Rachel Guinto, CISO, Ontario
Pension Board (OPB)
“However, even when making a managed security services decision, there’s always a part of security governance you will need to keep in-house so you can effectively manage the service provider relationship.”
Building and maintaining an internal cybersecurity program is a significant proposition. Cybersecurity is a data-intensive operation that requires processing log data that was generated by activity throughout the IT environment. This requires skilled staff, and it requires technology such as security incident and event management (SIEM). The ability to attract and maintain talented staff is a key consideration. There is a shortage of qualified security people, which makes finding and attracting them difficult. If you succeed in hiring the right people, keeping them is even more challenging. The largest enterprises with the biggest budgets and most expansive security programs have the most to offer to this rare talent, which puts many midsized companies at a disadvantage.
For many businesses, deciding to leverage managed security services is a purely practical decision to achieve economies of scale and have access to the talent they need, without paying directly to build and maintain it themselves. However, even when making a managed security services decision, there’s always a part of security governance you will need to keep in-house so you can effectively manage the service provider relationship. Your focus shifts internally toward making sure that you have the right governance model to provide an appropriate level of oversight. You should partner with an MSSP that believes in a high level of transparency and offers a portal and dashboards that provide a full view of all analysis, activities, responses, and remediation affecting your environment.
Key Question to Ask:
Do you have the skills and resources needed to monitor and correlate the large volumes of activity data in your environment?
This is an excerpt from 7 Experts Share Key Questions To Ask When Evaluating Providers. This series was generously sponsored by BlueVoyant.