Managed Security: Keeping Your Business Assets and Operations Secure and Compliant

By Dave Moorman

If you read my blog last week, you know that service-provider hosted cloud environments of all types are more secure than on-premise (in-house) owned and managed infrastructure in nearly every instance. What you may have missed in that blog is that the survey didn’t evaluate on-premise IT environments where a service provider manages its customers’ security needs.

If a cloud-hosted environment isn’t right for you (for any reason) you can significantly mitigate your risk of successful attack or intrusion by using managed security services. For small to medium-sized businesses—especially those with distributed locations where confidential information is being shared across the Internet—the complex, specialized, and rapidly evolving nature of IT security (not to mention the growing focus on regulatory compliance) make it nearly imperative for most SMBs to have some type of managed security solution in place.

“So,” you may be asking, “what does this mean?” Managed security services encompass a wide array of assistance that helps a firm secure the intellectual and business assets that could potentially be acquired by unauthorized individuals (inside or out). Although some firms have created “one-size-fits-most” packages, the best companies will work with their customers to develop a systematic approach to managing the organization’s security needs.

Functions of a managed security service (some of which may already be present in a managed IT services solution, if you have one), may include:

1. Penetration and vulnerability assessments, testing and audits
2. Round-the-clock monitoring and management of intrusion detection systems and firewalls
3. Monitoring and interpretation of important system events such as unauthorized and malicious behavior and other anomalies
4. Proactive trend analysis
5. Patch management and upgrades
6. Security policy monitoring and change management
7. Content filtering for email and other traffic
8. Emergency response, mitigation and recovery

Although organizations are, in the end, legally responsible for defending their networks against security and business risks, offloading the security functions to a service provider lets management focus on core business activities. Using managed security services also makes it easier to certify compliance with the regulatory and privacy requirements that are affecting an increasing number of industries.