Many people may not know it, but if your business outsources
the IT Department or even your Cybersecurity stuff, it is more than likely you
are making use of what is known as “Managed Services Provider” (“MSP”) or a “Managed
Security Services Provider” (“MSSP”).
The former takes care of your day-to-day IT stuff, whereas the
latter looks after your security needs. But
what is secretive about these kinds of organizations is that many of them have
what is known as a “Security Operations Center”, or “SOC” for short.
Depending upon the Service Level Agreement (SLA) that you
have with them, they will typically keep a 24 X 7 X 365 watch on all of your IT
assets, and make sure that they are protected with the best level of controls
possible.
All of this is being monitored by a team of professionals at
the SOC. Some of them can be very large
(like on the range of what Microsoft has), or some of them can be very small,
being manned by only 2 or 3 people.
Whatever the size is, their primary job is to make sure that
your business is protected. Because of
this, it is very important for the SOC to stay ahead of the curve, and adopt the
latest technologies so that in the end, they can offer you the best services
that are possible. But apart from that,
given the world that we live in today, they also have to:
*Gain the deepest levels of trust from their customers. After all, if your business has been impacted
by a security breach, your MSP or MSSP will be the first ones to be blamed
(along with the CISO of course), and probably even found liable.
Of course, then you will want to switch quickly over to
another provider. Also, the landscape
here is very competitive amongst them.
The only way that they can win out is through great customer service.
*Have to protect your data and its sure it remains intact. If your business has tons of data that it
uses, more than likely, you will be storing it at the site of your MSP or MSSP,
or if it is being stored in a Cloud deployment that you have, then they will
oversee that as well. The bottom line
here is that if you are trusting them with your datasets, then they become the
stewards of it, and have the complete responsibility for its safety. Again, if anything happens, they will be the
first ones to be blamed.
*Make sure that there are extremely minimal disruptions to
your IT and Network infrastructures. These
days, the Cyberattacker is now resorting to the old means launching a threat
variant. A prime example of this is the good
‘ole DDoS based attacks, which can literally bring your servers to a crawl.
*Coming into compliance.
If your MSP or MSSP is going to be your data steward, then they are
going to have to come into strict compliance with the data privacy laws such as
that of HIPAA, GDPR, and the CCPA. If
they don’t have the right controls in place and are audited, they could face
some serious fines and penalties. For
example, under the GDPR, the penalty can be as much as 4% of gross revenue.
So, in order to keep up with all of these requirements, what
can an MSP or MSSP do? Here are some
tips:
1)
Stop emphasizing technology so much:
This goes back to something I have
written about who knows how many times.
Good levels of Cybersecurity does not come from technology itself. Yes, it is important that an SOC use the latest
ones out there, and are updated, but equally important are the people that man
them. You need to train individuals who can
decipher and trigger any alerts or warnings that are coming in. Also, you need a human being to contact a
customer in case a security breach is about to erupt. But most importantly, get away from the siloed
approach that are so often seen in the SOCs today. You need to foster a sense of open
transparency and communication, because after all what is important in the end
is keeping your customers safe. There is
no way that it can be accomplished when nobody in the SOC is communicating with
another.
2)
Make sure you are safe:
Although it is the job of the MSP
or MSSP to make sure that their customers are secure, they also need to make
sure that they are safe themselves.
Remember, the threat landscape is wide open to the Cyberattacker. They will attack whenever and wherever
possible. And this even includes the SOC. So, make sure that you conduct the right
kinds of Risk Assessments, in an effort to make sure that your infrastructure
is as airtight as possible.
3)
Use existing frameworks:
The one thing that the world of
Cybersecurity is known for are all of the frameworks and standards that are in
existence (with even newer ones coming out).
An SOC should try to pick one and stick to it, and apply that to their
customers as well. One of the primary reasons
why I say this is that if there is a security breach and you are audited, you
can at least say that your SOC was following established procedures, in an effort
to help soften the blow of any penalties that might be invoked.
4)
Respond quickly:
If they are impacted, your customers
are counting on your efforts to mitigate the risk as quickly as possible, so
that they can be up and running quickly, with minimal amounts of downtime. This will hinge of course the SOC having a well-defined
Incident Response (IR) plan in place. It
is not just enough to have it documented, but it must be rehearsed on a regular
quarter (something like at least once a quarter), and the plan must be updated
with any lessons learned. To make this
is effective as possible, try to get your customers involved as well.
My Thoughts On This:
Another line of defense that an SOC can use is the Zero
Trust Framework. This is where you further
segment out your IT and Network infrastructures, and are always practicing this
mantra: “Never Trust, Always Verify”. For more details on enhancing your SOC,
click on the link below:
No comments:
Post a Comment