Streamlining Technology Security for SMB
Picking a Security Team
You get to pick a security team now! You know you need one, and you know what you’re looking for, and now you get to get other people involved. So, who do you hire? Do you hire internally and set up a program yourself? Or do you look externally for companies that provide security as a service? Most companies will start by outsourcing their security monitoring and scanning tests initially at the very least, and then bring security internal later, if at all, once it becomes the better choice.
Knowing what questions to ask a security team is vital to establish what kind of service they provide and how that will work with your company. Here are the main things to look for when interviewing and researching security teams:
- What do they monitor for?
- What do they provide on a daily/weekly/monthly basis (emails, reports, updates, etc)?
- How much communication will take place between the team and your staff?
- What sort of access do they require to your appliances?
- Do they require any specific equipment or programs to perform their duties? Are those included in the cost of the monitoring?
- What sort of information will be communicated when a security event occurs? Do they provide any remediation or is it just informational?
These questions will help narrow down viable security teams. In theory, the more a security team provides the more money they will cost. This is not always true however, so remember that finding a security team that provides everything you are looking for does not mean they will be out of your price range. Smaller companies are often more hands-on, more interactive, and able to provide services at a reasonable cost because there is less overhead than at larger companies.
In-House Security Team
When you hire an in-house security team, it allows you to control every function of the team. You have more organic communication between team members of different departments, so security events can be handled without involving external contractors unless you absolutely need it. It also allows you to focus on developing specific skill sets among the staff. However, it also requires a substantial monetary and time investment. The average salary of a Cyber Security Engineer, according to Glassdoor, is $138,322 per year[i]. While salaries vary around the country, making an investment of this kind is not a decision lightly taken. Most companies look to outsourcing as a first option for finding a team, for ease of transition and for the fact that it is possible to hire a 24/7/365 monitoring security team for less than the cost of a single analyst.
Out-Sourced Security Team
Hiring an outsourced security team, particularly a Managed Security Service Provider, can offer a wide range of flexibility for companies looking for security. Staff is already trained, there are processes in place for handling security events, they often have reports and information available for review immediately, and it can make the process of establishing a security program much easier than having to build from the ground up. Being able to meet with management of the security team is an important part of the negotiation process. Having an established method of communicating problems or questions can help alleviate a lot of misunderstandings and stress from the process. This does make it more difficult to work with out-of-country security teams, but not impossible. The most important piece is that they provide what you need and will help keep your company safe, and that the communication is enough for staying ahead of threats. Picking a security team can be a time consuming and arduous process. There are a lot of factors that go into this decision. However, finding a security team that can augment your IT staff and ensures that your company is more aware of what is happening in its network is essential. If you are interested in learning more about the experience of Intrinium’s MSSP team, please visit https://intrinium.com/.