Latest News  

Outsourcing security: What small businesses need to know

Forecasters predict that the booming managed security service provider (MSSP) industry will grow from $8 billion in 2015 to $30 billion by 2020.

2015-11-09 16:50:07

One question that small businesses often grapple with, especially in the early days of their development, is whether or not to outsource at least some aspect of their security, writes Ryan Berg in smallbusinesscomputing.com.

There are many instances when outsourcing computer, data, and network security makes sense:
• You may lack the appropriate in-house skills and resources
• You may not be in a position to make a full-time hire, let alone multiple hires
• You can't find the right person to fill a full-time role (Forbes expects our current cybersecurity workforce shortage to reach 1.5 million unfilled positions by 2019).
So does outside security help make sense for you? Possibly. But before you even think about outsourcing, you need to develop your own clear idea of what it is you actually need help with in the first place.

Outsourcing Cybersecurity 101

The simple truth is that you're not ready to outsource your small business security if any of these three points apply to your company.
• You can't clearly articulate your problem or goal
• You don't know where your assets reside or what data or systems you're trying to secure
• You don't have someone on board to actively own and manage the outsourced relationship

Small business owners must carefully avoid giving managed-security service providers the impression that they don't know what they need. The reality is many security vendors will see nothing but dollar signs; they may guide you to toward solutions that are easiest for them to implement instead of the solutions that best fit your needs.

Think of it this way: if you go to a brake shop because you think your car has a brake problem, you're more than likely going to cough up the cash for new brakes. Meanwhile, you may actually have a bigger issue with the car that remains unaddressed. Your shiny new brakes may work like a charm, but you can still get into an accident if the steering's off. And if you go back to the brake shop angry, they'll simply shrug and say of course they didn't protect you for that.

Advanced thought and planning is the best approach to outsourcing small business security. The worst thing you can say to a managed security service provider is, "I don't know where to start.

Outsourcing small business security works well only when you achieve these states:
• You have a clearly-defined problem to solve or goal to achieve.
• You find a vendor you work well with and can trust to deliver on your specific needs

There's no lack of outsourced security vendors from which to choose. But if you have a specific security goal that lends itself to outsourcing, you can whittle down the list to providers that specialize in that area. Then discuss these 10 essential topics with the managed-security service providers on your short list before you sign an agreement.

What to Ask Prospective Managed Security Service Providers

• Find out whether they've worked with small companies that are similar to yours in size, stage, and industry
• Get references
• Review their standards, policies, and procedures carefully
• Make sure all requirements and responsibilities will be documented in service level agreements (SLA) and/or statements of work
• Determine who on their side will manage your account and discuss your expected level of interaction (you don't want to enter a partnership expecting access to the Principal only to find out later that's not the case)
• Ask about reporting (what metrics do they measure, and how often do they report)
• Go over the game plan for incident response and recovery
• Ask about systems compatibility
• Make sure they can scale their protection as your company grows
• Have an exit strategy should the time come when you want to stop using their services

Small Business Security Caution

Remember, no one outside of your business values your business as much as you do. When you outsource aspects of your company's security you place your safety and success in their hands. You may pay for a level of professionalism, but when it comes down to it, an MSSP will act with its best interests in mind. Outsourcing isn't something you jump into quickly. Success requires a considerable amount of planning, discussion, and trust-building.

Ryan Berg is chief scientist at Barkly. A speaker, instructor, and author in the fields of security, risk management, and secure application development, Berg holds multiple patents. Prior to joining Barkly, he was chief security officer at Sonatype and chief scientist and cofounder of Ounce Labs.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
Atos ranked in Top Five for Managed Security Services, Worldwide by Gartner

Atos, a global leader in digital transformation today announces that it has been ranked amongst the top 5 global players in Managed Security Services (MSS) in terms of 2017 market share revenue, according to th

 Read Full article »
Endava has been selected as an official AWS Well-Architected partner

Further strengthening its partnership with Amazon Web Services, Endava reinforces its Cloud services expertise and capabilities becoming an AWS Well-Architected Partner, the company announced.

 Read Full article »
Smartree Romania has a new operational director

Smartree Romania, providing HR services on the Romanian market names Anamaria Borza as the new operational director of the company, effective July, 1 this year. The new manager of Smartree team occupied the pos

 Read Full article »
ABSL Romania: Sibiu, a continuously evolving market, with great potential

Sibiu is a market with huge potential and constantly expanding, is one of the conclusions from "Outsourcing in 2018. Best Practices in Technology Adoption" conference, which was dedicated to the local business

 Read Full article »
Accenture assigns 200 mln. US dollars to digital age-focused education, training and skills initiatives in the next 3 years

Supporting its vision to improve the way the world works and lives, Accenture (NYSE: ACN) is committing more than 200 million US dollars over the next three years to help equip people around the world with job

 Read Full article »
Oracle: Customer connection missing as manufacturers yet to produce rewards from industry 4.0

Research of global manufacturers developed by Oracle with research company Coleman Parkes shows initial Industry 4.0 focus has been on internal changes rather than removing supplier, distributor and customer si

 Read Full article »
Nine solutions for smart cities delivered at Code4Cluj hackathon of Endava

The Code4Cluj hackathon organized by Endava at Cluj-Napoca between 18-20th of May generated 9 innovative projects meant to solve the problems faced by the community and citizens of Cluj.

 Read Full article »
Zitec's digital marketing division registered an increase of over 40 per cent last year

Zitec, a major provider of business solutions, digital services and personalized technology products in Romania, announced it registered an increase of over 40 per cent in the digital marketing segment in 2017,

 Read Full article »
Fab Lab Iasi issues the Report on Coworking in Central and Eastern Europe

This report was conducted by the PIN Maps teams (Iasi's modern office map, an impact initiative for the IT & Outsourcing industry) and Fab Lab Iasi (a 700 sqm coworking space, opened in 2017).

 Read Full article »
CBRE: the first two buildings in Timpuri Noi Square are leased over 90 per cent

CBRE announced three new tenants in TN Offices 1 and TN Offices 2 of Timpuri Noi Square, reaching over 90 percent take-up of the first two buildings in this office project.

 Read Full article »
 
 
MOST READ ARTICLES
» Committed to growth
» The Outsourcing industry announces its...
» ROMANIAN OUTSOURCING AWARDS FOR EXCELL...
» Zitec's digital marketing division reg...
» PwC: The competitive advantages of Rom...
» Luxoft expands Asia Pacific presence w...
» EXCLUSIVE: ABSL Timisoara - BPO and SS...
» How giving back pays dividends for com...
» Olga Botusan, Stefanini: There is a hu...
» How does leadership look today?
 
EDITOR CHOICE
Andrei Romanescu CEO, VEEAM, on the importance of people skills and leadership forming

Within the recently ended OT Learning & Development roundtable edition, Andrei Romanescu CEO, VEEAM stated that he trends of the current and following years underline the importance of people skills and leaders

 Read Full article »
OT Learning & Development: About capitalizing on self-willingness to reach performance

How to succeed in reaching the young and the valuable employees and wining their hearts and minds, so they will forever be committed to gain knowledge, evolve in profession and build a strong career inside the

 Read Full article »
OT Learning & Development now, about digital transformation, facilitating a culture of change and innovation

Some trends are here to stay, while some other may not. How about gamification, chatbots, microlearning, data analytics, mobile learning, augmented reality and others? Today's edition of OT Learning & Developme

 Read Full article »
The need of the industry to stay effective and relevant

In the current context of machinery and AI helping on operational processes of a company, with extended applicability in terms of capabilities, the digital context in which professionals, organizations and busi

 Read Full article »
We meet again at OT Learning & Development on June 7th

The Second Edition of OT Learning & Development roundtable will be held on June 7, 2018 at InterContinental Hotel Bucharest. The event brings together the business services professionals to discuss and discover

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events