Making the move – why Irish businesses are turning to managed information security services in the battle to protect their companies and customers from the upward spiral of security incidents.
Like many things in the world today the arena of information security is becoming more complex on a daily basis. While it’s natural (and partially true) to think the complexity is being driven by the increasing volume and sophistication of external threats this is really only half the picture. Any IT executive who is responsible for information security knows only too well that the changing nature of the business environment itself brings to the table a new raft of complexities that impact information security. From adoption of cloud and managed services to increased compliance obligations your own devices and rapidly evolving malware attacks there is little doubt that information security issues are on the rise
With this comes increasing demands on IT departments to protect their operations in an environment that is in constant flux.
As a result executives are starting to re-evaluate their information security strategies and look for new ways forward. One trend that has emerged is that of “security as a service”.
Pat Larkin and Paul Hogan are co-founders of Ward Solutions, a company that specialises in the area of information security. Here are some information security trends that they see emerging in the Irish market place.
Information Security Officer (ISOaaS) as a Service
Increased information security complexity – internal and external – means an increased need for expertise. The range of expertise and skills that the information security role requires can no longer exist in any single resource. The question is do you need that expertise on a 24×7 basis? Answer is, sometimes yes and sometimes no. In most businesses there are certain times when the company needs at its fingertips access to the best and brightest brains in the area of information security. This might be when the business is designing, developing and launching a new application or service, reassessing its information security strategy, updating its policy libraries or dealing with an actual information security incident. The need for deep and extensive expertise at intermittent intervals is creating a real demand for “security as a service” type offerings. For one, security as a service makes better economic sense than hiring an extensive in-house team full time, but more importantly it enables the business to access specialised resources that are at the cutting edge of information security trends and innovations.
“What we see in the market is a real demand from clients who want to be able to tap into a comprehensive range of information security skills when and where they need them. They want to have a trusted partner that they can call upon, one that knows their business and can be part of their team for as long as is required. This demand has led us to create our Information Security Officer as a service offering for clients. On an ongoing basis we supply clients with access to the best in the business with predictable service levels and costs so as they don’t have to build and maintain full time in-house expertise” explains Pat Larkin
Managed Security Service
From Start to Finish
There is little doubt about the fact that IT is a critical service provider within most businesses today. There is growing recognition that the field of information security is a very specific part of the overall IT operation, one that is highly important and that requires deep and constantly evolving levels of expertise.
With this recognition comes a realisation that for some organisations where critical information asset are involved the best strategy forward is to outsource the end-to-end information security management of the assets to an expert in the field.
What does this mean? Put simply it means contracting the ongoing services of an information security expert to manage all aspects of a critical information asset within your business. Someone who can securely build the application, deploy and operate it on an ongoing basis. A partner who is responsible not only for the security of the application but also for the security and integrity of the business logic and process workflows that surround the application – in short the end-to-end secure management of an application or service that is critical to the business in terms of confidentiality of data, integrity of process and availability of service.
“With the growing internal and external complexities around information security fewer and fewer companies are willing to take risks when it comes to critical information assets within their business. With this comes a realisation that information security is simply not a core competency that they have. What they want is to partner with someone who is 100% focused on this area so that they can rest assured they have done the utmost to protect their business and their customers” explains Pat.
Selective Services
For some companies the growing trend is to turn towards managed services for certain selected information security services. Whether the internal driver is compliance or critically important assets the approach remains the same. Rather than bring the skill set in-house, the company chooses to outsource to a managed service provider.
One trend emerging is the outsourcing of log management and security information event management (SIEM) driven off compliance obligations such as PCI. The sheer volume of work involved in monitoring, reviewing and taking action to address identified anomalies makes handling SIEM internally a nightmare for many IT departments.
“For some businesses certain regulatory requirements not only require a specialist skill set but are also highly labour intensive and time consuming, More and more we see businesses looking externally for managed services to support their regulatory obligations on an ongoing basis. It makes sense to outsource what is not core to your business” comments Pat Larkin.
Managed information security services is a growing trend in both the local and global markets with more and more businesses turning to third party suppliers to procure specialist services that are simply difficult and costly to build in-house.
Ward Solutions has been in the business of information security for over 15 years. The company has a team of over 60 security professionals working with over 250 clients in Ireland. It is the trusted information security partner for companies such as CIE, Laya Healthcare, Vodafone, National College of Ireland, Bord Gáis, Fleetmatics and the Department of Jobs, Enterprise and Innovation.
For more information visit www.ward.ie or contact Pat Larkin on (01) 642 0100
-
Insights