Should enterprises outsource security? - Outsourcers Offer Expertise and SLAs
Augmenting or replacing internal security with a managed security service provider lets the enterprise focus on its core competencies while improving security.
Most enterprises look at security as a cost center, and few resources and little attention are devoted to it. Believe it or not, most enterprises don't have a consistent, companywide security policy. Nor do they perform regular external audits. This makes them a lightning rod for hacker attacks.....
Should enterprises outsource security to a third party? -- Security Outsourcers Offer Expertise, SLAs
BYLINE: CODY CHRISTMAN
An MSSP can assist in hardening network devices, operating systems and applications. MSSPs monitor security device logs with advanced data mining capabilities, look for trends over the course of months, respond instantly to incidents and perform forensic analysis.
Through partnering with third-party security vendors, monitoring hacker newsgroups and following http://www.cert.org , MSSPs are well-informed on the latest threats. Noting trends throughout their customer base better prepares them for specific attacks.
Another major benefit MSSPs offer is strong service level agreements. These can include timely device installations, speedy security policy updates and real-time attack responses.
They can guarantee the most current database is in use for intrusion detection systems, virus scanners and content filters, and that security devices will be loaded with the latest code versions and bug fixes. Constraints on time and resources make it unlikely that enterprises will generate this type of commitment internally.
Some argue it may not be wise to relinquish control of security to a third party. But this has been done for years in securing brick-and-mortar businesses. The same principles hold true for Internet security. Enterprises should look for a reputable security partner.
Cody Christman is director of product engineering at Verio.
