Outsourcers need help
In order to squeeze the most value from outsourced security services, Pollard says it’s incumbent upon companies to put processes and communications channels in place so they can provide input to MSSPs to give them the right context for evaluating alerts. Moreover, companies that work with service providers should also be prepared to explore and troubleshoot more events, because MSSPs usually do a better job than internal staffers when it comes to detecting suspicious activity, he explains.
“MSSPs have lots of visibility across clients and can make that relevant for each, but what they don’t understand are the unique things in your organization — the micro versus macro issues, or which business units are most sensitive,” Pollard says. “Companies need someone internally to serve as the liaison.”
But being a liaison can be time-consuming. Ask Wes Farris, the information security officer and MSSP liaison at the Harris Center for Mental Health and IDD. He has so much else on his plate that he can only spend a limited amount of time working with the MSSP to fine-tune log monitoring and alerts to reflect the working habits of his users and the business. “To get more value out of this service, we should be proactively tuning it, and I don’t have time. It’s a full-time job,” he says, adding that the center can’t afford to hire an additional full-time employee to focus on the liaison’s role.
As with any vendor relationship, Farris and others say it’s important to manage your MSSP and hold it accountable. Farris recommends choosing a partner with expertise in your specific industry. Doing the due diligence to select the right service provider is critical, given the importance of IT security — and because it’s difficult to cut ties and move to another provider if things don’t work out, he says.
“Once you execute a managed services contract where you are monitoring hundreds or thousands of devices, it’s not easy to rip and replace,” Farris says. “You have to make sure this is a company you want to use, that the tool sets are expansive and that the people working there are those you can trust.”
Sign up for CIO Asia eNewsletters.