The right partner will maximize the benefits while avoiding the pitfalls of outsourcing cybersecurity.
Demand for IT professionals is strong and growing, broadening the “skills gap” that has persisted in the industry for years. In a recent IDC survey, almost two-thirds of North American IT leaders said their teams lack the skills to meet business objectives. The research firm expects the IT talent shortage to affect more than 90 percent of organizations by 2026.
But demand for cybersecurity professionals far outpaces other IT specialties. According to the World Economic Forum, there is a global shortage of almost 4 million cybersecurity professionals, and demand for qualified experts continues to increase every year. Simply put, there are more cybersecurity jobs than there are qualified individuals to fill them. Organizations are worried about the risk of data breaches and cyberattacks and are looking for professionals with expertise in that area.
The skills gap has spurred demand for managed security services, which enable organizations to outsource many cybersecurity functions. Managed security service providers (MSSPs) employ security professionals and use state-of-the-art tools to help protect their clients from cyberattacks. However, the capabilities of MSSPs vary widely. Organizations need to do their homework before hiring someone to take over their cybersecurity.
Filling the Gaps
Traditionally, MSPs monitor and manage PCs, servers and networks and handle user support calls. Now, however, many managed services providers (MSPs) promote their cybersecurity services. While those services may include a cybersecurity element, they don’t provide complete coverage.
Part of system maintenance is applying software patches and ensuring that antivirus signatures are up to date. A lot of MSPs also handle firewall maintenance, which is important for cybersecurity. However, a comprehensive managed security program should include much more than that.
At a minimum, the MSSP’s menu of services should incorporate intrusion prevention, content filtering, data loss prevention, multifactor authentication and encryption. User accounts should be reviewed regularly and vulnerability assessments conducted at least annually. Service providers that don’t offer a full suite of cybersecurity functions may not be able to fully protect the business.
It’s not just a matter of installing security tools. Few MSPs have staff with the technical know-how to conduct regular reviews of the IT environment, user accounts, policies and procedures to identify risks. It goes back to the skills gap — cybersecurity talent is hard to find.
People, Processes and Technology
MSPs that lack in-house expertise can either hire cybersecurity specialists or invest in training for their existing team. Smart MSPs do both. They have top cybersecurity experts on staff who have a wealth of knowledge and the ability to mentor others. These experts can also help develop repeatable processes based on security best practices, enabling the MSP to effectively manage our clients’ security systems and respond to emerging threats.
It takes time to do it right. That’s why it’s important to ask an MSP about the people, processes and technology they have in place for managed security services.
The MSSP must also select key security tools and the development of customizable methodologies.
One of the greatest security threats is human error — a misconfigured device or unpatched vulnerability can spell disaster. The MSSP should have proven methodologies that greatly reduce the chance of mistakes yet are flexible enough to accommodate differences in IT environments and business needs. They also increase efficiency, which is important when responding to security threats.
Strategic Approach
Qualified MSSPs also recognize the importance of developing a cybersecurity strategy that underpins all aspects of the business. Policy development and maintenance, disaster recovery planning, and regulatory compliance reporting are key components of the program.
Cybersecurity does not begin and end with IT. Employee training is a huge aspect of it, as well as the development of policies and procedures that help to protect systems and data. Many security breaches occur when someone clicks on a malicious link, uses a weak password or copies sensitive data to unsecured cloud storage. Organizations need to have policies in place that address those kinds of behaviors.
The cybersecurity skills gap shows no signs of abating, and it’s putting organizations at risk. According to a recent Fortinet study, 87 percent of organizations suffered a security breach within the past year that they can attribute in part to a lack of security skills. The right managed security services provider can close this gap and ensure protection for vital systems and data.
