Deciding on your strategy to protect your organisation from today’s security threats.
As we’ve seen in the news headlines all too often, traditional perimeter defences are easily compromised with today’s digitally connected, mobile-enabled businesses. With the UK’s adoption of GDPR—and the significant associated fines and data breach notification requirements—there is added urgency to overcome the risk of cyber attacks. So, you need to know the pros and cons of outsourcing your cyber security.
There is a lot of information to digest and many options that need to be considered about your unique business requirements. What works well for one organisation may not be the best for another. First, you need to understand what options are available and second, which best fit your requirements.
When deciding on your cyber security management, there are three main options available to you:
Developing an in-house team of cyber security personnel to maintain your critical business and information security is a natural option since many organisations’ IT teams already manage firewalls, Anti-Virus and other perimeter technologies to help secure their businesses.
Put your data underpinning and powering your business. Retaining full control of this information means you do not offload risk onto an external supplier. You can see what your staff are doing, oversee activities and prioritise tasks. Having the staff on-hand means you fully utilise their resource and can immediately direct this, as desired, toward changing activities, without communicating through a third-party. And as your team is on the payroll, you can further utilise them for other IT tasks that are not specific to cyber security, providing added flexibility and agility.
A core benefit of an in-house team is that they intimately know your business-specific operations, processes and culture and understand new business initiatives, seasonal cycles or industry-specific challenges. Working as an integral part of your wider business, they will be familiar with the people, office culture and specific challenges faced and know, for example, how configuration changes will affect your operations or the best strategies to implement changes to minimise service downtime.
As with any internal resource, the team’s effectiveness depends on recruiting and retaining individuals with the right expertise and experience. Large internal teams can share knowledge, insight, and understanding and discuss the latest threats, trends, and strategies. This is known as ‘crowdsourcing knowledge’, which isn’t as feasible in smaller teams, as it is harder to keep up with current threats, technologies and strategies, in the way a much larger team of outsourced professionals could. This can leave a knowledge gap, reducing the quality of security outcomes. That is why almost every organisation will choose to partially or fully outsource areas of their business operations, including cyber security.
Whether in partnership with internal teams or as a fully outsourced activity, working with a specialist MSSP is a desirable option, particularly as businesses transform their IT, utilising cloud-based services and workforce mobility technologies.
Yet as IT transformation occurs, traditional perimeter security strategies become increasingly porous. To protect your organisation from today’s fast-changing threats, the core of any MSSP’s services should be highly integrated strategies and technologies, with 24x7 proactive security monitoring.
A large team of experts will be up-to-date with the latest security knowledge and trends. In dealing with many diverse businesses, MSSPs have a greater breadth of experience in solving real threats and keeping up to date with the latest hacker strategies. With team members dedicated to specific activities or disciplines, they have the time to fully exploit security technologies, evaluate and leverage cutting-edge methodologies and call upon an extensive pool of collective experience.
Make no mistake about it—setting up a security operations team takes time, energy, resources, and money. From setting up the physical infrastructure and hardware to researching and procuring security technologies and recruiting, training and managing qualified security analysts, the timescales required for an operational and effective security monitoring programme are significant—a minimum of 6-12 months.
You should also consider your business’s future requirements as your IT transforms and how hacker strategies alter to exploit new security vulnerabilities.
With an existing and experienced security operation, MSSPs can rapidly scale and transform your security monitoring in weeks. Keeping pace with the ever-changing threats, evaluating and integrating new technologies, and training and recruiting personnel are also integral to an MSSP’s role, meaning they are not a concern or overhead on your business.
A final noteworthy comment is that, as a procured service, you can rapidly scale up or down your services with an MSSP, especially if, for example, your business has seasonal or cyclical activity peaks.
Hackers don’t work a 9-to-5. Targeted attacks are timed to occur outside of business hours. 24x7 security monitoring is the only way to secure your critical business information and comply with GDPR’s requirements. Few businesses can make the significant up-front and ongoing investments in setting up a 24x7 security monitoring operation. Will an MSSP protect your organisation day and night, and will they always be on hand to remediate emergencies out of hours and ensure business continuity?
Although it might initially seem counterintuitive, outsourcing your security to an MSSP will be significantly less than the cost of setting up, recruiting and managing an internal security team. An MSSP has an economy of scale, with investments already made in the required facilities, technologies, and personnel, so the operational cost of outsourcing is significantly lower than that of outsourcing yourself.
Additionally, OPEX pricing provides easy budgeting, compared to the variability of the CAPEX costs when setting up your own security operations centre (SOC). An outsourced security team is not limited by resource or budget constraints, which in-house teams will likely factor into their security plans.
Unless you have a dedicated in-house security team able to provide 24x7 coverage, an MSSP will always be ready and able to investigate and respond to potential or active cyber threats, particularly outside of regular business hours.
A Virtual SOC or VSOC is a secure web-based ‘Security-as-a-Service’ platform that provides an Enterprise-grade SIEM (Security Incident & Event Management) tool to monitor your information security in real time, proactively.
As a cloud-hosted service, a Virtual SOC provides the lowest entry cost of the three options yet offers a powerful toolset for internal teams.
Driven by your internal team, your ‘Security-as-a-Service’ platform provides visibility of potential and active threats traversing your IT infrastructure, as well as the tools to rapidly neutralise and respond to cyber threats - at a fraction of the cost of procuring and managing the tools ‘on premise’.
Proactive security monitoring is the only way to secure critical business information and comply with GDPR requirements.
Benefit from Enterprise security monitoring tools for a modest OPEX investment, with the back-up of an experienced security team (typically an MSSP) to help your organisation get the most from the tools, or support your organisation if you suffer a breach, for example.
When correctly configured, the SIEM tool will send real-time alerts to potential security threats 24x7, which you can investigate via your internal team or escalate to a supporting MSSP.
In particular, the SIEM tool of a Virtual SOC fulfils the security monitoring and reporting requirements of GDPR to help avoid potentially significant fines from a resulting data breach.
For a Virtual SOC to be effectively utilised, you still require experienced in-house security personnel to configure the tool correctly and have a wider understanding of cyber defence strategies, such as security assessments or vulnerability scans.
Like with any ‘Software-as-a-Service,’ you can call upon expert support from your Managed Service Security Provider (MSSP), which provides the VSOC tool. A variety of SLAs are available to suit your particular needs, especially in the event of a breach, to help you quickly neutralise the threat and avoid data loss.
A VSOC places the workload responsibility firmly on your internal team, which might be challenging if your existing IT teams are already overstretched. But with the support of the MSSP providing the VSOC service, you can escalate support requirements to call upon additional resources, as required, to ensure you are keen on keeping up with your information security monitoring.
CyberOne is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24x7x365 from our ISO27001-accredited UK Network & Security Operations Centre (NOC/SOC).
Located at the heart of a high-security, controlled-access Tier 3 data centre, CyberOne's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts, and disrupts hacker behaviour as part of a multi-layered security defence to help secure some of the UK’s leading organisations.