Managed security services help SMBs take aim at security threats

Outsourcing basic security services makes good sense for many smaller organizations

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Pro­tect­ing sen­si­tive data and sys­tems is a tough job for large com­pa­nies, even for those firms with a ded­i­cat­ed infor­ma­tion-secu­ri­ty man­ag­er or team of skilled professionals.

For the numer­ous small­er firms and less-afflu­ent larg­er com­pa­nies, it’s a Sisyphean effort, made worse by the cur­rent scarci­ty of skilled secu­ri­ty work­ers. Trained IT secu­ri­ty work­ers are in high demand, with a short­fall of 1.5 mil­lion work­ers expect­ed by 2020, accord­ing to mar­ket research com­pa­ny Frost & Sul­li­van. Com­pa­nies are find­ing it hard to staff their secu­ri­ty teams and pro­tect their assets, says Dan Bon­net, direc­tor of small and medi­um busi­ness for Dell Secure­Works in North America.

Most com­pa­nies don’t han­dle secu­ri­ty well,” he says. “This prob­lem has got­ten so bad, so quick­ly, that every­one is play­ing catch-up.”

Big job for small companies

Rob Eggebrecht, InteliSecure CEO and co-founder
Rob Egge­brecht, InteliSe­cure CEO and co-founder

These small­er, for­got­ten busi­ness­es are increas­ing­ly turn­ing to man­aged secu­ri­ty ser­vices to help them cre­ate, deploy and man­age their infor­ma­tion secu­ri­ty pro­grams. They need the help, says Rob Egge­brecht, CEO and co-founder of InteliSe­cure, a provider of secu­ri­ty ser­vices. A major prob­lem is that the typ­i­cal infor­ma­tion-tech­nol­o­gy man­ag­er thinks in terms of sys­tems and the net­work, not about the busi­ness val­ue they are pro­tect­ing, he says.

They are stretch­ing out their resources to try to pro­tect every­thing with equal focus,” he says. “Imag­ine putting sol­diers all around the Unit­ed States, rather than at key points.”

The prob­lems asso­ci­at­ed with cre­at­ing and main­tain­ing a sol­id secu­ri­ty pro­gram have result­ed in a dis­turb­ing trend: The sever­i­ty and impact of secu­ri­ty breach­es appears to get worse. While the Christ­mas shop­ping sea­son hack of Target’s pay­ment net­work cost the retail giant more than $162 mil­lion, a num­ber of pos­si­bly more dam­ag­ing breach­es have hap­pened this year. Ear­li­er this sum­mer, the U.S. Office of Per­son­nel Man­age­ment acknowl­edged two com­pro­mis­es, includ­ing one that result­ed in more than 21 mil­lion back­ground-inves­ti­ga­tion records end­ing up in the hands of attack­ers. In July, Ash­ley­Madi­son, a site that allows cheat­ing spous­es to con­nect with one anoth­er, acknowl­edged that infor­ma­tion on its 37 mil­lion mem­bers had been stolen by attack­ers.

Secu­ri­ty & Pri­va­cy Week­ly News Roundup: Stay informed of key pat­terns and trends

Any busi­ness first needs to deter­mine what data and sys­tems are crit­i­cal and need pro­tec­tion. Next, the com­pa­ny needs to focus exist­ing secu­ri­ty tech­nol­o­gy on mon­i­tor­ing those impor­tant assets and man­ag­ing the exist­ing infra­struc­ture. Final­ly, com­pa­nies should focus on inci­dent-response exer­cis­es and pre­ven­ta­tive train­ing, such as phish­ing-aware­ness exer­cis­es, says Dell Secure­works’ Bonnet.

SMBs real­ly need to do inci­dent-response exer­cis­es, because most have nev­er done that sort of secu­ri­ty train­ing before,” he said.

The demand for secu­ri­ty ser­vices has been a boon for com­pa­nies like Dell Secure­works, InteliSe­cure, Solu­tion­ary and Trust­wave. InteliSe­cure, for exam­ple, start­ed out focus­ing on deploy­ing and man­ag­ing data-loss pre­ven­tion devices from a few major providers. They have expand­ed into oth­er ser­vices. The com­plex­i­ty of secu­ri­ty tech­nol­o­gy and the need to con­stant­ly mon­i­tor for threats has made man­aged secu­ri­ty ser­vices an attrac­tive option, Egge­brecht says.

Help is lacking

The rea­son that our com­pa­ny is grow­ing at a 40 to 50 per­cent clip is that in the man­aged secu­ri­ty busi­ness space there aren’t enough qual­i­fied peo­ple out there … and many of those who are out there don’t have a clear under­stand­ing of what they need to pro­tect, in terms of the busi­ness,” he says.

The con­stant parade of breach­es has made infor­ma­tion-tech­nol­o­gy man­agers with secu­ri­ty skills a hot com­mod­i­ty. But com­pa­nies also have to con­tend with secu­ri­ty firms scoop­ing up many of the poten­tial employ­ees. InteliSe­cure, for exam­ple, has grown to 80 peo­ple in its secu­ri­ty oper­a­tions cen­ter in Den­ver. Next, it plans to expand to Cos­ta Rica to extend its glob­al reach, but also because qual­i­fied peo­ple are increas­ing­ly hard­er to attract in the Unit­ed States.

We’ve tapped out Den­ver,” Egge­brecht said.

Man­aged secu­ri­ty ser­vices can range from sim­ply train­ing to pre­vent employ­ees from click­ing on links in phish­ing e-mails, which can cost less than $1,000, to more com­plete offer­ings that man­age fire­walls and oth­er secu­ri­ty equip­ment and essen­tial­ly give the busi­ness their own secu­ri­ty oper­a­tions center.

More on emerg­ing threats and best practices:
SMBs should start with sim­ple solu­tions to man­age secu­ri­ty risks
Spikes Secu­ri­ty iso­lates mal­ware, keeps it from hijack­ing Web browsers

Dyre Wolf mal­ware hun­gry for cash in SMB accounts



Posted in Cybersecurity, Data Security, News & Analysis