Difference between revisions of "User:Shawndouglas/sandbox/sublevel45"

From LIMSWiki
Jump to navigationJump to search
(Replaced content with "So far in this guide, the assumption has been made that your organization—whether a laboratory or some other business type—will either have the knowledgeable and exper...")
Tag: Replaced
Line 1: Line 1:
So far in this guide, the assumption has been made that your organization—whether a laboratory or some other business type—will either have the knowledgeable and experienced onsite personnel to assist with a cloud implementation or will acquire such people as new hires or contracted consultants. But as the age of [[cloud computing]] has progressed ever onward and more businesses have moved to the cloud, a third option has emerged: have someone else, like an MSSP, manage most of the implementation and security details for you.
Gartner defines a managed security service provider (MSSP) as an entity that "provides outsourced monitoring and management of security devices and systems," including "managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services."<ref name="GartnerManaged">{{cite web |url=https://www.gartner.com/en/information-technology/glossary/mssp-managed-security-service-provider |title=Managed Security Service Provider (MSSP) |work=Gartner Glossary |publisher=Gartner, Inc |accessdate=21 August 2021}}</ref> Gartner continues, noting that MSSPs run their security operations through their own or third-party data centers in order to provide an "always available" service, with the ultimate intent of reducing "the number of operational security personnel an enterprise needs to hire, train, and retain to maintain an acceptable security posture."<ref name="GartnerManaged" /> In addition to reducing personnel requirements, turning to an MSSP may also improve the overall security competency of and reduce the technological complexity burdens within an organization.<ref name="IBMMSS">{{cite web |url=https://www.ibm.com/security/services/managed-security-services |title=Managed security services (MSS) |publisher=IBM |accessdate=21 August 2021}}</ref><ref name="SOTheReal20">{{cite web |url=https://secureops.com/2020/08/26/the-real-benefits-of-an-mssp/ |title=The REAL Benefits of a Managed Security Service Provider (MSSP) |publisher=SecureOPS |date=26 August 2020 |accessdate=21 August 2021}}</ref>
 
One perceived downside to this approach may be the added risk of placing access to sensitive data in the hands of a third party, and indeed, there may be a few unique situations where it makes the most sense to keep security operations in-house.<ref name="TrianzHowMana21">{{cite web |url=https://www.trianz.com/insights/managed-cloud-security-services-how-and-why-it-works |title=How Managed Cloud Security Works, and Why You Might Want It |publisher=Trianz |date=29 March 2021 |accessdate=21 August 2021}}</ref> However, this perceived downside largely comes down to a question of the trust you place in the MSSP. As was discussed in previous chapters, many cloud service providers (CSPs) recognize the importance of supporting the element of trust associated with its services, as witnessed by their trust centers and associated documentation and certifications, particularly those related to the management of sensitive data. This element of trust is also baked into the service level agreement (SLA) provided by the CSP.<ref name="TrianzHowMana21" /> In the end, just like a CSP, the level of trust you place with an MSSP will largely be based upon your business' approach to both vetting them and determining the level of accepted risk should the MSSP not be able to meet your every requirement. (These aspects are discussed in further detail in the following chapter.)
 
==References==
{{Reflist|colwidth=30em}}

Revision as of 19:40, 21 August 2021

Gartner defines a managed security service provider (MSSP) as an entity that "provides outsourced monitoring and management of security devices and systems," including "managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services."[1] Gartner continues, noting that MSSPs run their security operations through their own or third-party data centers in order to provide an "always available" service, with the ultimate intent of reducing "the number of operational security personnel an enterprise needs to hire, train, and retain to maintain an acceptable security posture."[1] In addition to reducing personnel requirements, turning to an MSSP may also improve the overall security competency of and reduce the technological complexity burdens within an organization.[2][3]

One perceived downside to this approach may be the added risk of placing access to sensitive data in the hands of a third party, and indeed, there may be a few unique situations where it makes the most sense to keep security operations in-house.[4] However, this perceived downside largely comes down to a question of the trust you place in the MSSP. As was discussed in previous chapters, many cloud service providers (CSPs) recognize the importance of supporting the element of trust associated with its services, as witnessed by their trust centers and associated documentation and certifications, particularly those related to the management of sensitive data. This element of trust is also baked into the service level agreement (SLA) provided by the CSP.[4] In the end, just like a CSP, the level of trust you place with an MSSP will largely be based upon your business' approach to both vetting them and determining the level of accepted risk should the MSSP not be able to meet your every requirement. (These aspects are discussed in further detail in the following chapter.)

References