In this recent report, the Aberdeen Group’s research revealed that 100% of Best-in-Class companies consume some managed security services as part of their security strategy. The most widely deployed and easiest to implement managed security service is email security.
Best Practices in
Choosing and Consuming
Managed Security Services
January 2008
Best Practices in Choosing and Consuming Managed Security Services Page 2
Executive Summary
The need for greater security is compelling organizations to consider using Research Benchmark Managed Security Service Providers (MSSPs) for some or all of their IT Aberdeen's Research security needs. Companies that are getting the best results from a security Benchmarks provide an in-performance perspective all use managed security services as part of their depth and comprehensive look IT security. This report looks at how these companies choose to acquire into process, procedure, and consume managed security services, including ways mature MSSP methodologies, and customers have learned to get the best value from their MSSPs. technologies with best practice identification and actionable The potential benefits to organizations that consume security solutions as recommendations managed services are widespread. Organizations can improve their security and compliance performance, reduce the management overhead associated with managing security solutions themselves, avail themselves of security solutions that would otherwise be unaffordable, avail themselves of security protection "in the cloud" - thus, stopping threats such as denial of service attacks before they actually reach the organization. In addition, they can avail themselves of security expertise that is unavailable or unaffordable within their own organization.
Best-in-Class Performance Aberdeen used four key performance criteria to distinguish Best-in-Class (BIC) companies: . A significant decrease in help desk cost attributed to security . A significant decrease in the number of security incidents . The number of data loss incidents . The number of malware infections
Competitive Maturity Assessment Survey results show that the firms enjoying Best-in-Class performance "We are pretty happy with our shared several common characteristics: current provider. But past experience has shown the . 86% report zero failed audits importance of auditing the providers. So we are building . 64% have established Service Level Agreements (SLAs) with their out our own IDS and firewall MSSPs monitoring solutions strictly as . 63% use pre-emptive planning to address the most likely risk a backup and audit function." ~ IT and Network Security Required Actions Director, $1.5B Sales and In addition to the recommendations in Chapter Three of this report, to Marketing Services Firm achieve Best-in-Class performance, companies must pro-actively manage their MSSPs. Companies should define processes and criteria for choosing and vetting potential MSSPs, establish metrics and SLAs to hold them accountable, and regularly re-evaluate and ensure that their choices are critical to ultimate success of the business.
Table of Contents Executive Summary.......................................................................................................2 Best-in-Class Performance.....................................................................................2 Competitive Maturity Assessment.......................................................................2 Required Actions......................................................................................................2 Chapter One: Benchmarking the Best-in-Class .....................................................4 The Need for Improved Security - Number One Driver ..............................4 The Maturity Class Framework............................................................................5 The Best-in-Class PACE Model ............................................................................6 Best-in-Class Strategies...........................................................................................7 Chapter Two: Benchmarking Requirements for Success....................................9 Competitive Assessment......................................................................................10 Capabilities and Enablers......................................................................... [download for more]
