Skip to main content

The Evolving Managed Security Model

by Mike Pittenger on Tuesday March 21, 2017

Contact Us
Free Demo

Hybrid Managed Services Offer the Best of Both Worlds for Security Deployments

Shared computing services have come full circle. What was once known as “time sharing” was necessary due to the high cost of computing. As mini-computers took over, traditional software companies began to offer their applications over the Internet as Application Service Providers. This gave way to Software as a Service, Managed Service Providers, and now Cloud Computing. The names have changed, but the business case has remained constant; a vendor provides management of computers and software so that its customers can focus on their core businesses. For the customer, the result is a lower capital cost, accelerated time to value, and predictable operating expenses.

The model makes sense. If a central organization can manage their specialized software and the required hardware, their customers’ lives are simplified. We’ve seen successful models across markets, including, DemandWare, NetSuite and Ultimate Software. Security offerings trailed the market, though are catching up; Veracode and Qualys provide cloud security services exclusively.

The argument against using third parties for security has focused around control. Some organizations believe that having the tools reside on premise and operated by full time employees provides the most reliable model. More importantly, they don’t want their security information (often vulnerabilities in unpatched infrastructure or applications) “in the cloud."

In most cases, a stronger argument is to leverage the resources and expertise of a trusted partner/vendor. Security resources are scarce in every organization. Learning to use a security tool properly, whether in configuring it or analyzing the results, requires specialized skills. Recently, this has driven the market for web application penetration testing by scores of security service vendors. A good managed service model will provide 24x7 monitoring and timely alerts. Just as important, it can provide the appropriate contextual and actionable information for internal teams.

If running the software yourself is impractical and outsourcing the responsibility is undesirable, a third model is emerging; on premise hosting of the software/hardware. In this model, the vendor supplies and manages the hardware and software to the application level, while the customer runs the application itself. All management and results remain with the customer, but IT responsibilities remain with the vendor. This "best of both worlds" approach allows organizations with available security bandwidth to manage their own security software without burdening IT with supporting another application. Up front capital expenses are minimized and concerns about third-parties accessing sensitive data are eliminated.

Tags:  Data Protection

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.