Bringing security back to basics
As security grows in complexity and importance, many organisations are partnering with managed security services providers to help them with their journey
With more points of attack for bad actors, the demand for managed security only continues to grow. As the digital space becomes more complex, outsourcing most, if not all, of your services to a managed services partner (MSP) is now required.
The most significant trend is how MSPs evolved to become Managed Security Service Providers (MSSPs). This evolution occurred because of consumer demand across private and public sectors.
Security is a major problem for all organisations as few have the internal resources to tackle the issue properly, says John Casey, head of managed services & IT solutions at Presidio Europe.
“The outsourcing has gone from a service desk with some proactive monitoring and management to having a highly engaged, structured service,” he said. “All organisations are under huge pressure to control costs or to even cut them without diminishing their service. It’s an age-old problem.”
The demands are so big that providing any service or SOC (Security Operations Centre) type setup is a massive investment cost. Doing so isn’t possible for many organisations, because of the cost of setting up and staffing such a solution.
On the bright side, MSSPs have hit an inflexion point that the same challenges exist no matter how big the internal IT department is.
As an MSSP itself, Presidio has kept up with the demands of the new cybersecurity landscape and the key to the success of any outsourcing is the partnership. Casey emphasises that while an MSSP can provide all these services, you can’t outsource blame.
The cultural expectation from an MSP was that if something happened, you could claim it was their fault, but now with EU regulations like DORA (The Digital Operations Resilience Act) coming into play soon, it’s clear that all organisations have responsibility for security and creating a better work environment for all.
“The blame game is over because a breach can happen to anybody,” he said. “For organisations providing these security services, finger pointing can diminish the attraction of working for an MSSP be it in the cloud, backups or elsewhere.”
“When we’re talking to a prospective client, be it in the public or private sector, the culture phase is our number one priority.”
Likewise, Presidio is partnered with various digital organisations such as Cisco, AWS, Dell and more to offer the best possible services. By having that flexibility, they can build the service that best suits the organisation, and if an attack or suspected breach occurs, it has a wealth of expertise to pull from.
“The speed in which you access subject matter experts across the entire solution stack has to be seen to be believed,” he explained. “There’s a real value there.”
Overall, Casey says that there’s been significant progress in awareness of and understanding risk. Security is now a major issue that all businesses must tackle.
No matter what steps they must take to get their security up to scratch, Casey says it should be treated as a journey.
“Rome wasn’t built in a day and if they haven’t started, they must start,” he said. “It all goes back to basics, so do you have a proper immutable backup? Have you a properly tested DR in place?
“To oversimplify it, you’re running a risk register where everything is categorised as red, amber and green. You address the reds, then the ambers and keep everything as green as possible as you progress.”
