The importance of Managed Security in the post Covid-19 world
VCG CIO Andy Peters-Smith explains the key role of the MSSP.
The post Covid-19 world is, I am sure we would all agree, going to be massively different than what we have been used to previously. Staff will be more distributed, working from home will be the norm and not an occasional request, office time will be more staggered with video being a key enabler, meaning restrictions and control much harder to manage.
What will surely happen and is already happening, is the start of a race by enterprises of all sizes and across all sectors (from consumer banking, to government departments and even the judiciary) to move away from a distributed IT model and towards the ‘Cloud’.
This will be the new operating model for business in the future. Let’s face it, this has been the direction of travel for most organisations for some years but the Covid situation has accelerated this process. The adoption of new IT has been driven by necessity and the immediate business needs, not through the normal business refresh cycle, accelerating the process by five years in some cases.
This new operating model will transform business for good. Who needs offices and the burdens that go with them, who needs to see their employees every day when you can measure their performance easily enough? And look how we now control meeting times over these new channels!
But of course, it is easy if you are a start-up, or a ‘Cloud first’ enterprise or not waylaid by older technologies. But if you are an older enterprise, you will have a multitude of technologies that you have adopted over the years. In which case that means there will still be a physical presence somewhere that has to be maintained.
But even if you are a start-up or a ‘cloud first’ enterprise you may still have data centre/s as part of your cloud and even multiple cloud platforms (Azure, AWS, Google, Rackspace, IBM, etc.).
And regardless of either model above, there will still be the pressure to protect employees working outside or in the office, protect the enterprises IPR and Data, comply with legal regulations and compliance standards.
All of which means the post-Covid-19 enterprise will need to be able to monitor multiple different platforms across multiple different technologies to understand the status of its security estate and be able to categorically know it is safe and secure.
Albeit that enterprises will be moving to these cloud services the issues that we used to see across the enterprise estate has not changed. Previously we sought to provide Security Incident and Event Monitoring (SIEM) to bring sense to the security estate and then as an MSSP a Security Operations Centre (SOC) based service was offered on top of the SIEM. The SOC service brought clarity, priority, and stability to the SIEM making it an effective enterprise tool.
Amazon and Microsoft have made astounding leaps forward in their ability to manage security within their environments, to alert and describe events along with supporting remediation advice. Cisco with Security X have at last provided a security management tool that offers a rich seam of data on incidents and events on their technology. Endpoint security companies have likewise increased the information feed they can offer.
Now and going forward enterprises will need Managed Security Services Providers (MSSP) as partners to be able to take alerts and logs from all of the above sources (and more) and make their SIEM or management platform show clearly the enterprises status in real time. And potentially to compliance or regulatory standards whether in or out of the office!
And that can be done today. But not all MSSP’s services are equal which means that one person’s SOC service is another’s Monitoring and logging service.
To be clear, the service that the customers will want from an MSSP in this new climate will need to be able to interpret, prioritise, inform, advise and potentially remediate anything that it sees on any platform that it is monitoring. Along with providing a 24x7x365 service on a SIEM or management platform capable of supporting the customers complete operation.
For IT teams and security operations teams the pressure of BAU means that very often the commencement of events that should be investigated is missed, passed over as it takes too much time to investigate. Any platform monitoring an enterprise needs to be able to illustrate immediately and exactly what is occurring in the security estate.
Despite what the board thinks, the IT guys don’t need another screen to watch, they want one screen that provides all the information all of the time.
On top of that they want:
- Clear visual representation if issues and problems
- Access to expertise NOW! Not as an add-on after talking to a sales person
- Strong, available and business led reporting
- Provide appropriate advice and recommendations
- Regular feedback meetings
- An easy deployable platform that can be as flexible as your business; regardless of where devices are whether they are virtual or physical, whether they are in Europe, Asia or the Americas and regardless of brand.
Get in touch to talk to us about our full security offering, including our Monitoring and Alerting services. Discover how we can make your network scalable, flexible and fully managed with 24/7 service and technical support.