Is SecOps outsourcing a strategy or merely the reaction to a shortage of skills? This question was posed to me on behalf of a CISO the other day. But this is just a very direct way of asking the question that I get day in and day out from customers and prospects. The question is usually couched in some variation of the following:
- We’re planning on insourcing SecOps in about three years. How will your MDR service facilitate that?
- How will your MDR offering educate our team so they can take this over in the coming years?
- Why don’t you offer to manage the SIEM we already bought?
I don’t blame CISOs for thinking this way. Using the terms from RACI: CISOs may be able to outsource the responsibility, but they’ll never be able to outsource the accountability. They’ve also spent a lot of their company’s time and money amassing a tech-stack, and sometimes we MDR outsourcers render parts of that unnecessary or redundant.
Now I’m clearly biased – I work for an industry leading MDR company after all. But I think I have a worthwhile argument for outsourcing your MDR–and other SecOps capabilities–as a strategy.
Outsourcing is a Business Process Throughout Your Organization
Unless you’re Amazon, you depend on others to get your physical goods from one place to another. Your IT department already depends on third party hosting (AWS? Azure? GCP?) for some part of your infrastructure. Your CFO relies heavily on external accounting and/or audit services, and your Legal team includes external counsel by design. We do this for a variety of reasons, all of which are relevant to SecOps.
Outsource for Efficiency
Even though there may be plenty of van and truck drivers available for work, it just doesn’t make sense to hire enough full-time drivers to get all your things from one site to another, it is simply more efficient to use a third party. Thinking back to my own experience in college, the cafeterias were run by a third party – I didn’t go to a culinary school. We do this in part because of labor cost efficiencies, equipment cost efficiencies, and process efficiencies.
Outsource for Separation of Duties
Legal and finance departments do this all the time. Third parties become necessary outsourcers from an audit and independent oversight perspective. The counterpoint to allowing the hens to run the hen house. What security compliance standard or security program guidance doesn’t recommend the same for cybersecurity?
Outsource for Expertise
Your organization grew to the size it is today because it is very good at what it does. Maybe that is creating widgets. Maybe that is helping others build the best customer facing websites. Maybe that is inventing the next great medication. Maybe that is preparing tasty, nourishing food for millions every day. But for the most part you’re not likely working for a company whose core capabilities include being masters at security operations. For almost all companies, security operations is a necessary capability to ensure the organization can go on doing what it is really good at. External legal professionals once again come up as an obvious example likely already in use in your organization. So, too, are human resource management firms, offering benefits management, payroll processing, and other capabilities.
Outsource for Expanded Capabilities
Some capabilities don’t come without scale. You don’t figure out a revolutionary new procedure to perform better open heart surgery without having done many of them first. You don’t identify that a car needs to be recalled if you just happen to repair one or two of them. And you don’t identify a pandemic if you are relying on just the records from a single urgent care facility. So, too, with MDR services. Trying to monitor your own environment means you miss out on the collective lessons MDR organizations get from supporting many customers. The scale of the ability to see malicious activity patterns in one customer environment as a warning to look for them in others is lost when organizations operate their Security Operations programs in a silo. Sharing capabilities, like communal threat feeds, are a step in this direction, but when minutes count they aren’t fast enough.
Strategically Outsource Confidence
Outsourcing the right SecOps capabilities is a strategic approach that makes sense for most organizations. It is a common practice in other areas of your business, such as finance and legal, and offers a range of benefits. Outsourcing for efficiency, separation of duties, expertise, and expanded capabilities can all help an organization better manage its security operations. While some may be hesitant to outsource due to concerns about accountability or redundancies in their tech stack, a reliable MDR service provider can provide confidence and offer valuable insights and expertise to help an organization better protect itself from cyber threats. Ultimately, outsourcing SecOps can be a wise investment in the long-term security and success of an organization.
↑
Share