One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 868849 |
| Date de publication | 2018-10-29 13:00:00 (vue: 2018-10-29 15:02:33) |
| Titre | Spicing up the MSSP World |
| Texte |
We love conducting surveys at conferences. Not only do we gain insights from some of the smartest people in attendance, but we get a few extra minutes to mingle and get to know them better.
So, while we were at SpiceWorld in Austin this year, we sought to capture thoughts on outsourcing security. Of the attendees, 380 participated in our survey to bring us the following insights.
How Much is Outsourced?
The first question was to establish a baseline as to how current security operations programs are currently sourced.
A majority, at 60 percent, run security operations completely in-house. On the other side of the spectrum, a shade under 5 percent of participants’ companies completely outsource security operations.
The remaining participants outsource some aspects of their security operations with most keeping the majority of functions in-house.
Attitudes Towards Outsourcing
The question that then arises is how participants felt about outsourcing security operations as a whole.
Just over a quarter, 26 percent, believed that security should never be outsourced.
However, 41 percent believed that security operations should be outsourced as much as possible, as long as the service provider is good. Perhaps the key point here is the caveat being the quality of the service provider. Companies looking to outsource any aspect of its security operations should vet potential providers and assured that the provider is fulfilling its part of the deal.
Gaining that assurance can take many forms. At a simple level it could be unplugging a server and waiting to see how long it takes for the provider to notice. Alternatively, at the risk of sounding like Jeremiah Grossman, the right incentives are needed here. Be that in the form of the vendor providing some warranty, or even insurance.
Another aspect which we did not go into were some of the drivers that lead to companies outsourcing.
The skills gap is an important discussion point. Many companies don’t have the right staff, or the right number of staff internally to fulfill the increasing needs. According to the 2018 (ISC)2 Cybersecurity Workforce Study, there is a shortage of nearly 3 million cybersecurity professionals.
Another factor could be that many security operations tools, technologies, and processes have become increasingly standardised over the years. This standardisation allows companies to outsource certain aspects of security operations in a relatively commoditised manner.
Budgets
In an attempt to get an indication as to the direction the market is heading, we sought to understand budgets and future spending trends.
The majority of participants believe that the return on investment is justified when outsourcing security. This should not be surprising for most security operations tasks that have good economies of scale.
Furthermore, both in-house and outsourced security operations budgets are largely looking to increase. For in house-security operations, 33 percent reported a p |
| Envoyé | Oui |
| Condensat | 2018 380 about acceptance according adoption ago allows alternatively another any appears are arises aspect aspects assurance assured attempt attendance attendees attitudes audience austin baseline become being believe believed better both bring budget budgets but can capture caveat certain combination coming commoditised companies compared completely conclusion conclusions conducting conferences confidence could current currently cybersecurity deal definitive did difficult direction discussion does don’t draw drivers economies establish even exploring extra factor factors felt first following form forms from fulfill fulfilling functions furthermore future gain gaining gap get good greater grossman handle hard have heading here house how however important incentives including increase increased increasing increasingly indication indicators insights insurance internally investment isc its jeremiah just justified keeping key know largely lead level like limited long looking looks love majority managed manner many market million mingle minutes monetary more most mssp much nearly needed needs never not notice number offered only operations other outsource outsourced outsourcing over part participants participants’ participated partners people percent perhaps planned point possible potential processes professionals programs provide provider providers providing quality quarter question relatively remaining reported return right risk run scale security see server service services set shade short shortage should side simple skills smartest some sought sounding sourced spectrum spend spending spiceworld spicing staff standardisation standardised study surprising survey surveys take takes tasks technologies them then thoughts tools towards trend trends under understand unplugging value vendor vet waiting warranty when which whole workforce world worth year years |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.