IT Security Education: The New MSP Mandate?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://midsizeinsider.com/en-us/article/it-security-education-the-new-msp-manda#.VVzeEflViko

The idea of outsourcing is no longer an outlier for many companies —
locating and leveraging a reliable managed service provider (MSP) is now
par for the course. However, with internal IT budgets shrinking and many
C-suites expecting IT professionals to do more with less, a new MSP mandate
may be emerging in the form of IT security education. Can third-party
providers effectively take on the role of outsourced chief information
officer (CIO)?

Knowing Is Half the Battle

According to a recent Information Age article, many businesses now
outsource a large part of their IT operations toMSPs. A side effect of this
trend, however, is that IT security education takes a backseat. In effect,
training employees becomes an "out of sight, out of mind" task for IT
professionals trying to find the balance between outsourced and in-house
technologies.

For MSPs, this provides an opportunity to enhance client relationships by
delivering comprehensive security training in addition to the underlying
services that help protect company networks. As noted by the article,
timely knowledge of cyberthreats and response strategies can provide an
approximately 50 percent boost to cyberdefense. When employees are properly
trained to recognize phishing emails and avoid unsafe websites and hardware
missteps, the chances of a security breach significantly decrease.

For MSPs, this means outsourcing more than just technology. Instead, they
offer a kind of "CIO-in-situ" service that provides training alongside
security software and back-end infrastructure. In other words, technology
is just the beginning.

A New Mandate?

Taking on the role of an outsourced CIO is no easy task. MSPs must become
intimately familiar with each firm's IT inner workings and deliver
specialized services to match unique needs. However, according to Forbes,
this type of next-level service may be mandatory before too long — as the
MSP market grows, so do client expectations. Firms are looking to move on
from MSPs that cannot grow and change quickly enough or provide expert
advice. For MSPs, this means service delivery and speed are no longer
enough. Pressure on in-house IT to do more with less is pushing even
C-suite positions out the door, and the first one to go is often the CIO.
By filling this gap and offering robust IT security education, service
providers can become indispensable components of an organization rather
than outsiders, making them part of the team rather than a line in the
budget.

MSPs need to develop a basic security education program that applies to any
business and includes common advice such as not opening malicious emails,
practicing safe Internet use and the importance of regular patching. They
should also develop security-specific advertising that details a provider's
strategy to create a cybersecurity program unique to each client, including
face-to-face meetings, the development of software tools and access to 24/7
technical support. Ultimately, the goal is to help companies transition
from traditional security roles, such as in-house CIOs, to on-demand
security. Much like the cloud has come to replace on-site offerings that
are no longer financially viable or flexible, outsourced CIOs can look to
become an agile resource, complete with in-depth knowledge of security best
practices and a lower price tag than a full-time equivalent.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!