Security as-a-Service (Secaas)
Outsourcing more elements of security is a growing trend, with many IT departments moving to a 24×7 capability to secure their businesses. The advent of large-scale homeworking may increase the attractiveness of using a third party to assist with some or all of the extra security workload.
Suppliers: Secureworks, DXC, Securedata, NTT Security, Getronics, Orange, ITC, Ultima, Trustwave, Redscan, Nettitude
Note: suppliers shown in bold support the MS Azure Sentinel platform.
Scope areas to consider:
- The SoC (Security Operation Centre)
- Network security & patching
- SIEM and log feeds / MDR
(SIEM= Security Information and Event Management, MDR = Managed Detection& Response)
- Firewall management
- Threat sensors (in the data centre, in cloud platforms and office based applications)
- Email security and archiving
- Network and Web access control
- End point protection
- Mobile device management
- Penetration testing
- Decide which of the 10 areas are in your ‘basket of goods’ to get quotes for, as this will influence which suppliers to approach.
- Assemble any technical constraints which suppliers must adhere to, and those that are more optional. Tip: try avoid being overly prescriptive at the technology level where possible, and state the business requirement.
- The art is not allowing dependencies and constraints to put a full stop on progress, rather to include them as high level factors. For instance, if you’re changing infrastructure e.g. to Azure or AWS, ask bidders to state how they inter-operate with these.
- Shortcut lengthy RFP processes by adopting an agile sourcing approach, using key scenarios and supplier workshops, alongside the appropriate degree of commercial control. This avoids a rushed purchase, allowing you to control diligence vs speed during these testing times.
Example Detailed Requirements
• Proactive / passive monitoring of managed Security Operations Devices (availability, CPU utilization performance and capacity)
• Security Perimeter requirements (Firewalls and Load Balancers, 2FA, Web & Network Security, Security Auditing tools)
• Need resilient connection to your 3rd party MPLS network?
• Will the supplier allow the client to retain token administration?
• Security service appliances and vulnerability monitoring?
News: Some providers are allowing customers to run trials of multi factor authentication solutions, and open DNS for 30 days.
Final Comment: Turnstone can accelerate your approach to market, with model requirements, scenarios and supplier contacts if you have an urgent requirement.
Do contact us at email@example.com if you’d like to explore our support options.