Business environments are forcing organizations to rapidly evolve. Security and risk leaders are realizing that a modern security strategy requires dramatic changes to program governance, technology and execution.
Yet many organizations managing their own security program can’t keep pace and lack the specialized skills and competencies needed to cost-effectively protect against the increasing range, volume and severity of threats.
These challenges often lead IT and security risk leaders to consider outsourcing core functions of security to a managed security service provider (MSSP). Forrester surveyed firms on the most important drivers for outsourcing security and found that improved quality of protection, regulatory compliance, reduced cost and greater competency were the top drivers.
Managed security done well can help organizations navigate the complexity of security and the rapidly changing nature of compliance and regulatory requirements.
Let’s take a look at five key areas of your security program and explore how your next MSSP can add value to these functions.
1. A Focus on Fast and Relevant Detection and Response
As cyberattacks change and develop over time, proactive security monitoring and management requires new techniques and tactics, including artificial intelligence (AI), machine learning (ML) and orchestration to accelerate threat detection, reduce false alerts and improve response times.
Technologies like AI and ML have brought a lot of hype, but the reality is that these capabilities, combined with human expertise, enhance the detection and response process. Cyberattackers are using AI and ML to enhance their offensive capabilities, and defenders must respond in kind.
2. Globalized Operations With Regionalization
Leaders surveyed in the World Economic Forum’s Global Risk Report stated that data fraud and theft as well as large-scale cyberattacks were among the top five biggest risks facing the world in 2019. Cybersecurity no doubt is a global issue for organizations of all types.
Cybersecurity requires a holistic approach, one that takes into account the skills, processes, technologies, business strategies and organizational culture. A global managed security services provider understands the risks at both a macro level and within the context of what’s happening locally. In addition, a global MSSP with local capabilities can offer a variety of services models, such as fully outsourced, co-sourced team augmentation or dedicated on-site delivery.
3. Ability to Demonstrate Security Impact and Effectiveness
Organizations are understandably frustrated when traditional MSSPs share meaningless metrics. Security and risk leaders want to be able to show the board and C-suite the impact of security efforts in terms that are relevant to their business. If you can’t measure it, you aren’t managing it.
MSSPs should measure strategic, operational and tactical metrics on your cybersecurity. The bigger picture should convey key performance indicators (KPIs) that track overall effectiveness, which your leaders can communicate to your business stakeholders. Key metrics might include:
- Operational coverage of security risk;
- Time between compromise to detection;
- False and true positive identification driven by artificial intelligence/machine learning; and
- Frequency, adoption and value of MSSP-recommended changes.
The MSSP should contribute to and show how your security posture improves over time. Your organization should see a natural maturity progression, such as better detection and response.
4. Risk Translated Into Context
Eighty-seven percent of organizations see tech risk management as a siloed, reactive process rather than “an organization-wide function for proactive risk management,” according to KPMG. A well-developed governance, risk and compliance (GRC) strategy aligns the business objectives to appropriately manage risk and meet compliance requirements. A global MSSP faces the same challenges and must build services that embrace risk management.
MSSP services must consume and operationalize risk data and adjust service delivery based on risk. Understanding and classifying the risks posed and then translating them into actionable context in the security operations center helps translate risk concepts into action.
5. A Trusted Advisor to Your Business
Organizations often report that MSSPs typically don’t share insights, recommendations and learnings from similar accounts. A trusted advisor helps your organization take advantage of best practices and lessons learned from working with accounts at a global scale.
A trusted advisor also understands the risks to the business and can analyze and synthesize large data sets into actionable steps for the client. For example, an MSSP should dig into specific vulnerabilities, assess your security posture and proactively identify threats based on its experience and intelligence gathering.
What Can a Managed Security Services Provider Do for You?
A modern security services provider can change the game for your organization. MSSPs must be risk-aware and operationalize risk understanding into the delivery of threat management services. MSSPs must also be able to translate a global view into local delivery and apply global insights and intelligence in an advisory capacity to the benefit of all clients. Finally, MSSPs must be transparent in their role in improving the organization’s security posture.
Download IBM’s latest MSSP buyer’s guide
Vice president, global managed security services (MSS), IBM Security