In the 2017 State of Security Operations Report , the summary of findings can be broken down into 8 topics regarding major trend findings Part 4: Attempts to transfer risk with managed services
When it comes to the proper management of service providers, organizations that are looking to transfer risk by moving to a managed service model often see a decline in the effectiveness of security operations over time. Through outsourcing, they may have less cost and an immediate boost in the maturity of operational and technology processes, but by handing off the solution to a provider that’s not aware of the day-to-day operations of your organization (and the change within), there’s a gradual erosion in the business value from outsourced security solutions that ultimately results in gaps managing risk, security, and compliance objectives.
After a while, organizations tend to end up with security solutions being managed to agreed-upon provider SLAs, but little in terms of useful organizational context. Providers assume day-to-day responsibility to apply up-to-date vendor policies, update firmware, etc., but these activities don’t result in increased levels of maturity without the recurring customer interactions/frequent reviews required to maintain solution value.
And, when you really look at it, outsourcing solution management to a provider is often seen as transferring business risk to the service provider. This, however, is not the case. Service providers ensure that individual organizations remain responsible for managing their own overarching business risk by defining services with strict parameters and taking on limited liability based on service scope. Organizations that need to augment security capability, but are unable to add staff, should consider adopting a hybrid staffing or operational solution strategy for security operations.
Ready to learn more? You can see other findings in the full report . Stay tuned for part 5 of this series.
Additional information: