; they may guide you to toward solutions that are easiest for them to implement instead of the solutions that best fit your needs.

Think of it this way: if you go to a brake shop because you think your car has a brake problem, you're more than likely going to cough up the cash for new brakes. Meanwhile, you may actually have a bigger issue with the car that remains unaddressed. Your shiny new brakes may work like a charm, but you can still get into an accident if the steering's off. And if you go back to the brake shop angry, they'll simply shrug and say of course they didn't protect you for that.

Advanced thought and planning is the best approach to outsourcing small business security. The worst thing you can say to a managed security service provider is, "I don't know where to start.

Outsourcing small business security works well only when you achieve these states:
• You have a clearly-defined problem to solve or goal to achieve.
• You find a vendor you work well with and can trust to deliver on your specific needs

There's no lack of outsourced security vendors from which to choose. But if you have a specific security goal that lends itself to outsourcing, you can whittle down the list to providers that specialize in that area. Then discuss these 10 essential topics with the managed-security service providers on your short list before you sign an agreement.

What to Ask Prospective Managed Security Service Providers

• Find out whether they've worked with small companies that are similar to yours in size, stage, and industry
• Get references
• Review their standards, policies, and procedures carefully
• Make sure all requirements and responsibilities will be documented in service level agreements (SLA) and/or statements of work
• Determine who on their side will manage your account and discuss your expected level of interaction (you don't want to enter a partnership expecting access to the Principal only to find out later that's not the case)
• Ask about reporting (what metrics do they measure, and how often do they report)
• Go over the game plan for incident response and recovery
• Ask about systems compatibility
• Make sure they can scale their protection as your company grows
• Have an exit strategy should the time come when you want to stop using their services

Small Business Security Caution

Remember, no one outside of your business values your business as much as you do. When you outsource aspects of your company's security you place your safety and success in their hands. You may pay for a level of professionalism, but when it comes down to it, an MSSP will act with its best interests in mind. Outsourcing isn't something you jump into quickly. Success requires a considerable amount of planning, discussion, and trust-building.

Ryan Berg is chief scientist at Barkly. A speaker, instructor, and author in the fields of security, risk management, and secure application development, Berg holds multiple patents. Prior to joining Barkly, he was chief security officer at Sonatype and chief scientist and cofounder of Ounce Labs.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
EY announces new global talent programs to prepare its people and its business for the future of work

EY recently announces a series of new global talent programs designed to prepare its workforce and its business for the future of work, including LEAD, a new global model for career, development and performance

 Read Full article »
Societe Generale European Business Services invests in innovative solutions made by Romanian start-ups

Societe Generale European Business Services, part of the international group Societe Generale, had ended its first corporate accelerator program dedicated to start-ups in Romania – Catalyst 2.0.

 Read Full article »
SAP launches free online courses for teens passionate about technology

SAP announced it has prepared several free online technology courses to be launched this fall for young and teens passionate about technology such as: Teens Get Coding! And Teaching Programming to Young Learner

 Read Full article »
Oracle gains cloud revenues up 51 per cent to 1.5 billion US dollars in new fiscal year's Q1

Oracle Corporation announced fiscal 2018 Q1 results, with total revenues up 7 per cent from the prior year to 9.2 billion US dollars. Cloud plus On-Premise Software Revenues were up 9 per cent to 7.4 billion US

 Read Full article »
Stefanini names Farlei Kothe as vice-president for EMEA

IT solutions developer Stefanini announced the naming of Farlei Kothe as vice-president for EMEA region. The new manager will coordinate the company's software development division from Bucharest.

 Read Full article »
Endava marks 10-year presence in Iasi and plans growth countrywide

British company Endava marks ten-year presence at Iasi, in North-Eastern Romania and also announces the opening of a new office in United Business Center of Palas Iasi compound.

 Read Full article »
Portland Trust celebrates 20-year anniversary with start of last phase of Oregon Park, Bucharest

The central European property developer Portland Trust and US based Ares Management are embarking on the final phase of Oregon Park, their new office park in Bucharest. This event coincides with the company 20

 Read Full article »
WBE: Which EU country is most at risk of cybercrime?

Computer users in South Eastern Europe may want to review their digital security after new research revealed they are the most vulnerable to cyber crime, a press release of Website Builder Expert (WBE) states.

 Read Full article »
GE opens new software center in Bucharest, looks for highly skilled IT specialists

GE announced that it speeds up growth for its software and digital resources in Romania and kicks off the recruitment campaign for GE Power's Grid Software Solutions (SWS) center in Bucharest.

 Read Full article »
DB Global Technology creates new technology hub, digital workplace floor and event venue

DB Global Technology S.R.L. (DBGT), Deutsche Bank's technology centre in Bucharest, has inau-gurated a new research and development hub, a digital workplace floor and a state-of-the-art event venue, according t

 Read Full article »
 
MOST RECENT VIDEO
 
 
MOST READ ARTICLES
» GE opens new software center in Buchar...
» ROMANIAN OUTSOURCING AWARDS FOR EXCELL...
» HIpark, a new office project of 21.000...
» DB Global Technology creates new techn...
» Stay updated on People in Shared Serv...
» Molson Coors started to grow its busin...
» Romania, Europe's third and world's 13...
» Endava opens fintech hub and doubles n...
» Genpact's COO: Staying ahead of the cu...
» Capgemini to develop, deploy, and main...
 
EDITOR CHOICE
TELUS International Europe: How big banks and fintechs are working together to innovate the customer experience

Comparing financial technology (fintech) companies to legacy financial institutions can invoke an image of David and Goliath. Fintech firms may be small, particularly when compared to the established titans of

 Read Full article »
Wipro launches automotive center of excellence in Romania

Wipro Limited, global information technology, consulting and business process services company, announced the launch of an Automotive Center of Excellence (CoE) in Timisoara, Romania. This CoE will help Wipro d

 Read Full article »
TELUS International Europe: The convergence of customer service and digital marketing/NewGen technologies: What does it mean for businesses?

Technology shapes the way we educate, communicate, conduct business and advance science, all while maintaining significant influence on the global economy. But the way we engage with technology is changing

 Read Full article »
Stay updated on People in Shared Services and Outsourcing Forum, October 19

Outsourcing Today organizes the third edition of People in Shared Services and Outsourcing Forum, on October 19, 2017 in Bucharest at Caro Hotel.

 Read Full article »
Preparing for the new future

Business shared services in Romania is by nature a flexible, mobile and diverse community and in this context, local markets develop their own particularities to address the global changes, to adjust to new dem

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events