Latest News  

Outsourcing security: What small businesses need to know

Forecasters predict that the booming managed security service provider (MSSP) industry will grow from $8 billion in 2015 to $30 billion by 2020.

2015-11-09 16:50:07

One question that small businesses often grapple with, especially in the early days of their development, is whether or not to outsource at least some aspect of their security, writes Ryan Berg in smallbusinesscomputing.com.

There are many instances when outsourcing computer, data, and network security makes sense:
• You may lack the appropriate in-house skills and resources
• You may not be in a position to make a full-time hire, let alone multiple hires
• You can't find the right person to fill a full-time role (Forbes expects our current cybersecurity workforce shortage to reach 1.5 million unfilled positions by 2019).
So does outside security help make sense for you? Possibly. But before you even think about outsourcing, you need to develop your own clear idea of what it is you actually need help with in the first place.

Outsourcing Cybersecurity 101

The simple truth is that you're not ready to outsource your small business security if any of these three points apply to your company.
• You can't clearly articulate your problem or goal
• You don't know where your assets reside or what data or systems you're trying to secure
• You don't have someone on board to actively own and manage the outsourced relationship

Small business owners must carefully avoid giving managed-security service providers the impression that they don't know what they need. The reality is many security vendors will see nothing but dollar signs; they may guide you to toward solutions that are easiest for them to implement instead of the solutions that best fit your needs.

Think of it this way: if you go to a brake shop because you think your car has a brake problem, you're more than likely going to cough up the cash for new brakes. Meanwhile, you may actually have a bigger issue with the car that remains unaddressed. Your shiny new brakes may work like a charm, but you can still get into an accident if the steering's off. And if you go back to the brake shop angry, they'll simply shrug and say of course they didn't protect you for that.

Advanced thought and planning is the best approach to outsourcing small business security. The worst thing you can say to a managed security service provider is, "I don't know where to start.

Outsourcing small business security works well only when you achieve these states:
• You have a clearly-defined problem to solve or goal to achieve.
• You find a vendor you work well with and can trust to deliver on your specific needs

There's no lack of outsourced security vendors from which to choose. But if you have a specific security goal that lends itself to outsourcing, you can whittle down the list to providers that specialize in that area. Then discuss these 10 essential topics with the managed-security service providers on your short list before you sign an agreement.

What to Ask Prospective Managed Security Service Providers

• Find out whether they've worked with small companies that are similar to yours in size, stage, and industry
• Get references
• Review their standards, policies, and procedures carefully
• Make sure all requirements and responsibilities will be documented in service level agreements (SLA) and/or statements of work
• Determine who on their side will manage your account and discuss your expected level of interaction (you don't want to enter a partnership expecting access to the Principal only to find out later that's not the case)
• Ask about reporting (what metrics do they measure, and how often do they report)
• Go over the game plan for incident response and recovery
• Ask about systems compatibility
• Make sure they can scale their protection as your company grows
• Have an exit strategy should the time come when you want to stop using their services

Small Business Security Caution

Remember, no one outside of your business values your business as much as you do. When you outsource aspects of your company's security you place your safety and success in their hands. You may pay for a level of professionalism, but when it comes down to it, an MSSP will act with its best interests in mind. Outsourcing isn't something you jump into quickly. Success requires a considerable amount of planning, discussion, and trust-building.

Ryan Berg is chief scientist at Barkly. A speaker, instructor, and author in the fields of security, risk management, and secure application development, Berg holds multiple patents. Prior to joining Barkly, he was chief security officer at Sonatype and chief scientist and cofounder of Ounce Labs.


0 COMMENTS ^ Go back to Top
WRITE A COMMENT ^ Go back to Top
 
Your email address will not be published.
Nickname
Email
Comment
Validation Code
   
 
 
NEWS
US company Visteon looks for software developers at Timisoara

Visteon, automotive supplier focused exclusively on cockpit electronics, it is setting up a new product development center in Timisoara, Romania. The company plans to build a team of 400 employees in Romania,

 Read Full article »
Gabriela Mechea takes over the helm of ANIS

The Software and Services Industry Employers Association ANIS appointed Gabriela Mechea as the organizations' executive director, replacing Valerica Dragomir who left the association after 17 years.

 Read Full article »
Poll: 2018 was hard for recruiting – 29 Interviews to one hire

Nearly nine out of ten companies had a tougher time finding suitable employees in 2018 compared with previous years, interviewing an average 29 candidates before hiring one person, a poll by HappyRecruiter show

 Read Full article »
CBRE maintains its market leader ranking with 24 per cent market share on the Bucharest-based office segment

In 2018, CBRE, the real estate consultant managed 24 per cent of the Bucharest-based office market, according to a release of the company.

 Read Full article »
Philippe Beucher takes a new opportunity outside Capgemini

After 5 years spent in Capgemini, Philippe Beucher, the Romanian company's branch CEO announced he decided to take another opportunity outside of the Group as of January 15th.

 Read Full article »
Amazon expands at Iasi with 5000 sqm of offices

At the end of 2020, the American company Amazon will rent an additional 5.000 sqm office spaces at Iasi, to amount over 18.000 sqm office space in Romania, according to sources in the real estate market and quo

 Read Full article »
Accelerator programme Legal Tech Hub Vienna to offer support for legal tech companies

The law firms Dorda, Eisenberger & Herzog, Herbst Kinsky, PHH, Schoenherr, SCWP Schindhelm and Wolf Theiss, today launched the Legal Tech Hub Vienna (LTH Vienna). The unique initiative, that brings together sev

 Read Full article »
Fusion and purchase market in Romania close to 2 billion euro in 2018

The fusion and purchase market in Romania came close to two billion Euro in 2018, according to an analysis made by Deloitte Romania, based on public sources and transactions made public.

 Read Full article »
DXC Technology to Acquire Leading Digital Innovator Luxoft

End-to-end IT services and solutions developer DXC Technology and Luxoft Holding announced a definitive agreement for DXC to acquire Luxoft, a global-scale digital innovator with differentiated offerings, deep

 Read Full article »
KPMG study: Big data needs a big re-think: consumers are more anxious, but businesses can restore trust with greater transparency

Global KPMG study of 25,000 consumers reveals that we are embracing new technology, but are concerned about the types of data held by businesses.

 Read Full article »
 
 
MOST READ ARTICLES
» The most appreciated companies from th...
» TELUS International Europe awarded Mos...
» Deloitte's Tech Trends 2019 report: B...
» Academic efforts to grow the employee ...
» Deloitte: Leadership disrupted: Pushin...
» Endava expands its IT team in Republic...
» Genpact named leader in global banking...
» Deloitte: Anxious millennials seek sta...
» Centric to double Iasi opps, leases 1,...
» CrowdStrike opens a new center of inno...
 
EDITOR CHOICE
Deloitte's Tech Trends 2019 report: Beyond the digital frontier

The recently released Deloitte's Tech Trends 2019: Beyond the digital frontier, as each Tech Trends report in the series conducted by the consultancy company, lobbies for embracing the increasing, often mind-b

 Read Full article »
KPMG study: Big data needs a big re-think: consumers are more anxious, but businesses can restore trust with greater transparency

Global KPMG study of 25,000 consumers reveals that we are embracing new technology, but are concerned about the types of data held by businesses.

 Read Full article »
Manpower: Romania's labor market, more prudent in the first quarter of 2019

More than two thirds (70 per cent) of employers in Romania anticipate no changes in the size of their payrolls in the first quarter (Q1) of 2019, the largest percentage in over two years, and this suggests the

 Read Full article »
Noni Jain, Wipro Europe: It is fundamental how you coach the employees and prepare them for the next level of an evolving organization

How do you attract and retain a globally-mobile workforce? What technologies do you need in your arsenal to get the most from the tech-savvy "Generation Y"? To drive innovation and attract and retain top talent

 Read Full article »
Ascentis: The top ten HR trends for 2019

Ascentis, specializing in in integrated Human Capital Management software published the main HR trends for 2019, findings resulted from the work together with their workforce and leadership strategist Eric Swen

 Read Full article »
Latest News  
 
about us | newsletter | contact | members area | GDPR policy
Copyright © 2015 by Diplomat Media Events Design by Diplomat Media Events