Systems Security Analysis: In-House vs. Managed Service

By Marina Gregory, CAO - 22 Feb, 2017
Physical Security Services
Cybersecurity breaches have become a fact of life these days. With the average total cost of a data breach reportedly at about $4 million, it’s no surprise that data security remains top of mind for CIOs and IT pros. As you’re no doubt aware, monitoring corporate AV systems is a critical component of security, and there are two schools of thought on how best to handle protection: An in-house strategy or working with a managed services provider. Let’s explore these options and review the pros and cons of each.

Getting Started

It’s important to begin by researching every component required for running and operating a successful Security Operations Center (SOC), before weighing your options about system security. With an increasing amount of companies storing data through different platforms, the need for systems security is at an all-time high.

While building and maintaining a SOC might appear an easy venture from the outside, it is a massive undertaking. You need trained individuals familiar with your monitoring systems of choice, a business specific strategy, the right technology to protect your data, and the wherewithal to navigate your legal obligations.  Each component is vital to the success of your systems security, including support from your executive team.

If you don’t have a business specific strategy, your SOC team will not be armed with the proper tools to be successful. The strategy must pinpoint your company’s needs while mapping out the most efficient way to handle potential security breaches. A focused business strategy will help executives feel at ease about funding a SOC.

Creating a SOC for your company is a lot of work, but it offers advantages that managed service providers can’t. For instance, putting together your own team to manage your systems security means your company has handpicked the people deemed qualified to handle sensitive data.

Also, designing an SOC in-house allows for a custom layout and environment. It may be hard to get executives on board with funding an in-house SOC, but the risk can be worth the reward.

However, if building a personalized SOC is not possible for your organization, managed systems security service is another option to consider.

A Managed Service

A managed systems security service is exactly what it sounds like—a company you pay to manage and monitor your data.Most managed systems security providers (MSSPs) charge a fraction of the cost your company will incur to build and maintain a SOC. MSSPs also eliminate the need for company personnel to monitor data 24/7. An affordable and time-saving approach may persuade your executive team to choose an MSSP over other in-house options. But managed systems security services have cons as well.

“Before diving into the risks associated with hiring an MSSP, it’s important to understand that MSSPs do not completely eliminate your security costs—for example, you’ll still need an in-house CISO for the MSSP to report to and coordinate with,” states Chris Bihary, of Garland Technology. “MSSPs offer security expertise; but they are meant to supplement your own security team, not replace it, “ he continues.

It is important to be cautious and do the research before outsourcing to an MSSP. The MSSP you choose to hire will handle your organization’s sensitive data, so you‘ll need to be certain to have a detailed service level agreement (SLA) in place to spell out how your data will be monitored and protected. For example, businesses that transmit, manage or store electronic protected health information (ePHI) and are required to maintain HIPAA compliance, a detailed SLA provides protection should a data breach occur.

Another managed service drawback is the lack of control you possess over systems security on a daily basis. While you are paying someone to monitor data, the SOC is not in-house, so the comfortability level is not the same. (Are you considering outsourcing to a managed service provider? We’ve covered the questions you need to ask a prospective provider here.)

No Wrong Decision

Both in-house and MSSPs have pros and cons. It comes down to this: How much time, money and resources are you able or willing to invest for protection? There is no right or wrong answer. And remember, either option is still far better than not having a security system in place at all, especially as the threats to data security continue to mount.

At New Era Technology we empower live meetings and remote collaboration by deploying the technology that helps your organization connect, communicate and engage with its customers, employees, and stakeholders. Connect with us to find out more about how New Era can help you achieve your business and technology goals.
Photo Credit: Visual Content Flickr via Compfight cc

Author: Marina Gregory, CAO