Managed Security Service Providers: The Digital Business Need of the Hour

20 March 2020 | Wai Kit Cheah, Director, Product Management (Security), CenturyLink Asia Pacific
As much as digital businesses are investing in security infrastructure, software and teams, the rate of security compromises and data breaches is trending upwards1. Cybercriminals are using more advanced tools and sophisticated methods to attack organizations and breach privacy; according to Frost & Sullivan2, these include polymorphic malware, artificial intelligence (AI) and other automated techniques. Gone are the days when popular media painted a picture of a hacker being a lonely tech geek, sitting in a darkened room surrounded by empty takeaway boxes.
Cybercriminals rarely act alone – from sharing infrastructure to being part of entire syndicates dedicated to sabotage.
Furthermore, the end game is no longer only seeing how much commercial chaos can be created from their armchairs, but it is about getting their hands on sensitive data such as trade secrets, financials or customer profiles. Cybercrime-as-a-service is a growing business generating huge revenues and will most certainly require a proactive 'connected security' approach to improving corporate cybersecurity.
VIDEO: See More. Stop More. Find out how your digital business can unlock the ‘connected security’ approach for the digital future.  

This new era of cybercrime has meant increased challenges; enterprises are struggling with a lack of trained manpower and cybersecurity expertise to counter more sophisticated attacks3.

Subsequently, this has had a knock-on effect when it comes to risk planning and preparedness because the cost of security breaches goes well beyond recovery costs, reputational damage or a drop in share price (such as that suffered by Capital One4).

Today, there is also a lack of transparency factors5 to be considered, particularly when governments are tightening governance on private sector organizations and this can cost millions of dollars in penalties. 

The fact is that many organizations in Asia Pacific (APAC) are unprepared to detect and respond to data breaches, compared to US and Europe counterparts. The high rates of digital connectivity and proliferation of mobiles devices has also meant that APAC is an ideal environment for cyber criminals to thrive, particularly in markets where data regulations have yet to be fully developed.  

The case for outsourcing cybersecurity 

Enterprises are gradually realizing that the threat landscape’s breadth and evolution is beyond the scope of an IT team to keep up and constantly bolster enterprise cybersecurity, particularly with a hybrid cloud environment, proliferation of data-driven applications and the rise of edge computing. As my colleague has previously pointed out, in APAC, a typical organization does not have cybersecurity as top of mind and its core strength, and usually hires a lean IT team to manage databases and servers. While this keeps costs low, many of these lean IT teams do not have the adequate cybersecurity expertise or skills to fight advanced attacks. In my role working extensively with enterprise customers and gaining insights into their security challenges, I have identified three broad reasons why partnerships with managed security service providers (MSSPs) are the way forward for the digital enterprise:

1. Security teams are under-resourced

In the past, a security strategy was little more than investing in software and tools, particularly an investment in Security Information and Event Management (SIEM) or an Endpoint Detection and Response (EDR) solutions to be monitored in-house. This can be a costly exercise, involving hundreds of thousands of dollars in purchasing software licenses alone! 
There is simply never enough subject matter experts to manage the hive of activity 24 hours a day, seven days a week.
No matter how new and expensive the tools may be, there is simply never enough subject matter experts to manage the hive of activity 24 hours a day, seven days a week. An effective triage process is absolutely necessary in assessing the severity of cyber security incidents. Without a knowledgeable and well-resourced security team to investigate alerts, even the most sophisticated of detection tools will not move the noodle in improving an organization’s security posture.  Although one could argue that AI has transformed some aspects of cybersecurity, its role is to augment and not replace the role of humans, particularly in incidents that require ingenuity and critical thinking. As such, enterprise IT teams continue to struggle under the constant flurry of threat detection and manual processes required for incident response.

2. Talent gap and staff retention issues

Although improving security posture continues to be a priority for digital businesses, the cybersecurity skills gap in Asia Pacific has yet to be addressed. Compared to the rest of the world, APAC tops the skills shortage, leading to a staggering shortfall of 2.6 million cybersecurity workers by the end of 20196! While the explanation can be a simple human capital demand vs supply equation, there are a variety of factors at hand. One stark issue exacerbating the shortage is that while Asia becomes more technologically advanced, IT infrastructure and policy is still in a state of development particularly in emerging economies. 
These shortfalls expose organizations to increased cyber risk and threat levels, creating a big demand for cybersecurity professionals.
There is also the problem of tackling low morale for in-house enterprise cybersecurity teams; it is well known in the industry that security experts are frequently headhunted and looking for opportunities elsewhere due to the routine and tedious nature of the tasks. In an MSSP environment, teams manage a diverse set of customers and handle many different aspects of threats, from threat hunting to incident response to vulnerability management to advisory and more– every problem is a new problem and the technologies used are frequently updated and modernized therefore keeping their work interesting! 

3. Expertise and advanced technologies

Because of their access to an array of latest technologies, MSSPs are trusted advisors for more accurate diagnostics, early threat detection and troubleshooting, leaving businesses to focus on their main operations and not be burdened by security problems. With highly skilled specialists on board who respond to a variety of incidents every day, MSSPs also offer a range of vendor-agnostic solutions and services from monitoring devices and insider / external vulnerability scans to cybersecurity awareness training and consultancy – all of which are more cost-effective to an organization due to sheer scale. Deep industry expertise and capability cannot be overstated when it comes to developing specific security solutions for organizations. 

Choosing a managed security service provider

Why CIOs are turning to MSS?
Managing IT security can be complex, time-consuming and costly. For organizations looking to deliver the best protection for their business and optimize budgets, a trusted managed security services partner will provide expertise and efficiencies to scale. 
Security is no longer concentrated in one specific area.
Security is no longer concentrated in one specific area and organizations must embrace these complexities and adopt measures towards a more proactive and predictive security posture.

But with so many vendors and solutions to choose from in a busy marketplace, what sets the established experts apart? Research firm IDC has pointed out that to remain relevant, service providers need to fulfil several criteria, including: 

  • Develop security for the entire lifecycle 
  • Provide advanced security services such as intelligence / visibility, big data and analytics, incident response, forensics, and advanced detection methods 
  • Offer / improve customer portals by adding visualization, real-time updating, and customized reporting 

The firm recently highlighted CenturyLink as a major player in its IDC MarketScape: Asia/Pacific Managed Security Services 2020 Vendor Assessment7 and previously called out CenturyLink’s multilayered cybersecurity approach as a strong differentiator. This includes services such as network-based solutions, DDoS mitigation, adaptive network security, and threat intelligence as well as incident management and response and security log monitoring. 

Furthermore, our support of and relationship with customers have been key to success in the MSSP market. In response to more enterprises around the world turning to network solutions with built-in security, our eighth CenturyLink global security operations center (SOC) was unveiled in Singapore last year to serve enterprise customers in the region and globally. 

How can a flexible filtering strategy create high-fidelity threat intel?

Defending your organization can’t wait 

At a time when business survival and the competitive edge is defined by digital transformation, the role of service providers and partnerships is an important one. Managing security does not need to be complex, but it does need strategy and the right expertise and systems in place to safeguard business continuity.

Cast your security net wider and improve your cyber defense strategies to better realize the benefits of digitization. See how you can take care of business and let the experts keep it secure today.

Want to improve your security posture? 

Talk to our cybersecurity experts now.

1 Chris Morris, Fortune, Hackers had a banner year in 2019, Jan. 29, 2020.
2 Frost & Sullivan, AI in cybersecurity a growing necessity amidst a rapidly evolving business landscape, Nov. 8 2019.
3 Frost & Sullivan, Cybersecurity Market in Asia Pacific Observes Growth Opportunities From Digital Transformation And Sophisticated Cyber Threats, Nov. 8, 2019.
4 Daniel Strauss, Business Insider, Capital One sinks after revealing a hack that leaked information on more than 100 million people, Jul. 30, 2019.
5 Marsh, Cyber Risk in Asia Pacific – the Case for Greater Transparency, 2017. 
6 Phil Muncaster, Infosecurity Magazine, Cybersecurity Skills Shortage Tops 4 Million, Nov. 7, 2019. 
7 IDC, IDC Reveals Leading Market Players for Fast Growing Asia / Pacific Managed Security Services Market in 2020, Feb.12, 2020.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents CenturyLink’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2020 CenturyLink. All Rights Reserved.

Related Articles

Where digital business goes to network
Where digital business goes to network