Security as a Service – MSSP
Since an incredible amount of companies makes good use of cloud services, we quickly need to rethink our existing security infrastructure.
By using cloud applications and remote access we “open up” our network to the whole wide internet world while older security tools often do not sufficiently account for the new online setup.
Modernizing the own IT Sec tool- and hardware-landscape seems to be the way to solve this, otherwise an organization could decide for a MSSP: A managed security service provider who manages your IT security from the outside.
Why “outsource” IT security?
Actually there are some good reasons for this (of course there also might be some against it but it should at least be considered). The difficulty to find and pay qualified IT Sec experts instead of having an experienced, external expert team who is always aware of the latest threats and trends would be one argument. Depending on the individual setup it´s also worth checking the cost effectiveness: MSSP´s could provide similar services running on the same security assets for different customers at one time, therefore achieving economies of scale.
Apart from the general decision we should ask ourselves which parts of IT Sec should remain within the company? What about IAM?