Introduction
Remember the carefree days of summer? The memories aren't so positive for many corporations hit by cyber attacks during the summer of 2001. Three especially menacing threats-CodeRed, CodeRed II, and Nimda-cost U.S. corporations more than 12.3 billion dollars. After the fall-out, one company reported it had over 60 software engineers working for a week to recover from Nimda, and it still had work to do.
For many organizations, these recent network security breeches, as well as cyber terrorism discussions in the wake of the September terrorist attacks, have served as a wake-up call regarding the need for information security. Without effective security, companies risk losing money and customer trust. With good security, companies have the power to maintain stakeholder value, customer loyalty, and competitive advantage.
The Internet and the big "E's": e-business, e-commerce, and e-retailing, contribute to today's necessity for a protected company network. Big-even small-holes can lead to formidable problems. Consequently, a bullet-proof security program is critical to an enterprise's survival. Whether this effective security management comes from an in-house or outsourced program is a decision that must be made within a corporation using only its best data.
As the first of a three-part series on managed security services, the following describes why many organizations are choosing to outsource management and monitoring of security systems.
This is Part 1 of a 3-part article.
Part 1 notes the benefits of outsourcing security.
Part 2 will evaluate the cost of such an outsourcing.
Part 3 will provide guidelines for selecting a security services provider
Open for Business
E-commerce and e-business initiatives inspire companies to move toward an open, distributed network-computing environment. These environments are designed to enable employees, customers, partners, suppliers, and distributors to exchange and access information critical to conducting business. Unfortunately, these same networked environments create vulnerabilities that allow disgruntled workers, hackers, and other types of attackers-both internal and external-to wreak havoc on corporate systems through malicious acts of fraud and vandalism.
With customers and business partners dependent on accessing critical product and service data via open networks such as the Internet, companies must ensure the integrity of this information or risk jeopardizing their reputation and brand equity. The need to protect the bottom line, as well as corporate image and customer trust, drives the demand to effectively manage information security.
Other situations challenge today's networked businesses:
* Rise in deliberate criminal behavior directed at corporations
Following the September 11 terrorist attacks, government attention has increased focus on legislation calling for stricter punishments for hackers. Even with this focus, recent studies find the rate of cyber attacks to be on the rise. Research also reveals that some industries are more often victimized than others. Specifically, the high-tech, financial services, media, and energy sectors experience the most frequent attacks.
* Growing mobile workforce
An increasingly mobile workforce, telecommuting, and remote computing create special security problems for companies. Enterprises are driven not only by the desire to protect their information and physical assets, but also by the need to ensure worker productivity. There is an increasing acceptance of worker mobility and remote computing, but traditional corporate LANs and WANs are insufficient to support this growing off-site work force. As remote access to corporate networks increases, so does the need to protect transmission of information to these remote points.
Surrounded by Obstacles
While security has never been so critical to the profitability of an enterprise, businesses face a number of barriers to achieving and maintaining in-house security programs.
* Shortage of qualified security professionals
IT personnel are short in supply. According to The Meta Group, businesses face a deficit of over 1 million IT professionals in the matter of a few years. Experienced information security professionals are even harder to find, expensive to hire, and difficult to retain due to extremely strong market demand. This contributes to a high attrition rate among security workers that can reduce a company's ability to effectively safeguard its valuable information assets.
* Insufficient resources and infrastructure to support 24x7 security
To provide around-the-clock security coverage, requirements are many: manpower and supporting hardware, as well as software and equipment to build, upgrade, maintain, operate, and control the systems. Companies often find these security necessities don't fit with limited corporate resources sanctioned to support the organization's primary business requirements.
* Rising complexity of security technology
Security for today's networks and information systems is more complex than a few years ago. The methods and technologies used by hackers grows more sophisticated each month. Particularly threatening are the devastating payloads of blended threats. After being planted, blended threats simultaneously search out a variety of vulnerabilities. Unlike a hacker who targets a specific application or entity, blended threats currently carry as many as four different ways of propagating themselves. Experts warn future blended threats may contain as many as 15 or 20 propagation methods.
* Lack of time to dedicate to security issues
Keeping pace with the latest protection strategies demands extensive time and training. For in-house professionals, tracking new cyber threats, vulnerabilities, hacker techniques, and security developments removes them from other mission-critical activities that provide higher return on investment.
Numerous organizations currently managing security in-house are looking for alternatives to overcome these obstacles. They want a way to maintain a strong security posture while focusing on core, revenue-generating e-business functions.
Outside the Box
For a growing number of organizations-large to small-outsourcing security tasks offers improved information protection by a seasoned team of experts in a cost-effective manner. According to a June 2000 survey by Hurwitz Group, as many as a quarter of companies with more than $10 billion in annual sales are using or considering handing over some of their security, such as firewalls, anti-virus software, virtual private networks, or intrusion detection, to a managed security service provider.
Analyst firm Gartner Dataquest states managed security services, defined as outsourced management and monitoring of security systems, is the fastest growing segment of the information security services market. "Managed Security Services Providers (MSSPs) use high-availability security operation centers (either from their own facilities or from data center providers) to support 24X7 services designed to reduce the number of operational security personnel an enterprise must hire, train, and retain to maintain an acceptable security posture."
For organizations facing the challenges of orchestrating in-house security, outsourced security represents a more effective alternative. Among other benefits, managed security offers the following:
* Maintenance of positive company reputation
By protecting critical assets from damage, theft and misuse, managed security services help organizations avoid negative publicity and reduce network downtime that can lead to diminished revenues and customer dissatisfaction.
* Freedom to focus on company growth
At the strategic level, managed security services can free organizations to focus their IT resources on strategic initiatives more central to core business priorities.
* Improved information protection
With the growing complexity and importance of today's networks and information systems, managed security services offer the concentration and components needed to provide a complete, impenetrable security management program.
The following table details comparisons between in-house and outsourced security.
SOURCE:
http://www.technologyevaluation.com/research/articles/outsourcing-security-part-1-noting-the-benefits-16627/
Remember the carefree days of summer? The memories aren't so positive for many corporations hit by cyber attacks during the summer of 2001. Three especially menacing threats-CodeRed, CodeRed II, and Nimda-cost U.S. corporations more than 12.3 billion dollars. After the fall-out, one company reported it had over 60 software engineers working for a week to recover from Nimda, and it still had work to do.
For many organizations, these recent network security breeches, as well as cyber terrorism discussions in the wake of the September terrorist attacks, have served as a wake-up call regarding the need for information security. Without effective security, companies risk losing money and customer trust. With good security, companies have the power to maintain stakeholder value, customer loyalty, and competitive advantage.
The Internet and the big "E's": e-business, e-commerce, and e-retailing, contribute to today's necessity for a protected company network. Big-even small-holes can lead to formidable problems. Consequently, a bullet-proof security program is critical to an enterprise's survival. Whether this effective security management comes from an in-house or outsourced program is a decision that must be made within a corporation using only its best data.
As the first of a three-part series on managed security services, the following describes why many organizations are choosing to outsource management and monitoring of security systems.
This is Part 1 of a 3-part article.
Part 1 notes the benefits of outsourcing security.
Part 2 will evaluate the cost of such an outsourcing.
Part 3 will provide guidelines for selecting a security services provider
Open for Business
E-commerce and e-business initiatives inspire companies to move toward an open, distributed network-computing environment. These environments are designed to enable employees, customers, partners, suppliers, and distributors to exchange and access information critical to conducting business. Unfortunately, these same networked environments create vulnerabilities that allow disgruntled workers, hackers, and other types of attackers-both internal and external-to wreak havoc on corporate systems through malicious acts of fraud and vandalism.
With customers and business partners dependent on accessing critical product and service data via open networks such as the Internet, companies must ensure the integrity of this information or risk jeopardizing their reputation and brand equity. The need to protect the bottom line, as well as corporate image and customer trust, drives the demand to effectively manage information security.
Other situations challenge today's networked businesses:
* Rise in deliberate criminal behavior directed at corporations
Following the September 11 terrorist attacks, government attention has increased focus on legislation calling for stricter punishments for hackers. Even with this focus, recent studies find the rate of cyber attacks to be on the rise. Research also reveals that some industries are more often victimized than others. Specifically, the high-tech, financial services, media, and energy sectors experience the most frequent attacks.
* Growing mobile workforce
An increasingly mobile workforce, telecommuting, and remote computing create special security problems for companies. Enterprises are driven not only by the desire to protect their information and physical assets, but also by the need to ensure worker productivity. There is an increasing acceptance of worker mobility and remote computing, but traditional corporate LANs and WANs are insufficient to support this growing off-site work force. As remote access to corporate networks increases, so does the need to protect transmission of information to these remote points.
Surrounded by Obstacles
While security has never been so critical to the profitability of an enterprise, businesses face a number of barriers to achieving and maintaining in-house security programs.
* Shortage of qualified security professionals
IT personnel are short in supply. According to The Meta Group, businesses face a deficit of over 1 million IT professionals in the matter of a few years. Experienced information security professionals are even harder to find, expensive to hire, and difficult to retain due to extremely strong market demand. This contributes to a high attrition rate among security workers that can reduce a company's ability to effectively safeguard its valuable information assets.
* Insufficient resources and infrastructure to support 24x7 security
To provide around-the-clock security coverage, requirements are many: manpower and supporting hardware, as well as software and equipment to build, upgrade, maintain, operate, and control the systems. Companies often find these security necessities don't fit with limited corporate resources sanctioned to support the organization's primary business requirements.
* Rising complexity of security technology
Security for today's networks and information systems is more complex than a few years ago. The methods and technologies used by hackers grows more sophisticated each month. Particularly threatening are the devastating payloads of blended threats. After being planted, blended threats simultaneously search out a variety of vulnerabilities. Unlike a hacker who targets a specific application or entity, blended threats currently carry as many as four different ways of propagating themselves. Experts warn future blended threats may contain as many as 15 or 20 propagation methods.
* Lack of time to dedicate to security issues
Keeping pace with the latest protection strategies demands extensive time and training. For in-house professionals, tracking new cyber threats, vulnerabilities, hacker techniques, and security developments removes them from other mission-critical activities that provide higher return on investment.
Numerous organizations currently managing security in-house are looking for alternatives to overcome these obstacles. They want a way to maintain a strong security posture while focusing on core, revenue-generating e-business functions.
Outside the Box
For a growing number of organizations-large to small-outsourcing security tasks offers improved information protection by a seasoned team of experts in a cost-effective manner. According to a June 2000 survey by Hurwitz Group, as many as a quarter of companies with more than $10 billion in annual sales are using or considering handing over some of their security, such as firewalls, anti-virus software, virtual private networks, or intrusion detection, to a managed security service provider.
Analyst firm Gartner Dataquest states managed security services, defined as outsourced management and monitoring of security systems, is the fastest growing segment of the information security services market. "Managed Security Services Providers (MSSPs) use high-availability security operation centers (either from their own facilities or from data center providers) to support 24X7 services designed to reduce the number of operational security personnel an enterprise must hire, train, and retain to maintain an acceptable security posture."
For organizations facing the challenges of orchestrating in-house security, outsourced security represents a more effective alternative. Among other benefits, managed security offers the following:
* Maintenance of positive company reputation
By protecting critical assets from damage, theft and misuse, managed security services help organizations avoid negative publicity and reduce network downtime that can lead to diminished revenues and customer dissatisfaction.
* Freedom to focus on company growth
At the strategic level, managed security services can free organizations to focus their IT resources on strategic initiatives more central to core business priorities.
* Improved information protection
With the growing complexity and importance of today's networks and information systems, managed security services offer the concentration and components needed to provide a complete, impenetrable security management program.
The following table details comparisons between in-house and outsourced security.
SOURCE:
http://www.technologyevaluation.com/research/articles/outsourcing-security-part-1-noting-the-benefits-16627/
No comments:
Post a Comment