New security ASP: The MSP
Welcome to a new version of the pure "apps-on-tap" ASP model particularly suited for security services -- managed services providers (MSPs). These vendors provide services from another direction. By installing and maintaining an integrated portfolio of security software and hardware that's pre-selected and integrated, MSPs help firms avoid difficult point installation and security system integration. Add to this the MSP's charter to maintain and update this integrated protection matrix and the MSP model makes a lot of sense. Since funds are more available for these services, a whole new security market is budding.
A few caveats are in order when considering an MSP for security services in what is now a brand new security marketplace. Since online and internal e-security is now such a critical component to organisations' survival, these perspectives are a must.
- Check for brand name; it's important for security software components, hardware appliances, and MSP vendors.
- Check MSPs' backgrounds in terms of longevity, security industry reputation, and track record. This is imperative if relationships are to last into the long term.
- Be sure to introduce security services incrementally. That's far better than an "all or nothing" acquisition process.
- Be sure to fully clarify contractual requirements and responsibilities prior to signing onto a service. These "R&R's" must be reviewed by both senior IT security management and senior corporate executives. In-house IT security personnel must understand the how and when of an MSP relationship in order to effectively oversee corporate security.
MSP outsourcing features
Although an evolving model, MSP security services currently comprise 1) gathering information about, auditing, and performing vulnerability analysis on the security infrastructures currently operational within an organization, 2) making recommendations or installations to enhance or upgrade current capabilities and to close vulnerabilities, and 3) installing monitoring software that returns vital data (e.g., log files) to MSP security operations centers. Rather than outsourcing applications, MSPs enable outsourced security monitoring, management, and expertise for applications executing within networks.
Unfortunately, MSP outsourcing capabilities are just developing and amount to component-based offerings at this stage. While early entrants are beginning to claim end-to-end security outsourcing, that wide service range refers primarily to the small- to medium-sized corporate market.
