// EXPERT PROFILE //
Should you outsource your security function ?
The role of the security function at companies of all sizes is managed many different way , but the process can become fragmented when handled in-house . Scott Dodds , CEO , Ultima , explains how in the current climate , Managed Service Providers ( MSPs ) can add value , especially when it comes to moving to the cloud .
“
TO UNDERSTAND HOW EFFECTIVE
THE MSP ROUTE FOR
YOUR SECURITY FUNCTION
WOULD BE , TAKE SOME TIME TO ASSESS YOUR
CURRENT NEEDS .
ANY ORGANISATIONS
M
ARE now seeing a need to digitise operations and are moving to the cloud in large numbers . While this addresses a specific need to scale a business and improve efficiencies , if it is not managed correctly with the necessary security infrastructure in place , the pay-off will be poor visibility and a lack of control over what is happening in the cloud environment .
Outsourcing a business ’ s security function to a MSP could provide the ability to scale , deliver greater compliance and greater efficiency of cybersecurity solutions - benefits that could all add up to a lot more than just a cost-saving if managed correctly .
But how easy is it to effectively outsource the security function ?
What is your current security performance like ?
To understand how effective the MSP route for your security function would be , take some time to assess your current needs . Traditionally , in-house threat intelligence would do a true-up of a workload environment once a month or quarter . In its most generic form , a true-up means to match or adjust and raise issues to management . This works fine in an on-premises service , but when you are in the cloud scaling up and down quickly you can end up creating a void if the true-ups only occur infrequently .
As a result , we ’ ve found that a quarter of all organisations lack critical patches , yet many often don ’ t realise . This is because a traditional patching service is manual and the patches on servers on virtual machines are only identified once a review is done or worse , when an incident happens .
A common scenario when moving to the cloud is to keep existing security solutions , layering it over the top as best as possible . This gives some form of protection , but visibility over the whole environment is reduced because the cloud works in a very different way to on-premises . Put simply , a traditional security stance or solution won ’ t work in this instance . So , what other options are there ?
Understanding the role of an MSP
Many businesses enlist the help of a MSP but often find that the company provides little value beyond incident alerting . It doesn ’ t adapt quickly enough to the evolving threat landscape .
34 intelligent
. tech
Intelligent SME . tech