The 3 main considerations when creating a Cyber-Security Strategy


Scroll Down
12-Mar-2020 12:53:32

In my last piece, I talked about Problem Management and how it is often confused with Major Incident management. In fact, while the two are linked, they are very different beasts. However strong your Problem Management, you must be ready for business critical incidents.

Selecting a partner for your security requirements is similar to IT procurement decisions you have made before – and will probably follow the traditional 3 questions, with a twist…..

Question 1: DIY or managed services?

As with all IT services, when it comes to cyber-security, businesses have a choice; manage the security piece themselves, use selective point solution support, or use a managed service provider (MSP) to take care of the whole problem.

Taking the MSP route is increasingly popular, which is probably because of the fast-evolving sophistication of blended threats and the regulations bringing stringent requirements for safeguarding of data.

Avoiding data breaches is now seen by many organisations as the number one IT imperative after operational continuity. There are many benefits of outsourcing cyber-security requirements to an MSP, but the process is not without its complexities.

Most organisations choose to work with an MSP for one (or more) of the following reasons:

  • A shortage of available (or affordable) in-house skills
  • The scale and complexity of technologies required
  • The speed with which the threat landscape changes
  • The need for 24-7-365 protection
  • Budgetary or headcount constraints
  • A business preference to outsource

Underpinning all of these reasons is the reality that the speed with which new attack formats and vulnerabilities develop and evolve is increasing all the time, meaning that internal IT teams are finding it increasingly difficult to keep up.

Your MSP will:

  • Work around the clock because data breaches don’t only happen in business hours
  • Provide a range of integrated services, expertise, technologies and processes
  • Provide cyber-security for a fixed cost model
  • Free up internal resources to focus on core operational business functions
  • Detect and respond to threats and attacks as soon as — or before — they arise, thereby minimising network downtime
  • Integrate and manage technologies from multiple security vendors to provide a consolidated solution

Question 2: If managed, which elements are you considering?

Do you want to outsource the entire security function? Or supplement existing in-house security capabilities with bought-in skills to fill a gap? Are you looking to outsource what you currently do, or bring in additional security measures?

As well as the ‘usual’ IT security functions like antivirus and anti-spam, consider how you manage:

  • Cyber-security threat monitoring and response
  • Business-wide software updates
  • Firewall policy management
  • 24-hour server monitoring
  • Compliance
  • Operational continuity and back ups
  • Data protection
  • Specialised functions such as penetration testing

Question 3: Which provider is best for you?

When selecting and appointing your security provider you should follow the usual selection criteria:

  • Fit with your business objectives
  • References and case studies
  • Service level agreements
  • Skills, qualifications, certifications and awards
  • Systems and processes
  • Scalability and flexibility
  • Financial stability
  • Transition management

This question does include one significant twist to consider. Which is, should you be working with someone who just does security, or should you work with a provider who can support your much wider IT infrastructure, platform and support challenges?

Single solution area providers sound like specialists, so you may think that’s a good option. But that also brings with it limitations and in our experience unnecessary hand-offs. An experienced, mature IT managed service provider has the resource, skills, tools and in our case an integrated SOC – meaning as we manage users and infrastructure, we can instantly observe cyber-security challenges for our customers and seamlessly respond without handover, delay or confusion.

If you would like to review your cyber-security strategy,  feel free to contact us or fill this form and one of our technical consultants will be in touch soon. 

Download your complete guide to Migrating Servers and Virtual Machines

By reading this guide, you will learn how to:

  • Create initial technical plans and business justification.
  • Ensure your workloads will run as expected.
  • Perform the migration with a limited impact on the business.
New call-to-action

Leave a Comment

Pete Canavan
Pete recommends our FREE webinar consultation

About the author

Pete Canavan

Pete Canavan is Support Services Director at Plan-Net. An accredited ITIL Service Manager, he has a proven track record in IT with special expertise in the Legal & Financial Services industries.

With two decades in the IT field, Pete has acquired extensive experience in business relationship development, service transformation, project and people management, training and client/supplier relations.

Pete's other passions, besides Plan-Net of course, are his family and football.

Email Pete:

Connect with Pete Canavan on LinkedIn

Talk to us today about Business Advantage IT

If you’d be interested in discovering how Plan-Net could help give your organisation Business Advantage IT, get in touch.

Did you find this article useful?
Sign up to receive more from Plan-Net