Hybrid and multicloud solutions have created and will continue to offer great benefits for businesses. However, this means security experts will need to pay even more attention to the cloud as we move into the next several decades. Data visibility and management are key elements to watch when working with a managed security service provider (MSSP).

Future Security Operational and Compliance Priorities

A recent IDC Survey, Security Operational Priorities in 2020, found that for IT and security experts, access management and compliance are the two most important topics in 2020 and beyond.

As more and more employers move to the cloud and more people work from home, they also deploy new cloud services. This can introduce gaps in data security, data privacy and data residency. At the same time, these entities face new data protection rules. National laws focus on data origin, transfers and storage more and more.

Some groups are expressing concerns over data residency, which in turn is fueling strong demand for managed security service providers (MSSP) that are able to deliver their global processes and services in a regional model. What should companies review for data visibility and management working with an MSSP? Here, find some insights into how an enterprise might approach this choice.

Data Visibility and Management Can Vary by Country

Data privacy laws can vary from country to country. They can even have different meanings within each nation-state for how personal data is stored, shared and managed. The penalty for poorly handling data within different nations varies widely. But in any case, the impacts can be severe — from intense audits to high fines.

Data residency is a newer term, emerging over the last couple of years. It focuses most on the origin or national residence of the data. It comes from the rise of national rules about how companies collect, process and transfer the data of a country’s citizens.

An MSSP can handle complex data defense, privacy and residency concerns related to compliance. Businesses on their own may have strong data security controls but lack the controls to meet local compliance and privacy rules. Keeping an eye on and managing this aspect of data can take a long time and be too expensive. Therefore, many groups use a third-party MSSP to complete regular audits of their data.

Selecting an MSSP? Know Before You Go

Groups that outsource their data security and privacy needs should review the following with their MSSP. Focus on key data residency, security and privacy challenges.

  1. Where are the delivery centers located? Many current MSSPs can provide 24/7 support, but they lack the robust and proven processes, combined with formal security operations centers (SOCs), to support business needs around protection and residency. Ask your current or future provider where their centers are located.
  2. How is data protected within the regional SOC landscape? Next, review and understand what proven and tested controls the delivery center has to handle the stringent data privacy needs. Ask questions about how the provider inventories data assets. How does the SOC restrict access to sensitive data? Does it deploy zero trust strategies to limit access? How does it monitor and manage data storage and transfer?
  3. What auditing processes does the provider have for compliance? For mature projects, audits confirm rigorous processes and controls are in place. As you take a look at local MSSPs or your current one, ask to review how often and with which tools the provider conducts compliance audits. Do they complete the audit through the lens of various industry standards, such as the PCI DSS, ISO 27001 and SOC 2 Type II? Also, understand how the MSSP handles and resolves issues that have come up in past audits. Are they quickly solving problems and recording the changes they’ve made?

Use of MSSPs Becoming More Common

The work that needs to be done to answer the questions above can be daunting. A shortage of industry experts can make it more complex and risky to address these challenges. Entities of all sizes now face these same challenges. This is driving more MSSP outsourcing that can fully manage the data life cycle, simplify critical data controls and handle and resolve audits.

IBM Security Opens Kingdom of Saudi Arabia SOC

The Kingdom of Saudi Arabia’s (KSA) laws cover data privacy rights in accordance with the National Cybersecurity Authority-issued controls and standards. In general, the data within the country must be safeguarded and cannot be confiscated, delayed or breached. Over the course of 2020, IBM Security has made major investments into its SOC located in Riyadh. Our Middle East and Africa (MEA) customers also benefit from the global processes and procedures found across our six other SOCs.

Our team is aligned with fostering talent locally in KSA, including in-depth training, early hiring, and a commitment to hiring women (over half of our current KSA SOC analysts identify as female).

Check out the report excerpt from the IDC MarketScape for Worldwide Managed Security Services for more detailed coverage of our strengths and capabilities in serving clients around the world. Download a complimentary copy of the IDC MarketScape: Worldwide MSS Vendor Assessment.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…