Security Staff Acquisition & Development

Top Reasons CISOs Embrace MSSPs and Managed Security Partners

Credit: Pixabay
Author: Dan Kaplan, online content manager, Trustwave
Author: Dan Kaplan, online content manager, Trustwave

Scour the World Wide Web for articles on what keeps CISOs up at night, and you'll return a list so long, you could be up all night reading it.

It's one of the most frequently asked questions in business, and when it is posed to already-pressured security professionals, it comes across as, pardon the pun, a bit tired. Perhaps a more apt way to frame the question is: "What doesn't keep CISOs up at night?

Indeed, from implacable threats to boardroom demands to skills shortages, it's no surprise the pangs of the overwrought infosec practitioner carry over from office to bedroom. The first step to recovery may very well be acceptance. You should feel no shame admitting your internal team is unable to handle all of the tasks and challenges on their plate.

Managed security services have become a popular alternative for resource-starved businesses, from those struggling to stay afloat in general to those deficient in certain specialized areas.

CISOs: Where MSSPs Fit In

In fact, our recently released 2018 Security Pressures Report from Trustwave asked 1,600 global security decision-makers and influencers to choose why they do or would consider partnering with an MSSP (with the option to select as many reasons as they'd like).

Here's what they said:

1. To compensate for in-house skills shortages. (31%)

2. To adopt, deploy and operate hard-to-use security technologies. (30%)

3. To help with security automation. (28%)

4. To provide intelligence and extend security coverage against sophisticated threats. (27%)

5. To address complex security tasks, like vulnerability testing and incident response. (25%)

6. To handle routine tasks. (23%)

7. To stretch budgets. (21%)

8. To free up time to work on IT projects that got delayed by unresolved security issues. (16%)

9. To gain more visibility into the IT environment. (10%)

The ultimate goal for a business is to ensure it is adequately assessing and mitigating risk, implementing the right processes and controls to deal with existing issues, and properly planning for what is to come in an ever-evolving threat landscape.

Though rare, a fully mature, forward-thinking internal security team can get you there. So, too, can a well-rounded, 24x7 and intelligence-driven MSSP adept at protecting, detecting and responding.

Or a combination of the two.

If more restful nights come as a result, consider it icing on the cake.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor. Read more Trustwave blogs here.