As companies on the verge of digital transformation do the inevitable but daunting task of renovating their local IT infrastructure and moving some operations to the cloud, IT decision makers typically face regulatory compliance, security and risk reduction issues. These business concerns are exacerbated by the lack of skilled IT professionals and the inability to keep pace with the latest tools, technology and best practices.
More than half of IT decision-makers have seen a general rise in security threats, with a third acknowledging that their organization lacks the necessary level of on-premises and private cloud staffing and skills, according to a study by Enterprise. Strategy Group (ESG), a division of TechTarget. These decision makers also said that the biggest hurdle for hybrid cloud is to ensure and maintain the proper configuration of cloud services, followed by inconsistent internal security policies and compliance with different regulations for the cloud environment.
Outsourcing to a managed security service provider (MSSP) can help address these issues. “By 2024,” IDC announced, “50% of organizations will use applications built on abstraction provided by managed services.” In this regard, MarketsandMarkets expects the global managed services market by 2026 to exceed $ 350 billion.
“The conclusion of [H] is that you will usually get better security by going with an MSSP than by trying to take a self-made approach,” said Brien Posey, a 30-year-old Microsoft MVP. years of IT experience as a senior network engineer in the U.S. Department of Defense, as a network administrator for a chain of hospitals and healthcare facilities, and as a network administrator for major insurance companies. “[] You must have a strong security policy, as this security policy ultimately sets out how your security products and services are configured.”
In this video, Posey explains how MSSPs can research, recommend, and configure how they can research, recommend, configure, and configure products and services that are consistent with corporate policy, and determine other benefits of managed services, including risk assessment, advanced end threat detection, vulnerabilities. management, firewall implementation, health reports, security audits, and post-infringement services.
Contents
Transcript
Brien Posey: Hello, goodbye and welcome. I’m Brien Posey, and I want to talk about how managed services today can help your organization move quickly, if you can. So to give you some information about me before I start, I am a freelance IT author and speaker with 30 years of IT experience. This may interest you : Global IoT Managed Services Market Report 2021-2026:. I’ve also been a 20-time Microsoft MVP and commercial astronaut candidate. So with that said, let’s move on.
You know, one of the things I’ve noticed over the decades of working in computing – and I’m sure many of you have noticed – is that IT is moving much faster than ever. . When I first started, it was pretty common for the process of expanding a new workload or a new service to weeks, if not months. After all, a lot of planning had to be done. You had to get the hardware to run the workload, and there were many other factors. And all of these factors took time.
Nowadays, however, you can spread your workloads in the cloud very, very quickly. And in fact, we often hear a lot about IT agility. The idea of agility is that as soon as an organization recognizes a business opportunity, then IT needs to respond to that opportunity and expand a workload very, very quickly. While there is nothing wrong with agility, there is a side effect. And that side effect is that IT professionals are almost always caught up in catching up, especially when it comes to maintaining the set of skills needed in a rapidly changing environment. What’s especially disappointing is that there are often not enough hours in the day to do your job and do everything you expect from yourself, and learn all the new skills you need to adapt. to this rapidly changing world. As if that weren’t enough, we’re in a time of ever-shrinking IT budgets. So adding additional staff will probably not be an option in most cases.
So what is the solution to these problems? If so, one of the best options is to use a managed service provider to fill the gaps in your IT environment. Now, IT professionals are reasonably skeptical about outsourcing. I mean, if you’ve worked in computer science for a long time, you’ve probably seen situations where IT professionals have lost their jobs as a result of outsourcing. But with that being said, outsourcing has its place. The trick is to be smart. You don’t want to outsource your work. But all you can do is use outsourcing to a managed service provider that you don’t have the time, skills, or worries to handle.
Outsourcing can have similar benefits to adding staff, but without the bureaucratic problems you would get from HR. So when it comes to IT outsourcing, one of your best options is to use a managed service provider – which you often see abbreviated as MSP – or a managed security service provider – usually abbreviated as MSSP. the security of your organization.
Now, one of the things you need to understand is that there are differences between a managed service provider and a managed security service provider. A managed service provider is basically just an IT outsourcing organization that manages general computing. So these kinds of organizations can do all sorts of things for you; they can do everything from setting up virtual machines and setting up firewalls. Now, the managed security service provider, on the other hand, only focuses on security. And if you’re outsourcing security, it’s best to use a managed security service provider, as they will generally have a higher level of experience than you would find with a managed service provider alone, because security is their only one. focus.
Now, one of the things I want to talk about right away is that it’s easy to think that using a managed security service provider will weaken your compliance initiatives, or at the very least, that you will do a lot of compliance. more difficult. But, at least in some cases, the opposite may be true, because one of the things that compliance auditors often look for is to check what resources the IT department has access to. And if you’re outsourcing all of your security, there may be a situation where no one in the IT department will be able to access sensitive information, such as security log files, which can make your compliance a little easier. So an added advantage is that managed security service providers rely solely on security, and will likely have the skills and resources that are unlikely to be developed internally. Now, what do I mean by that? Well, if you stop and think, if an MSSP is focused solely on security, then they will make a huge investment in security. It just makes sense. Now, internally, security is not your main business. This is just one of the things you need to do to protect your business. So business leaders will try to reduce the amount of money they typically spend on security. Conversely, an MSSP uses security throughout its business. So they will spend a lot more money on security and as a result they will probably have extra resources that you will not have at home. So the bottom line is that you can usually get better security by going with an MSSP, rather than trying to fully incorporate your own approach.
One of the things I’ve mentioned on several slides is that if you’re outsourcing part of your IT operations, it’s important to be smart about it. And that means choosing a managed service provider or a managed security service provider that can meet your needs. So you have to think about a couple of things.
First and foremost, make sure you choose a reputable provider. Believe me when I say that there are a lot of night outfits. So you want to choose a provider with a well-established path because we are talking about the security of your organization. If something goes wrong, you’re the one who gets the bag. So you never want to be frustrated if you cannot get the right pitch so invest in a good capo. It is important to make sure that you choose a reputable provider.
Another thing to keep in mind is the capabilities, resources, and services of a managed service provider, and ensuring that they are tailored to the needs of your organization. That’s one of the reasons why I recommend using a managed security service provider if you’re trying to outsource security to a generic managed service provider, because a managed security service provider will typically have more resources and typically will. they have a much deeper knowledge of security, which is their main focus.
One of the basic services provided by managed security service providers is risk assessment. Risk assessment involves the provider conducting a comprehensive security audit of your organization in an effort to identify coverage vulnerabilities and gaps. Now, in the past, risk assessment was done by a team of consultants and was done entirely locally. But if an organization has taken everything to the cloud and operates exclusively in the cloud, then there is no reason for consultants to come to the premises, and the risk assessment can be done remotely. Now, risk assessment is usually one of the things that a managed security service provider usually does before accepting full responsibility for your organization’s security responsibilities, because ultimately they need to know where these coverage gaps may be. But even if you are not willing to hand over all security issues to a managed security service provider, you may be able to provide a security risk assessment to a provider and let them know where you are. you can identify these coverage gaps and know where to focus your security efforts.
One of the basic truths of IT is that good security involves buying a lot of security products and services and then spreading them to your organization. To have good security, you need to have a strong security policy, which promises how your security products and services are ultimately configured. These security products and services are configured in accordance with the policies you have set up in your organization. And it’s something that a managed security service provider can help you with. If you do not already have a security policy, they will probably build one for you based on your organization’s security and operational needs. If you already have a security policy in place, you may be able to review and look for areas for improvement.
Another service offered by some, but not all, managed security service providers is full research and recommendation. So let’s say for a moment that your organization has a certain security challenge that it’s trying to fix. You may want to contact a managed security service provider and suggest a product, tool, or service that can help you with this specific issue that you are trying to resolve. Now, you have to be careful with this for a number of reasons.
First of all, not all providers offer this service. So you need to see what your provider is offering. But if your service provider provides the service, then it is important to have a very honest conversation with them before accepting the recommendation at face value, as some security service providers work directly with software vendors and earn a commission for the products they sell. . So they have an incentive to sell if it might be in your best interest. So it’s important to talk to your managed security service provider and find out if they work on commission with a software vendor before accepting the recommendation. Now, this is certainly not a complaint from all managed security service providers. There are providers who will give you feedback without your opinion and will try in good faith to recommend tools and services for you. You need to know where your provider is.
Another thing that a managed security service provider can do for you is help you put in place different security solutions. Now, that can mean a lot. Installing or configuring a particular product or service can be as simple as setting it up. Undoubtedly, this is within the scope of the implementation of the solution. But it can also mean something bigger, such as implementing an architecture like zero trust. Because zero trust is not a product you can actually buy; it’s a way to set up your environment so that nothing is untrustworthy without first checking.
The implementation of the solution can also refer to helping an organization comply with regulations. A service provider, for example, can work with the organization to implement its initial compliance, and then continuously, if necessary, assist the organization in maintaining that compliance. So these are just a few ways to help your managed service provider implement solutions.
One of the things I said at the beginning is that each managed security service provider works a little differently. They all have a unique list of services they offer. But one thing that almost all managed security service providers offer is reporting and auditing capabilities. A good provider should be able to provide regular health safety reports and safety audits. And these types of reports can be very helpful for any organization because they help you understand where your risks are, what threats the organization is actively involved in, and things like that. But they can be particularly crucial for organizations with compliance requirements, as compliance requirements will often require security audits. And it’s something that a good managed security service provider can help you with.
Another thing that can help a managed security service provider is IT training and certification. Now, this is certainly not something that all providers offer, but there are those that do. In fact, early in my IT career, I got a lot of my IT training from a managed service provider. And that provider did a really good job, and they also helped me with the certification process. So this is definitely something to consider if your provider offers these types of services.
Another service offered by some, but not all, managed security service providers is to control configuration drift. The idea that a server or a firewall or other device behind a configuration diversion control is configured in a certain way right now does not mean that it will always be configured that way. An administrator can make a change that changes the configuration of that particular IT resource. Now, sometimes these kinds of changes are completely justified. But there are sometimes changes that undermine the security of a particular resource. So here’s how to control configuration drift. It compares the current configuration of a computer resource to a previous state that was known to be good, and looks for signs that the configuration has changed. And in some cases, it is also possible to revert to the previous configuration. Therefore, detecting configuration drift may indicate administrative activity, whether justified or unjustified, or may indicate that your organization has been infiltrated by an attacker working to undermine the security of some of your resources. Therefore, it is important to keep track of your configuration deviation through a managed security service provider, or if you use an original resource, such as the Microsoft Desired State Configuration tool.
Many managed security service providers will also offer services related to your firewall and access detection [IDS] or intrusion prevention system [IPS]. Now, these services vary a lot from one provider to another. But, a provider can offer a service to implement these specific resources. So if you have a new firewall and need a little help spreading it, a managed security service provider might be able to help you with that.
They can also help you with maintenance. For example, each time a new firmware update is released, a provider will help you obtain that firmware update and apply it to your firewall or IDS or IPS tool. Also, a good managed security service provider can probably help you keep track. So they may be able to help you detect attacks by scanning ports against your firewall, or they may be able to keep track of your IDS or IPS records for signs that indicate an attack.
Another service offered by most managed security service providers is advanced end threat detection. Advanced End Threat Detection involves monitoring your endpoints that your user is working on and looking for signs that may indicate that an attack is underway. Now, this is very good. But before you sign up for a service like this, you need to consider how your staff works. Prior to the pandemic, many employees worked on desktops or laptops that were included in the domain. But right now, almost everyone is still working remotely. And in many cases, they are working from personal devices. Therefore, the use of advanced end threat detection may not be possible if a user is working from a personal device. On the other hand, if you have a lot of users working on devices owned by your company, this may be a service that you want to consider.
Another basic service provided by most managed security service providers is security monitoring. Now, monitoring can vary from provider to provider. But in many cases, security control is based on the aggregation of log files. So this means that the managed security service provider collects all the log files that are created in your organization, merges those log files, and then merges those log files, and then scans those log files. . look for someone who doesn’t see anything that might indicate a security issue. So great. But there are a couple of things you need to realize before you sign up for security monitoring.
First of all, make sure that the tracking services that are being offered exist for all the products that you use. It is possible that you have a key resource within your organization that is likely to create log files that can be scanned but not supported by a specific managed security service provider. It is important to ask what a provider does to avoid false positives, as the log file aggregation tools that are being used generate a huge number of false positives. And if you have to investigate all the false positives, the facts that really mean something can slip through the cracks, because a lot of false positives need to be screened. It is therefore important to minimize any false positive tools used by the provider.
Another thing that many managed security service providers offer is post-rupture services. In other words, if you experience a security incident, your managed security service provider can help you deal with the consequences. So what kind of things do they offer? If so, many managed security service providers offer forensic analysis. They can help you find out how an attacker got into. Some even help report violations; In other words, if you have a duty to report a security breach to customers or a regulatory authority, your managed security service provider may be able to help you meet these requirements. Some managed security service providers also offer support for fixing malware. In other words, if you are hit by malware or ransomware, they can help you clean up the mess that this malware creates and help ensure that it is completely removed from your environment. And some providers also offer data recovery services. So again, if you were infected with ransomware, it might help you to recover all your data from that ransomware without paying the ransom.
So these are just a few of the many services offered by managed security service providers. I’m Brian Posey, thank you for watching.
What is the underlying project work outlined below the disadvantage of outsourcing? Trust, which is essential for the success of projects, can be difficult because of limited interactions and people coming from different organizations. … The core group depends on other organizations that do not have direct jurisdiction over them.
What are the advantages and disadvantages of outsourcing project work? Advantages and disadvantages of the outsourcing project …
Cost reduction. Companies can get competitive prices for contracted services, …
Dig Deeper on Converged Systems Management
business process outsourcing (BPO)
15 benefits of outsourcing your cybersecurity operations
Pros and cons of an outsourced SOC vs. in-house SOC
Note these 5 security operations center best practices
Which of the following are disadvantages of outsourcing project work?
Finish the project faster. To see also : Innovations in eDiscovery Managed Services | Legility – JDSupra. In addition to making the work cheaper, it can be done. …
High level of specialization. It can lead to a high level of specialization and technology. …
- Flexibility.
- confidentiality and security – which may be at risk. Lack of flexibility – the contract may be too rigid to accommodate changes. management difficulties – changes in subcontracting companies can lead to friction. instability – an outsourcing company can leave the business.
- Outsourcing will allow a company to focus on its core aspects by delegating less critical functions to an external third party organization. … Insourcing brings new employees to the company, rather than outsourcing tasks to third parties.
- BPO offers a number of benefits, such as lower costs, global deployment, and greater efficiency, and its drawbacks include security issues, hidden costs, and over-reliance.
What are the disadvantage of outsourcing?
What is outsourcing and its advantages and disadvantages? Outsourcing will allow a company to focus on its core aspects by delegating less critical functions to an external third party organization. Read also : Global IT Managed Services Market Report 2021-2025 Featuring IBM Corp, Cisco Systems, Fujitsu, & Accenture. … Insourcing brings new employees to the company, rather than outsourcing tasks to third parties.
What is outsourcing and its advantages and disadvantages?
Reducing costs By hiring a company, you can reach out to highly skilled technicians without breaking the bank. In addition to the cost of risk analysis, security tools, applications, and equipment, outsourcing is more cost-effective compared to home security solutions.
What are the advantages and disadvantages of BPO?
Is security outsourced? On the other hand, between 49% and 38% of organizations outsource IT security services related to threat detection and monitoring, incident response, threat intelligence, and security risk resolution.
Outsourcing security providers manages most of the business risks for you, with industry-specific knowledge and specialization, especially compliance and regulatory issues. Managed IT support significantly reduces the chances of security breaches.
Is it better to outsource security?
An outsourced SOC allows immediate access for talented and certified cyber professionals around the clock, intelligence of shared threats, separation of tasks, scalability, reduction of barriers to entry, and reduction of ongoing costs. additional burden on HR, installation and management.
Outsourcing is effective because it provides you with layered protection. Most of the contracted cybersecurity monitoring companies offer more comprehensive and effective security controls and appropriate methods that can prevent human or internal personnel errors; it can also cause a high level of data breach.
Should you outsource security?
Outsourcing is effective because it provides you with layered protection. Most of the contracted cybersecurity monitoring companies offer more comprehensive and effective security controls and appropriate methods that can prevent human or internal personnel errors; it can also cause a high level of data breach.
Should you outsource SOC?
According to the Deloitte 2019 Future of Cyber Survey, 99% of respondents surveyed at least some of their cybersecurity operations. Many businesses take a hybrid approach: outsourcing cybersecurity to certain functions and doing others at home.
Should I outsource cybersecurity?
Outsourcing cybersecurity ensures that your organization is protected by professionals who specialize in protecting and defending your data. Some cybersecurity providers may also offer additional services to help resolve and recover from a cyber incident.
Should I outsource cybersecurity?
An outsourced SOC allows immediate access for talented and certified cyber professionals around the clock, intelligence of shared threats, separation of tasks, scalability, reduction of barriers to entry, and reduction of ongoing costs. additional burden on HR, installation and management.
Are cyber security jobs outsourced?
As a NOC, a SOC is often an important part of a business. But, while a NOC prioritizes IT performance, a SOC relies solely on security. Today’s companies are increasingly vulnerable to malware, ransomware, and other types of cyberattacks, but a SOC can protect a company from such attacks.
Should cyber security be outsourced?
SOC Analyst is a job title for new and experienced professionals from infosec. This job may be a great step toward a cybersecurity career, but it is a rigorous and repetitive job that can lead to burns.
Should you outsource SOC?
A company should outsource when you need to focus on your critical business. … By taking the time to attract, hire, train, and retain talent in areas outside of your core competencies, you are also using the valuable resources you need to focus on your business criticism. In this case, outsourcing may be your best bet.
Which is better NOC or SOC?
Why should you outsource? The benefits of outsourcing include improving the quality of systems and services, access to the most skilled professionals around the world, better time management, avoiding staff problems and much more. Outsourcing is an effective strategy for outsourcing business processes.
Is working in SOC good?
When should a corporation or business unit consider outsourcing a function or activity? A corporation should be outsourced if they do not have a distinctive competency in a particular functional area, that area would be the candidate for subcontracting.
When should you outsource?
But if the process has no strategic value, production is expensive, or the internal organization lacks special capabilities, consider outsourcing. Whether or not a company decides to outsource a particular function should be reviewed regularly.
Companies use outsourcing to reduce labor costs, including staff salaries, overheads, equipment, and technology. Outsourcing is also used by companies to limit and focus on the core aspects of their business by directing less critical operations to external organizations.
When should a company outsource a function or an activity?
: hiring from external sources and especially from foreign or non-union suppliers (something, such as some goods or services needed by a company or organization): work, work, etc. decided by external or foreign workers. Outsourcing some back-office operations Some services and aspects …
When should a corporation or business unit consider outsourcing a function or an activity?
What are some examples of outsourcing? Advertising, office and warehouse cleaning, and website development are the best examples of outsourcing. Most business owners are delegated to outsourced specialists in terms of accounting, maintenance and procurement. This helps companies focus most of their resources on the core business.
When Should outsourcing be used?
by doing a job contract with another company to do this, often in a different country than in your company: Candidate talks about working class issues, especially about outsourced jobs abroad.
What is the meaning of out source?
Common outsourcing activities include human resource management, facility management, supply chain management, accounting, customer care and service, marketing, computer aided design, research, design, content writing, engineering, diagnostic services, and legal documentationâ.
hire
Are you outsource meaning?
outsourcing
What is an example of outsourced?
assign
What’s another word for outsourcing?
| deputy | named |
|---|---|
| named | select |
| named | load |
| empowerment | It happens when an outsourcing company hires a specific process from a third party when they find someone who specializes in everything they need to do. Relocation occurs when companies outsource domestic work. Both can save a company money, but relocation only means sending jobs out of the country. |
| Outsourcing is the business practice of hiring a third party to perform tasks, manage operations, or provide services to the company. … Companies can outsource entire divisions, such as their entire IT department, or just parts of a particular department. | Outsourcing is effective because it provides you with layered protection. Most of the contracted cybersecurity monitoring companies offer more comprehensive and effective security controls and appropriate methods that can prevent human or internal personnel errors; it can also cause a high level of data breach. |
What is the difference between offshoring and outsourcing?
Are cybersecurity outsourced? According to the Deloitte 2019 Future of Cyber Survey, 99% of respondents surveyed at least some of their cybersecurity operations. Many businesses take a hybrid approach: outsourcing cybersecurity to certain functions and doing others at home.
What is outsourcing in simple words?
Outsourcing cybersecurity ensures that your organization is protected by professionals who specialize in protecting and defending your data. Some cybersecurity providers may also offer additional services to help resolve and recover from a cyber incident.
Should I outsource cybersecurity?
Outsourcing IT security increases the security you can provide to your employees and customers. It also reduces the risk you carry by transferring that risk to MSP.
Contracted cybersecurity is an externally managed service that employs certified cybersecurity professionals to manage your organization’s cyber protection needs.
Should cyber security be outsourced?
Nowadays, however, you can spread your workloads in the cloud very, very quickly. And in fact, we often hear a lot about IT agility. The idea of agility is that as soon as an organization recognizes a business opportunity, then IT needs to respond to that opportunity and expand a workload very, very quickly. While there is nothing wrong with agility, there is a side effect. And that side effect is that IT professionals are almost always caught up in catching up, especially when it comes to maintaining the set of skills needed in a rapidly changing environment. What’s especially disappointing is that there are often not enough hours in the day to do your job and do everything you expect from yourself, and learn all the new skills you need to adapt. to this rapidly changing world. As if that weren’t enough, we’re in a time of ever-shrinking IT budgets. So adding additional staff will probably not be an option in most cases.8
Should you outsource IT security?
Nowadays, however, you can spread your workloads in the cloud very, very quickly. And in fact, we often hear a lot about IT agility. The idea of agility is that as soon as an organization recognizes a business opportunity, then IT needs to respond to that opportunity and expand a workload very, very quickly. While there is nothing wrong with agility, there is a side effect. And that side effect is that IT professionals are almost always caught up in catching up, especially when it comes to maintaining the set of skills needed in a rapidly changing environment. What’s especially disappointing is that there are often not enough hours in the day to do your job and do everything you expect from yourself, and learn all the new skills you need to adapt. to this rapidly changing world. As if that weren’t enough, we’re in a time of ever-shrinking IT budgets. So adding additional staff will probably not be an option in most cases.9
Is cyber security outsourced?
So what is the solution to these problems? If so, one of the best options is to use a managed service provider to fill the gaps in your IT environment. Now, IT professionals are reasonably skeptical about outsourcing. I mean, if you’ve worked in computer science for a long time, you’ve probably seen situations where IT professionals have lost their jobs as a result of outsourcing. But with that being said, outsourcing has its place. The trick is to be smart. You don’t want to outsource your work. But all you can do is use outsourcing to a managed service provider that you don’t have the time, skills, or worries to handle.0