What to Look for in Security-as-a-Service


"The target is always data" is a phrase that should probably be one of today's enterprise mantras. A year of high profile cyber attacks has shown that enterprise organizations, not consumers, are now prime targets for data breaches. The breaching of vital user and customer information from the likes of T-mobile, Experian, Anthem, Inc. and Ashley Madison was among those high-profile stories. The effects were devastating; from ruined lives to massive financial loses. Hackers of extramarital affair site Ashley Madison exposed information of its 37 million users. This led to at least one suicide and to a $587M class-action lawsuit against the company behind the site. Kapersky Lab uncovered a phishing scam that victimized a number of financial firms. The scam directly led to the digital theft of around $1 billion dollars from banks around the world. A breach of patient data held by American health insurance company, Anthem, led to the exposure of 80 million records, including non-customers --- records that can be used for identity theft and fraud and lead to customer lawsuits.

With cyber threats to enterprise increasing in frequency and continuing to evolve, companies are finding alternatives to maintaining hardware and an in-house team of network administrators and security officials. Some are turning to third party experts called Managed Security Service Providers (MSSP) to protect information critical to its business. What are the advantages?

  • Expertise. A security-as-a-service provider provides specialist security knowledge on data theft and the deployment, management and monitoring of enterprise applications. They understand the different trends and targets in the threat landscape. They help relax the pressure from threats of data theft, thereby allowing the client to focus on principal values like innovation or customer experience. This means round-the-clock monitoring with improved security from email- and web-based threats, as well as network security services, firewall management and vulnerability scanning.
  • Faster Value. A security-as-a-service provider can achieve cyber security goals faster or at an accelerated return on security and technical investments.
  • Budget. Managed security services allow companies to avail of state-of-the-art security expertise while reducing overhead and capital budgets.
  • Flexible Deployment and Tailored Protection. Managed services providers provide flexible solutions that respect the terms of a customer's security requirements. For instance, all data can remain with the customer through on-site hosting of managed security services.

Aside from those advantages, what should a customer look for among the increasing number of MSSPs?

  • A managed services provider should be able to detect unknown threats and resolve them quickly. It should be able to identify vulnerabilities of an organization's IT infrastructure and make sure that the organization is in compliance with regulations. Compliance violations can also be costly.
  • It should inform a customer of important issues regularly.
  • It should be experienced, having resolved thousands of threats and employing the best practices. It should have a stable team.
  • It should be able to assess a company's overall information architecture: existing policies, devices and infrastructure.
  • It should have a policy that prioritizes risks, describing how to manage each one.
  • It should have a security information management platform that is flexible, scalable and efficient.

The alarming rise of cyber attacks and the apparent lack of security expertise even in top companies have led to the rise of managed services companies as a corporate security strategy. Competition to provide the best security services has followed suit. 2016 may be the best time for both corporations and managed service companies to capitalize on security services.