Hosted security providers offer a wealth of similar services and qualifications; an accurate comparison is essential for midmarket organizations to determine total cost of ownership (TCO) and understand associated risks and rewards. Use this buyer's guide to understand the benefits of hosted security services, and to arm yourself with questions that drive the provider selection process. These questions fall into three areas: security considerations, evaluation criteria and technical capabilities. Important security considerations include accuracy plus technical depth and research, where vital evaluation criteria include service level details, track record and client retention. With the right data, you should be able to make a compelling argument for a switch to hosted security services.
WHITEPAPER
Selecting Your Hosted
Security Service Provider:
What Every IT Manager
Needs to Know
www.messagelabs.com info@messagelabs.comWHITEPAPER
Introductions
This buyer's guide was developed for IT managers in growing companies, particularly in midmarket firms that require a suite of security services. Hosted security services are an effective and cost-efficient solution for SMB IT Managers especially where IT budgets are already stretched. These Small businesses of services provide reliable and comprehensive security coverage for your 50 to 100 employees company's email, Web and instant messaging (IM), without requiring extensive expertise or equipment in-house. may have only one full-time Do-it-yourself (DIY) security is often daunting and expensive. It entails person-typically significant time, effort and expertise to maintain strong security as well an IT generalist-as comply with rules and regulations governing information access and disclosure. In a tight economy where companies focus their efforts on to support a high-priority, high-value functions - outsourcing security for email, Web and complex array of IM vaccess makes good sense. Most studies show that while subscription IT resources and costs for hosted security solutions comprise a substantial portion of the costs involved (50% and higher), the Total Cost of Ownership (TCO) for users. In medium hosted security is usually much less (30% or greater) than the costs of DIY businesses (100 to solutions.* 999 employees), IT In addition to its strength as a cost-effective solution, Hosted security staffing grows, exhibits a truly broad spectrum of security services unmatched by on- averaging about one premise alternatives. Pre-screening and filtering email, Web and IM traffic full-time IT person produce substantial network bandwidth savings - while fending off attacks, for every 100 and protecting vital network infrastructure and information assets. Hosted security also eliminates hardware and software selection. Installation and employees.maintenance are handed-off to a service provider, while reducing needs for specialized in-house staff and skills. In exchange, customers get consistent, "The Compelling TCO Case predictable monthly operational expenses. for Cloud Computing in SMB and Mid-Market Although IT and security managers welcome these host of benefits, they face Enterprises,"increasing demands to deliver more with less resources. Therefore selecting Hurwitz & Associates, 2009the right service provider can be challenging-competition ranges from Internet service providers (ISPs) to independent security service providers to DIY out-of-box solutions. What are the important security considerations, and how does IT compare hosted service providers based on these considerations?
*Based on Symantec Hosted Services' TCO calculations for an average client organization of 250 users.
2 www.messagelabs.com info@messagelabs.comWHITEPAPER
Key Questions: Selecting the Right Hosted Security Provider
Selecting a hosted security provider is a serious and non-trivial matter. The process should be comprehensive, covering not only the most important security considerations but also critical attributes of providers to deliver on these considerations: support and guarantee of offerings, knowledge and infrastructure to back up their services, service level agreements, false-positive record, technical depth, references and more.
What Are the Most Important Security Considerations?Arguably, any security consideration that negatively impacts the flow of business or a company's reputation is important, but some security considerations loom larger than others. The following items stand at the top of any list of important security considerations:
. Accuracy: Given the number and complexity of security threats, it's essential that a hosted security vendor recognize and handle known threats, and provide reasonable heuristics, protection and monitoring to deal with new and Protection depends unknown ones. Protection depends on distinguishing permissible from impermissible, and allowing legitimate communications to pass to users on distinguishing quickly while blocking malicious or harmful communications. permissible from impermissible, and In the security world, a false positive represents a non-threatening content element (email message, Web page or link... [download for more]
