Hybrid and multicloud solutions have created and will continue to offer great benefits for businesses. However, this means security experts will need to pay even more attention to the cloud as we move into the next several decades. Data visibility and management are key elements to watch when working with a managed security service provider (MSSP).

Future Security Operational and Compliance Priorities

A recent IDC Survey, Security Operational Priorities in 2020, found that for IT and security experts, access management and compliance are the two most important topics in 2020 and beyond.

As more and more employers move to the cloud and more people work from home, they also deploy new cloud services. This can introduce gaps in data security, data privacy and data residency. At the same time, these entities face new data protection rules. National laws focus on data origin, transfers and storage more and more.

Some groups are expressing concerns over data residency, which in turn is fueling strong demand for managed security service providers (MSSP) that are able to deliver their global processes and services in a regional model. What should companies review for data visibility and management working with an MSSP? Here, find some insights into how an enterprise might approach this choice.

Data Visibility and Management Can Vary by Country

Data privacy laws can vary from country to country. They can even have different meanings within each nation-state for how personal data is stored, shared and managed. The penalty for poorly handling data within different nations varies widely. But in any case, the impacts can be severe — from intense audits to high fines.

Data residency is a newer term, emerging over the last couple of years. It focuses most on the origin or national residence of the data. It comes from the rise of national rules about how companies collect, process and transfer the data of a country’s citizens.

An MSSP can handle complex data defense, privacy and residency concerns related to compliance. Businesses on their own may have strong data security controls but lack the controls to meet local compliance and privacy rules. Keeping an eye on and managing this aspect of data can take a long time and be too expensive. Therefore, many groups use a third-party MSSP to complete regular audits of their data.

Selecting an MSSP? Know Before You Go

Groups that outsource their data security and privacy needs should review the following with their MSSP. Focus on key data residency, security and privacy challenges.

  1. Where are the delivery centers located? Many current MSSPs can provide 24/7 support, but they lack the robust and proven processes, combined with formal security operations centers (SOCs), to support business needs around protection and residency. Ask your current or future provider where their centers are located.
  2. How is data protected within the regional SOC landscape? Next, review and understand what proven and tested controls the delivery center has to handle the stringent data privacy needs. Ask questions about how the provider inventories data assets. How does the SOC restrict access to sensitive data? Does it deploy zero trust strategies to limit access? How does it monitor and manage data storage and transfer?
  3. What auditing processes does the provider have for compliance? For mature projects, audits confirm rigorous processes and controls are in place. As you take a look at local MSSPs or your current one, ask to review how often and with which tools the provider conducts compliance audits. Do they complete the audit through the lens of various industry standards, such as the PCI DSS, ISO 27001 and SOC 2 Type II? Also, understand how the MSSP handles and resolves issues that have come up in past audits. Are they quickly solving problems and recording the changes they’ve made?

Use of MSSPs Becoming More Common

The work that needs to be done to answer the questions above can be daunting. A shortage of industry experts can make it more complex and risky to address these challenges. Entities of all sizes now face these same challenges. This is driving more MSSP outsourcing that can fully manage the data life cycle, simplify critical data controls and handle and resolve audits.

IBM Security Opens Kingdom of Saudi Arabia SOC

The Kingdom of Saudi Arabia’s (KSA) laws cover data privacy rights in accordance with the National Cybersecurity Authority-issued controls and standards. In general, the data within the country must be safeguarded and cannot be confiscated, delayed or breached. Over the course of 2020, IBM Security has made major investments into its SOC located in Riyadh. Our Middle East and Africa (MEA) customers also benefit from the global processes and procedures found across our six other SOCs.

Our team is aligned with fostering talent locally in KSA, including in-depth training, early hiring, and a commitment to hiring women (over half of our current KSA SOC analysts identify as female).

Check out the report excerpt from the IDC MarketScape for Worldwide Managed Security Services for more detailed coverage of our strengths and capabilities in serving clients around the world. Download a complimentary copy of the IDC MarketScape: Worldwide MSS Vendor Assessment.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today