Managed Security Providers (MSecPs)
Security threats are growing for all types of organizations; and with new viruses, changing technology, and hacker ingenuity and perseverance, the types of threats are constantly changing. Along with its other tasks, an ASP might find it overwhelming to provide hermetic security for its complex infrastructure, especially for customers such as financial institutionsfor which it's a "must-have" requirement. What's more, customers rate security, along with availability and performance, as the most important ASP capability. For these reasons, ASPs use MSecPs to guarantee that the ASP is actually meeting the security conditions of its SLA with the customer.
MSecPs provide a full array of security services. Among other things, they install security technology where necessary at the ASP site. They then remotely monitor all ASP facilities such as data centers and security equipment such as firewalls; perform Intrusion Detection to alert the ASP if unauthorized parties may be attempting to access ASP systems; and perform Incident Response to a security breach, define the breach, and recommend and implement corrective measures.
MSecPs' services vary: Some offer only certain services such as security monitoring, whereas others provide a full complement of services. And, although outsourced security was once the exclusive province of the Big Five consulting companies, these newer, smaller, and more specialized MSecPs now offer a viable security-outsourcing alternative for ASPs and other businesses. Whether or not an ASP employs an MSecP will probably depend on the SLA conditions the customer stipulates and on how dramatically the ASP wants to differentiate itself with value-added security from competing ASPs.