The IT Security Enforcer’s Advisory on Managed Security Services Models and Execution
Security is about protection, and in the enterprise IT environment, that means protection of a burgeoning array of physical and digital objects. Most objects, or property, within an enterprise can also be defined as assets, making IT security at its most basic level about maintaining the health of a business’s balance sheet. That commercial and operational significance should inform how managed security services (MSS) are developed and delivered to enterprises. Solutions need to address not only individual objects/assets but also the overall wellbeing of the business.
Today’s enterprises operate in a highly heterogeneous, virtualized technology environment, where easy access to both information and tools encourages the proliferation of new devices and services. Sanctioned and unsanctioned “bring-your-own-device” (BYOD) as well as “Shadow IT” deployments for departmental solutions contribute to this amorphous landscape. For IT security, management needs to be agile and look well beyond traditional concepts of perimeter protection and assess the specific risks to enterprise data, devices, users, and applications—in addition to enterprise networks—within this dynamic and shifting hybrid environment.