August 17, 2021 by Siobhan Climer
This article was originally posted in March of 2019.
The cybersecurity landscape grows more complex every day. The average cost of a data breach has risen to $6.71 million, and the risk of being breached has likewise grown. Cyber criminals – whether malicious insiders, amateur script kiddies, or organized outside actors – are developing smarter, more advanced attacks every day, and businesses are struggling to keep up.
The lack of information security resources available for procurement by private companies has led to the rise of security-as-a-service (SECaaS). SECaaS enables businesses of any size to assess and protect against the most pervasive cybersecurity threats.
What Is Security-As-A-Service (SECaaS)?
Security-as-a-Service is the extension of regular technology team tools by proxy of an expert, security-focused team with a global perspective on the complex field of cybersecurity. Only in the last few years has information security moved beyond an in-house, four wall approach. Previously, cybersecurity and disaster recovery meant practically the same thing, and IT professionals categorized security with firewalls, backups, and secure perimeters.
But anyone with a pulse on the pace of technology knows that securing information and data is far more complex than simply installing and configuring a firewall. While cybersecurity remains focused on protecting information assets of the business, the threats to data and remediation methodologies occupy an industry all their own.
Cybersecurity requires a global, adaptive sense of the industry, and this has led to the shortage of qualified individuals. “Qualified Chief Information Security Officers (CISOs) are few and far between because the role requires experience and relevant knowledge”, says Mishaal Khan, Mindsight Senior Security Solutions Architect, Certified Ethical Hacker, CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, in a recent interview:
“Just like you would outsource your security guards – your physical security – you want experts managing your cybersecurity. Most companies cannot afford to have information security experts on staff, especially with the lack of resources available today.”
Assessing Your Security-as-a-Service Options
The moment-to-moment nature of cyber crime has led to a rise in point-solution products. These security tools are marketed as “solutions”, when, in fact, they only combat one potential threat. The complexity of attacks facing organizations today requires a comprehensive, data-centric security approach that accounts for the layers of security and highest potential risks.
Identifying the right security-as-a-service option isn’t easy. Trust must remain at the heart of the relationship. Trust the security servicer is truly an expert in their field. Trust they care about your business. Trust THEY aren’t a threat. That’s a lot of trust for an industry where “zero-trust” is a buzzword.
First, find an expert team with the right certifications and expertise to get started.
CCIE R&S: The Cisco Certified Internetwork Expert Routing and Switching certifies an expert-level engineer in planning, operating, and troubleshooting complex, converged networks – like those most businesses have today.
Security Practitioner: Various certifications (SSCP, CASP+, S-ISP, etc.) capture the validity of those with expert-level competency in risk management, business security, and organizational security operations.
Certified Social Engineer Pentester: A pentester or penetration tester, is authorized to demonstrate and document a flaw in a security architecture. Social engineering is the manipulation of the human layer to infiltrate a network by use of target reconnaissance. Since humans occupy the largest threat to security, via negligence or malicious intent, understanding the human risk to business is invaluable.
CISSP: Certified Information Systems Security Professionals demonstrate an advanced-level knowledge of information security and is offered by the International Information System Security Certification Consortium, known as (ISC)^2 (“ISC squared”).
Bonus – Certified Ethical Hacker (CEH): In reality, certifying security bodies understand cybersecurity from the business’ perspective. To be truly prepared and protected against today’s most prevalent threats, businesses should partner with organizations that demonstrate an understanding of the hacker’s perspective. After all, hackers are the ones preparing to infiltrate your business. “Ethical hackers” are experts in the tools and methodologies employed by “Blackhat” hackers – those with nefarious purposes – and fall under the “Whitehat” hacker label – those who use their expertise to help and protect individuals and businesses today.
Risk Management: Understanding What Matters To You
Not every business is the same, and though data is the heart of almost every organization today, the specific data each business needs to protect is different. As the risk to the business moves into the cyberspace, CIOs, CTOs, and CISOs are more and more involved in the executive discussions regarding risk management. Identifying the most important data assets is the first step in developing a resilient cybersecurity strategy.
When choosing a security-as-a-service provider, find a partner who performs strategic risk assessments. The reality is, everyone is under threat, and no cybersecurity plan is going to be 100% secure. To return to Khan’s interview for a moment:
“A lot of people think that because they have a firewall or had phishing trainings, they are secure. No, you’re not. Even I cannot help you be absolutely secure. I can get you where you want to be and target your top ten threats, but never say you’re secure. I’m not secure. I’m exposed as well, and I do this for a living. Nobody’s immune.”
Targeting those top ten threats is key to developing a hardened cybersecurity solution with a security-as-a-service partnership. A true partner will give you insight into what threats are most relevant to your business and only then propose targeted solutions that meet those risks head-on.
Finding A SECaaS Partner – or a vCISO – You Can Trust
Not only does the partner you work with to provide security-as-a-service need to be experts – with all the certifications and touted experience that comes with that – but they also need to demonstrate a commitment to your business, not theirs. With Mindsight, we know that trust in this zero-trust era is hard-earned, and we are committed to gaining and proving the validity of that trust as many times as needed.
According to Khan, the shift to vCISOs lowers costs and greatly expands the security talent pool in a sector with limited supply and high demand. Which means you don’t have to be a large enterprise or the Federal Government to afford top-notch cybersecurity experts. Now small and mid-market organizations “that previously couldn’t dream of having a CISO can enjoy similar advantages,” Khan says.
Besides being more cost effective than their in-house counterparts, who can command north of $300,000 plus benefits in major markets, Khan says vCISOs stay put longer. And if an on-site CISO departs, he adds, it’s easy to plug the gap with virtual replacements from Mindsight or elsewhere that can immediately step in on a temporary or permanent basis.
Thanks to the democratizing effect of virtual technology, more companies than ever are benefitting from the expertise of these dedicated specialists. “All your security problems are under our umbrella,” Khan says. “And you don’t have to understand every single aspect — we’ll make sense of it and prioritize for you.”
Contact us today to discuss how you can develop a resilient cybersecurity strategy.
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.
About the Expert
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.