Authored By: Christina Richmond, IDC Program VP WW Security Services for Oracle
In this series of blogs, we’ve discussed hybrid IT and managed cloud security as well as managed identity. These topics beg the question, “how do I find the right managed security services provider (MSSP) to work with?” The answer is, “it depends” and in this blog we’ll pull the thread on considerations and dependencies to understand how, why and when to work with an MSSP.
Basic considerations for choosing an MSSP range from evaluating the provider’s technical and resource expertise and capabilities, how they fit with your company (industry, size of company) and architecture environment (legacy architecture, cloud or hybrid), whether they can assist your organization with compliance (do they provide assessments, and can they help you remediate), cost and scalability. These are table stakes. But given the complex transformation we’re engaging in today from legacy premises tools to some SaaS, some private cloud and multiple public cloud instances MSSPs are required to do a lot more.
IDC separates legacy and advanced MSSPs into a 1.0 and 2.0 definition. As seen in the graphic below, MSSP 1.0 firms will provide core services such as log monitoring, basic managed and monitored services for devices such as firewalls, intrusion detection services/intrusion prevention services, and unified threat management (and others). They provide vulnerability scanning and basic threat management. MSSP 1.0 firms are moving into delivery of some advanced services like management and monitoring of identity and access management in recent years and some may also offer advanced services such as DDoS, managed security information and event management (SIEM), and managed Security Operations Center (SOC) functions.
MSSPs 2.0 deliver basic and advanced MSS plus professional/complementary services such as breach readiness, incident response, forensics, compliance services, and assessment of architecture and design. And still others provide managed security testing, application security testing, and data privacy assessment. Many are investing in mobile/IoT, cloud, threat intelligence/big data analytics, incident response/forensics, and advanced detection techniques. This last is where organizations building out their hybrid landscape need to focus greater and greater attention. It is imperative to find advanced MSSP support that includes visibility and management/monitoring in identity, mobile/IOT and cloud. This is where IT is moving and the monitoring the perimeter of old no longer suffices. Beyond these capabilities the MSSP of today will also utilize advanced threat detection and analytic techniques like big data analysis, heuristics, machine learning and artificial intelligence. IDC sees a good mix of companies doing their own inhouse advanced threat detection and outsourcing the requirement. Finally, the newest trend of endpoint detection and response (EDR) tools and managed detection and response (MDR) services is a critical defense in depth addition for MSSPs.
In the last blog, I stated that identity and data security are the new perimeter tools in this digital world. The above lists of basic to advanced capabilities are all important to consider, but the ability to detect, monitor, provide visibility into and respond to alerts on your behalf within these two areas is something that should be considered depending on your environment. If your organization is like many large organizations that are in the midst of the digital journey, it is imperative that you consider managed identity and data security services because of the complexity and dynamic nature of the environment.
Consider tuning in for the Twitter Periscope with Christina Richmond, IDC Program VP and Rohit Gupta, Oracle’s GVP of Identity, to share their perspectives on the cyber challenges impacting today’s organizations as they lift and shift workloads to the cloud.
Follow Christina Richmond @Xtina_Richmond
Follow Rohit Gupta @Roh1
Follow Greg Jensen @GregJensen10
Oracle Security @OracleSecurity
If you are attending Oracle OpenWorld in person, join us at on Tuesday, Oct 23, @4:45 pm for the session Secure Your IT Services with Oracle Managed Identity Cloud Services.