Light Dark
December 9, 2020 By Spencer Ingram
Marc von Mandel
3 min read
Data Protection
Security Services

Hybrid and multicloud solutions have created and will continue to offer great benefits for businesses. However, this means security experts will need to pay even more attention to the cloud as we move into the next several decades. Data visibility and management are key elements to watch when working with a managed security service provider (MSSP).

Future Security Operational and Compliance Priorities

A recent IDC Survey, Security Operational Priorities in 2020, found that for IT and security experts, access management and compliance are the two most important topics in 2020 and beyond.

As more and more employers move to the cloud and more people work from home, they also deploy new cloud services. This can introduce gaps in data security, data privacy and data residency. At the same time, these entities face new data protection rules. National laws focus on data origin, transfers and storage more and more.

Some groups are expressing concerns over data residency, which in turn is fueling strong demand for managed security service providers (MSSP) that are able to deliver their global processes and services in a regional model. What should companies review for data visibility and management working with an MSSP? Here, find some insights into how an enterprise might approach this choice.

Data Visibility and Management Can Vary by Country

Data privacy laws can vary from country to country. They can even have different meanings within each nation-state for how personal data is stored, shared and managed. The penalty for poorly handling data within different nations varies widely. But in any case, the impacts can be severe — from intense audits to high fines.

Data residency is a newer term, emerging over the last couple of years. It focuses most on the origin or national residence of the data. It comes from the rise of national rules about how companies collect, process and transfer the data of a country’s citizens.

An MSSP can handle complex data defense, privacy and residency concerns related to compliance. Businesses on their own may have strong data security controls but lack the controls to meet local compliance and privacy rules. Keeping an eye on and managing this aspect of data can take a long time and be too expensive. Therefore, many groups use a third-party MSSP to complete regular audits of their data.

Selecting an MSSP? Know Before You Go

Groups that outsource their data security and privacy needs should review the following with their MSSP. Focus on key data residency, security and privacy challenges.

  1. Where are the delivery centers located? Many current MSSPs can provide 24/7 support, but they lack the robust and proven processes, combined with formal security operations centers (SOCs), to support business needs around protection and residency. Ask your current or future provider where their centers are located.
  2. How is data protected within the regional SOC landscape? Next, review and understand what proven and tested controls the delivery center has to handle the stringent data privacy needs. Ask questions about how the provider inventories data assets. How does the SOC restrict access to sensitive data? Does it deploy zero trust strategies to limit access? How does it monitor and manage data storage and transfer?
  3. What auditing processes does the provider have for compliance? For mature projects, audits confirm rigorous processes and controls are in place. As you take a look at local MSSPs or your current one, ask to review how often and with which tools the provider conducts compliance audits. Do they complete the audit through the lens of various industry standards, such as the PCI DSS, ISO 27001 and SOC 2 Type II? Also, understand how the MSSP handles and resolves issues that have come up in past audits. Are they quickly solving problems and recording the changes they’ve made?

Use of MSSPs Becoming More Common

The work that needs to be done to answer the questions above can be daunting. A shortage of industry experts can make it more complex and risky to address these challenges. Entities of all sizes now face these same challenges. This is driving more MSSP outsourcing that can fully manage the data life cycle, simplify critical data controls and handle and resolve audits.

IBM Security Opens Kingdom of Saudi Arabia SOC

The Kingdom of Saudi Arabia’s (KSA) laws cover data privacy rights in accordance with the National Cybersecurity Authority-issued controls and standards. In general, the data within the country must be safeguarded and cannot be confiscated, delayed or breached. Over the course of 2020, IBM Security has made major investments into its SOC located in Riyadh. Our Middle East and Africa (MEA) customers also benefit from the global processes and procedures found across our six other SOCs.

Our team is aligned with fostering talent locally in KSA, including in-depth training, early hiring, and a commitment to hiring women (over half of our current KSA SOC analysts identify as female).

Check out the report excerpt from the IDC MarketScape for Worldwide Managed Security Services for more detailed coverage of our strengths and capabilities in serving clients around the world. Download a complimentary copy of the IDC MarketScape: Worldwide MSS Vendor Assessment.

 | 
Spencer Ingram
Vice president, global managed security services (MSS), IBM Security
Marc von Mandel
Product Marketing Manager, IAM & Product Professional Services

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature