In five questions or less, an industry expert defines and explains a technology, term or trend – with this installment seeing Garry Sidaway, SVP Security Strategy and Alliances at NTT Security, tackle Managed Security Services.
CBR: What are Managed Security Services?
GS: Managed Security Services (MSS) provides outsourced monitoring and management of security devices and systems. And, as described by Gartner, MSS providers use high-availability Security Operation Centres (SOC) to provide 24/7 services to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.
MSS addresses the lack of internal resource to keep up with the growing threats. In fact, some experts argue it’s no longer possible for many organisations to tackle all aspects of information security management in-house. In fact, according to the 2017 Global Information Security Workforce Study, there will be shortfall of 1.8 million cybersecurity workers by 2022, a 20 percent increase from the projection made by a similar study in 2015.
CBR: What does Managed Security Services protect against?
GS: MSS protects all assets within an organisation – regardless of whether they reside in the cloud, data centre or on-premise. Ultimately, it proactively mitigates risk to protect an organisation against multiple, complex security threats, around the clock.
MSS helps organisations understand their risk exposure, consider best practice, prioritise activities and articulate these at all levels of the business. MSS providers take away the problem of there not being enough resource too – they know how and where to find the right experts, invest in training and improving professional qualifications as well as make these experts available 24/7.
CBR: Why would a business need Managed Security Services?
GS: There are a number of factors that make MSS a compelling proposition. First, complex networks require 24/7 monitoring. MSS provides proactive security management, including continuous monitoring and analysis, advanced technology, scalable processes and security specialists.
Second, trying to make sense of data is a growing burden and increasingly time consuming for organisations. Reputable MSS partners can provide a proactive analysis of company data, combining machine learning and advanced analytics capabilities, and advanced reporting for intercepting threats and vulnerabilities – enabling businesses to make informed risk management decisions.
And third, driving efficiency, organisations are facing an ongoing recruitment challenge in IT. MSS security experts can manage assets on a company’s behalf 24/7/365, giving its IT staff more time to focus on supporting the development of the company.
Finally, pro-active threat intelligence – putting risks in context and providing actionable analysis and insights is critical. Businesses want clear advice on how to mitigate a threat and potentially how to recover from an attack.
CBR: What are the main business benefits of Managed Security Services?
GS: Every business wants to maintain and grow its customer base and add valuable services, but this is increasingly difficult across global markets with a constantly changing threat landscape.
MSS puts risk in context and balances the right level of engagement to enable organisations to make the right decisions for their business. By embedding information security and risk management into the fabric of the business, they are increasingly able to work without constraints.
Essentially, a business needn’t ever stand still. MSS provides organisations with not only resilience to cyber attacks but also business resilience to protect their brand and enable them to adapt and grow and take the opportunities the global economy presents.
CBR: As the threat landscape has evolved, how have the challenges facing network security changed?
Companies are looking to become more agile and operate in new and disruptive ways, which means they are being forced to protect their data and manage risk across different IT architectures.
Digital Transformation, is driving an enhanced user experience and more effective way of doing business – and cyber criminals are looking at ways to exploit vulnerabilities that may exist. We have already seen evidence of cybercriminals using internet-connected home devices like CCTV cameras to launch DDoS attacks to immobilise sites like Twitter and Spotify.
What’s clear is that the workspace of tomorrow will be very different and we will see organisations encounter yet more threats and therefore face a more complex cybersecurity landscape. One of the challenges is how to drive relevance and insight from all of the various pieces of technology used to protect an organisation. Data analysis has been used to give meaning but, as the threat landscape evolves, so too must the way we interpret and drive context from information.
Advanced analysis will be key in making sure that businesses, in partnership with MSS providers, are able to make the right risk management decisions. This is far more than just looking at what is going on right now. It also means looking at historical patterns, and employing artificial intelligence that continually learns patterns of behaviour and ultimately anticipates or predicts when an attack may occur. A balance of sophisticated machine learning, automated analysis and “eyes on glass” security experts will be a powerful combination that will change the dynamics of MSS.