As the job of securing companies from cyber attacks get tougher and data privacy demands increase, new research from Fortinet shows that, far from going into in-house lockdown, IT leaders are increasingly considering managed security services.
In Fortinet’s latest global survey of over 1,600 IT leaders in large enterprises, decision-makers revealed a growing appetite for managed security services, with a quarter citing ‘outsourcing some or all IT security functions’ to a managed security service provider as the single most important initiative for confronting the rising complexity and volume of cyber threats in their organisations.
Over in Malaysia, organisations are definitely aware of the global trend in security outsourcing and are more willing than before to explore the concept. One reason is that they see the service provider as an expert who has better capability and economies of scale to manage and secure their data. Industries more open to security outsourcing include gaming and retail.
Meanwhile in the global IT leaders’ circle, over three-quarters of decision makers said functions like firewall, Intrusion Prevention System and e-mail protection would be suitable to apply to an outsourcing strategy in their organisation. However, these basic security functions, long considered for putting into a trusted service provider’s hands, are now being joined by functionality such as authentication, Advanced Threat Protection Sandbox (Sandboxing is used to test unverified programs that may contain a virus) and even DDoS (distributed denial of service) mitigation.
Today, only a minority of IT decision makers believe that even the most advanced IT security functions are unsuitable for outsourcing to a managed security service provider (MSSP). So, what’s changed?
About nine in 10 of the chief information officers surveyed said that the increasing frequency and complexity of threats is making the job of securing the business noticeably harder than it was just 12 months ago. And as high profile IT security attacks and national security scandals have become a common feature in news reports worldwide, this has seen a dramatic increase in pressure, awareness and involvement in IT security matters coming from the direction of the boardroom.
According to the IT leaders polled, this serious boardroom pressure to keep the enterprise secure has jumped almost one-third in the last 12 months, making security paramount and a more pressing consideration over other business initiatives.
Add in demands for securely enabling employee mobility, and emerging technology like big data, and there’s a lot of weight on the shoulders of senior IT professionals today – causing them to re-evaluate their goals to ensure they strike the right balance to achieve resilience in the face of rising cyber threats.
90% of IT leaders, for example, stated they have been provoked into looking at new IT security investment and to re-assess their security strategy, due to rising data privacy concerns and securing big data initiatives.
It should come as no surprise then, that the influencing factors for moving to managed security services are not led by cost and resource considerations, but by the need for always-on, high-performance, comprehensive, security infrastructure.
It was the increased complexity and scale of managing cyber threats that measured the largest driver to outsource, with half of all respondents selecting this as a key factor. This was closely followed by rising data privacy challenges, whilst better financial models for procuring security followed in third, while a lack of sufficiently skilled internal resources in fourth.
Whilst the benefits of outsourcing IT infrastructure and applications have long been understood, migrating to managed IT security services has often been held back due to concerns over ‘letting go’, especially amongst larger enterprises. Similarly, Malaysian CIOs are concerned about accountability and responsibility of outsourcing. For data sensitive industries such as financial services, national security and defence, IT security is strictly regarded as an internal function that should not be outsourced.
As IT leaders face the day-to-day reality of combating a relentless battle against the increasing frequency and complexity of threats − both globally and in Malaysia − their attitude is changing. When we asked about their own personal online security habits, 56% said they would be willing to trust their own personal data with a service provider that outsourced IT security. Along with this rise in as-a-Service consumption in our personal lives, perhaps IT leaders are also emboldened by the increased acceptance and successful adoption of cloud services, as they are now recognising that, with the right due-diligence and sourcing strategy, IT security is also suited to this model.
Of course, putting enterprise IT security into a service provider’s hands, especially increasingly complex functions, requires a high level of trust and assurance. For the IT decision makers polled, it is reputation in the enterprise market that wins out as the most critical attribute needed by an MSSP when winning their business.
Reputation was called out above portfolio of services offered, global scale of the organisation in third, and reliance on the SLA in fourth place as critical considerations when looking at a potential provider.
As the threat landscape has continued to evolve over the past 12 months, it’s no surprise that businesses of all sizes are increasingly considering the MSSP model for cost effective, multi-threat security solutions and perhaps most importantly, around-the-clock risk mitigation.
A demand fueled by compliancy, greater executive awareness of IT risk and advanced persistent threats, combined with the need for sourcing expert security personnel and global threat-response intelligence – outsourcing security capabilities to managed security service providers is emerging as a key strategy for enterprises today.
With the clear majority of IT decision makers in our global survey citing high levels of rising pressure and their job of protecting the business getting tougher and tougher, the rise of managed security services will indeed be an interesting trend to track, with all indications pointing to its upward trajectory.
Michelle Ong is Fortinet’s country manager for Malaysia.