Outsourcing security is a viable option for chief security information officers in many companies, and managed security service providers (MSSPs) are reporting 18 to 21 percent growth annually, according to Forrester Research's report, The Forrester Wave: Emerging Managed Security Service Providers, Q1 2013.
With this information in mind, Computerworld Singapore spoke to MSSP Integralis' CEO Simon Church and director of Security Strategy Garry Sidaway on what the security provider can offer to clients and its plans for the coming months.
1) Why would companies want to take the option of managed security services?
Church: I think one of the main factors is it is an enabler for an organisation to manage its risk. All organisations have to take risk to achieve business success and if you are being very tactical and running around just ensuring your organisation is secure, you are not able to manage the development of your business.
So the deployment of consulting services and managed security services with a combination of best-in-breed technology manage that risk profile for you while the management can go about their day-to-day job knowing that they are ensuring their business is nimble and encourage the use of different types of technologies like mobile-based technologies and social media to drive the business forward.
Another challenge that these organisations face is staff retention especially in the field of information security. Security workers are often too specialised to the verticals they operate in. Again, partnering with a third party such as Integralis gives you a much broader base and mitigates the risk of staff churn.
We find that we attract a lot of security specialists into Integralis because they are working with like-minded professionals. It's probably a lot harder for a large multinational to get that significant amount of expertise and then retain them. It ends up becoming a bit of an arms race in terms of remuneration. Working with a third party mitigates a lot of that risk.
2) What are the specific services that customers are looking for?
Church: What we are looking to do is to offer the bespoke service-based approach. We can work with clients on maturing their environment from a security and risk process. We are taking organisations from the stage of "Is your perimeter secure?" to "Is your data secure?"
The concept of the perimeter is becoming quite old-fashioned now as we shift from a security- based business to a risk-based business with the advances of mobility, a mobile workforce, a generation-Y workforce, different ways of communicating and moving away from corporate email to social media. That breaks down barriers and now the data is your new perimeter.
Sign up for CIO Asia eNewsletters.