Business environments are forcing organizations to rapidly evolve. Security and risk leaders are realizing that a modern security strategy requires dramatic changes to program governance, technology and execution.

Yet many organizations managing their own security program can’t keep pace and lack the specialized skills and competencies needed to cost-effectively protect against the increasing range, volume and severity of threats.

These challenges often lead IT and security risk leaders to consider outsourcing core functions of security to a managed security service provider (MSSP). Forrester surveyed firms on the most important drivers for outsourcing security and found that improved quality of protection, regulatory compliance, reduced cost and greater competency were the top drivers.

Managed security done well can help organizations navigate the complexity of security and the rapidly changing nature of compliance and regulatory requirements.

Let’s take a look at five key areas of your security program and explore how your next MSSP can add value to these functions.

1. A Focus on Fast and Relevant Detection and Response

As cyberattacks change and develop over time, proactive security monitoring and management requires new techniques and tactics, including artificial intelligence (AI), machine learning (ML) and orchestration to accelerate threat detection, reduce false alerts and improve response times.

Technologies like AI and ML have brought a lot of hype, but the reality is that these capabilities, combined with human expertise, enhance the detection and response process. Cyberattackers are using AI and ML to enhance their offensive capabilities, and defenders must respond in kind.

2. Globalized Operations With Regionalization

Leaders surveyed in the World Economic Forum’s Global Risk Report stated that data fraud and theft as well as large-scale cyberattacks were among the top five biggest risks facing the world in 2019. Cybersecurity no doubt is a global issue for organizations of all types.

Cybersecurity requires a holistic approach, one that takes into account the skills, processes, technologies, business strategies and organizational culture. A global managed security services provider understands the risks at both a macro level and within the context of what’s happening locally. In addition, a global MSSP with local capabilities can offer a variety of services models, such as fully outsourced, co-sourced team augmentation or dedicated on-site delivery.

3. Ability to Demonstrate Security Impact and Effectiveness

Organizations are understandably frustrated when traditional MSSPs share meaningless metrics. Security and risk leaders want to be able to show the board and C-suite the impact of security efforts in terms that are relevant to their business. If you can’t measure it, you aren’t managing it.

MSSPs should measure strategic, operational and tactical metrics on your cybersecurity. The bigger picture should convey key performance indicators (KPIs) that track overall effectiveness, which your leaders can communicate to your business stakeholders. Key metrics might include:

  • Operational coverage of security risk;
  • Time between compromise to detection;
  • False and true positive identification driven by artificial intelligence/machine learning; and
  • Frequency, adoption and value of MSSP-recommended changes.

The MSSP should contribute to and show how your security posture improves over time. Your organization should see a natural maturity progression, such as better detection and response.

4. Risk Translated Into Context

Eighty-seven percent of organizations see tech risk management as a siloed, reactive process rather than “an organization-wide function for proactive risk management,” according to KPMG. A well-developed governance, risk and compliance (GRC) strategy aligns the business objectives to appropriately manage risk and meet compliance requirements. A global MSSP faces the same challenges and must build services that embrace risk management.

MSSP services must consume and operationalize risk data and adjust service delivery based on risk. Understanding and classifying the risks posed and then translating them into actionable context in the security operations center helps translate risk concepts into action.

5. A Trusted Advisor to Your Business

Organizations often report that MSSPs typically don’t share insights, recommendations and learnings from similar accounts. A trusted advisor helps your organization take advantage of best practices and lessons learned from working with accounts at a global scale.

A trusted advisor also understands the risks to the business and can analyze and synthesize large data sets into actionable steps for the client. For example, an MSSP should dig into specific vulnerabilities, assess your security posture and proactively identify threats based on its experience and intelligence gathering.

What Can a Managed Security Services Provider Do for You?

A modern security services provider can change the game for your organization. MSSPs must be risk-aware and operationalize risk understanding into the delivery of threat management services. MSSPs must also be able to translate a global view into local delivery and apply global insights and intelligence in an advisory capacity to the benefit of all clients. Finally, MSSPs must be transparent in their role in improving the organization’s security posture.

Download IBM’s latest MSSP buyer’s guide

More from CISO

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen. Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…