Patric J.M. Versteeg, CISO, Leading Security Change at Enterprise Organisations
“Good initial candidates for outsourcing are routine tasks such as managing firewalls, antivirus, data loss prevention, and vulnerability management.”
You need to tailor security coverage to your business needs, so first and foremost, you need to turn back to company strategy, mission, and vision and see how those align with risk and compliance requirements. The services you need are determined first by your risk management and risk appetite, and second by the maturity of your current security practice. For some businesses, compliance is an important driver as well. You need to know your own needs and have a team that can help you determine that.
Good initial candidates for outsourcing are routine tasks such as managing firewalls, antivirus, data loss prevention, and vulnerability management. As you become more sophisticated, you may consider outsourcing advanced endpoint security like managed detection and response. There are always core security functions you do not want to give up. You would not outsource management of key high-privileged accounts, and you would not outsource your Chief Information Security Officer (CISO). Also, you should not outsource your security architect; that is the person who has security business knowledge about the service levels and the scope of coverage you should be receiving. A good MSSP will be a partner that works closely with your own organization to optimize results.
Of course, you should expect an MSSP to be able to deliver what you need and have the flexibility to meet most of your special demands. This might be special requirements around reporting, 24/7 coverage, security incident event monitoring (SIEM) and security operations center (SOC) capabilities, and special service-level capabilities. You must go to your MSSP with your requirements to ensure compatibility.
Key Question to Ask:
Which security functions can we outsource, and which ones must we always keep in-house?
This is an excerpt from 7 Experts Share Key Questions To Ask When Evaluating Providers. This series was generously sponsored by BlueVoyant.