By Barracuda Networks
Though there has been a seismic shift in the amount of money earmarked for IT security over the last few years, there is still a large gap in the amount of money available for investment available for IT security professionals within their organisations.
There is no doubt that IT security has risen the agenda at board level because of the ever-growing number of big-brand scalps that fall victim to nefarious cyber-attacks. The number of data breaches is alarming and large companies (as well as SMEs) are keen to throw money at the problem to try to decrease the threat to their core business activities.
However, the money is not being invested internally but, more often than not, is being used to fund partnerships with managed security service providers (MSSPs). Why?
The answer to this is threefold.
Firstly, MSSPs offer dedicated and specialist support services to a great number of organisations. As their core business, they in turn recycle the budgets they are paid to invest in their own infrastructure. Their clients effectively buy a share of a super-service that none of them could afford on their own. By the same token, the specialist IT security professionals employed by MSSPs are amongst the biggest talents around in cyber security; because MSSPs can afford to pay the highest salaries. As of 2017, there is still an enormous gap between the demand for and the number of trained cyber security professionals. The fact is that highly-qualified individuals can pick and choose where they work and MSSPs offer the greatest benefits, both financially and for greater career migration.
Secondly, but on a similar note, MSSPs can afford to invest in cutting edge technologies to help them deliver the best in security solutions. IT security automation is on the rise but demands a great deal of capital to maintain the momentum of how these rapidly learning machines develop. Once again, companies employing an MSSP not only buy into a pool of knowledge but get to benefit from a shared infrastructure they could ill afford on their own.
Lastly, though investment levels are increasing, companies are generally regarding IT security as an operating expense rather than investment capital. The motivation is one of immediate fiscal benefit with instant tax deductions but one that also frees up working capital for use in other areas of the business; areas that can stimulate growth and produce a return on investment.
These three driving factors will play an important way in which the role of in-house IT security personnel is shaped over the next decade as their importance is, not diminished, but shifted into a role of project management. Internal IT security professionals will need to work carefully with outsourced MSSPs in how security is designed, managed and deployed. In turn, organisations must come to realise that using an MSSP does not make their own IT security redundant; far from it, it makes them an important linchpin.