Choosing the right managed security partner
Posted May 7, 2010, 8:27 am by Glenn Moore
While at RSA earlier this year, I had an interesting discussion with Sean Martin of imsmartin consulting. He was speaking to managed security providers and corporate IT leaders about security outsourcing. We discussed which security tasks are better suited for outsourcing and how companies should select a managed security provider. Sean furthered his thoughts on this topic while attending Interop last week.
Sean just published some well reasoned thoughts on security outsourcing in an article for SC Magazine called "Outsourced Managed Security: What should you outsource?". It's recommended reading for anyone considering a security outsouring program. Some highlights from Sean's article include:
- Before deciding whether to oursource security, identify the problem you are trying to solve and the desired outcome
- Activities best suited for security outsourcing are routine in nature, have well-defined actions and tasks, contain very specific inputs/outputs, and can be regularly measured. Attack and intrusion monitoring as security activities that meet that criteria
- Top reasons for poor outcomes with outsourced security include improper implementations, a lack of communication, and various cultural difference (country, language, or corporate)
As a managed security provider, we strive to meet our client's expectations by asking a lot of questions before implementing a solution. Most clients appreciate this extra level of communication. However, some clients will ask "why do you need to know that?, just implement the service...". Taking actions without understanding client goals is an error that some managed security providers make. Thankfully, ANX is not one of those providers. Our experienced security professionals carefully implement a customer checklist process for each service. If you're dealing with a managed security provider that doesn't ask a lot of questions and avoids pushing back at times, BEWARE! A strong security partnership between customer and security provider requires frequent and candid communication.
Links:
imsmartin consulting
Outsourced managed security: What should you outsource?
ANX managed security solutions
You must be logged in to post comments.
Comments
No Comments