Nationally and internationally, the growing trend is for organisations to outsource the management of their network security to specialists.

There are many reasons for this - everything from the growing threat of security breaches to compliance concerns, cost issues and the difficulty of sourcing skilled internal staff. Graeme Cox, MD dns looks at why organisations are turning to managed security services to secure the company network.

The result is that Managed Security Services (MSS) is the fastest growing segment of the information security services arena, and the global MSS market is set to double to $12b by 2010.

Understandably, however, this is not a decision that organisations take lightly. Until the realities of managed security services are clearly explained, giving responsibility to a third party for your network security may feel like you are outsourcing control. And there may be other issues of concern, such as justifying the investment and wondering how to go about the outsourcing process itself.

Why should you be interested in managed security services?

You must protect the business

This is clearly the key issue at the heart of network security - protecting your organisation from malicious threat. This is the main driver for many. Organisations can no longer afford to take risks with security. An expert third party will bring that additional tier of expertise to guarantee protection.

You want to save money

A typical large public sector organisation estimates that it would need 8-12 full-time staff to do the work carried out on its behalf by an external security team. And that's only one of the cost savings that can be achieved through outsourcing.

For instance, without 24-hour outsourced security, an organisation can start work in the morning only to discover its entire network has been taken down by a malicious attack overnight. We've probably all seen it happen.

Then there are longer-term issues to consider. The cost savings available through protecting your data, reassuring your clients and meeting all compliance demands can make the difference between an organisation in trouble and an organisation that is thriving.

You don't have the skills in-house

Organisations usually don't have the necessary skill sets in place and recruiting the right people makes no sense financially. Selecting a partner to provide expert operational support therefore emerges as the logical solution. 

You are concerned about compliance

Given the fall-out from the Enron scandal, this is a particularly big concern for US companies – and an increasingly important issue for the UK too. Security management is not just about protecting your network from malicious threats (essential though that is).

It's also about meeting regulatory standards and providing tangible reassurance to your customers, suppliers and staff that the network is secure. A good managed security service will fulfil all compliance requirements.

It's a better way of managing risk

Risk management is an issue that a good network security specialist will be able to advise you on. Allowing your outsourcing partner to focus on this issue is invariably more time and cost-effective than attempting to manage it in-house. A third party is able to bring a level of expertise and a third-party perspective that will reduce both risk and cost.

You want to focus on core strengths

Outsourcing enables your IT team to focus on core issues. Security management is a time-consuming, challenging responsibility that often eats heavily into the time of employees and distracts them from other priorities. Compartmentalising that responsibility and removing the demands on staff for operational activities creates a helpful demarcation line that will deliver time and cost savings.

The threat from worms and viruses is constantly changing

As anyone reading the papers will know, the global threat from worms and viruses is increasing exponentially. Keeping on top of the rapidly changing nature of these threats requires full-time expertise of the type that is usually only found with specialist-managed security service providers.

You want protection, 24/7

The threat to network security is global; it never stops. Yet most organisations in the UK shut up shop in the evening, leaving their network vulnerable to attack throughout the night. Managed security services are manned 24 hours a day - something that few organisations could afford to do or would be prepared to manage internally.

You want simpler reporting

A professional managed security service will provide you with a centralised reporting service that keeps you fully up-to-date with the levels of threat to your organisation and what is being done to combat it.

The clarity and simplicity of the data will keep you informed and in control without eating into your time. The reporting service is typically provided through a real-time 'dashboard' (a secure website) that can only be accessed by your nominated managers.

Technology is not enough

Hardware and software is not enough on its own. Installing a bank of 'whining devices', whirring away in the background of your building, may provide reassurance at one level but, without 24-hour analysis from an expert team, it will not be enough to eliminate all threats.

Effective security management requires that people on the ground are able to identify trends and spot behavioural threats. This is one of the big advantages you receive from a 24-hour service manned by experts.

MSS - what is it and how does it work?

Managed security services (MSS) describes the provision of skilled, specialist assistance to the management and monitoring of your IT security status. A combination of people, process and technology, MSS provides real-time detection and reaction to information security threats, 24/7.

Many managed services are available in the market place but key services include managed firewall and VPN, managed security monitoring, managed email security, managed strong authentication, managed content security and managed vulnerability assessment.

Most MSS providers will place a ‘black box’ on the client network. The black box collects, aggregates and correlates data from a broad range of security devices, including firewalls and intrusion detection systems (IDS) from a range of the leading vendors.

It reduces the data volume and passes back normalised events to a secure command and control centre where service management and attack analysis is undertaken.

Events deemed serious enough to warrant further investigation are automatically raised as tickets in the MSS provider's service desk, from where a team of 24/7 security analysts investigate and respond to security events as they happen.
An MSS provider should provide tight SLAs for detection and response and reporting should be handled by an online reporting portal or dashboard.

Case Study

Wood Mackenzie benefits from managed security services

Independent consultancy Wood Mackenzie has benefited from employing managed security services within its operations. Like most organisations it has an active interest in perimeter security against prevalent threats. The company had multi-site environments to monitor around the world and so felt that managed security would provide them with the needed protection 24/7.

Colin Weddel, head of technology at Wood Mackenzie comments: 'We were headquartered in London, Boston, Sydney and Moscow and it was important to us that we were able to maintain an environment that provided security across all of those offices. The idea of managed services giving us 24/7 support of our environment was very attractive. We now know whenever there is a problem and we are alerted very quickly, not only in terms of failure of equipment but potential security breaches.'