Michael Piekarski | October 14, 2020
Who wouldn’t love a cyber security silver bullet? Something guaranteed to stop attackers in their tracks. Unfortunately, the reality on the ground is far more complex. What works for one organization may not work for another. This is true not only of the solutions needed to build out a cyber security posture, but of the people tasked with making sure those tools live up to the hype.
For some organizations, the best approach to the all-important people side of security is building a robust in-house team of cyber security experts. For others, it makes more sense to lean on outside expertise in the form of a managed services provider. Others may even decide the right solution is a combination of the two.
Finding the correct fit for your organization requires taking stock of your needs and goals and then weighing them against the strengths and weaknesses of these two diverse approaches.
In-house or managed? Pros and cons
While that first step calls for a level of introspection that falls outside of the scope of this blog post, we can at least help you with what comes after. Here are six factors to consider as you evaluate the pros and cons of managed cyber security versus handing it in-house.
- Budget. Cyber security talent doesn’t come cheap. One recent estimate pegged the average annual salary of an experienced security analyst at about $100K. Last summer, separate research assessed that the average salary for a general cyber security job was 16% higher than that of a traditional IT role. At those rates, maintaining a full team of skilled cyber security professionals in-house can tax a budget quickly. Those who elect to go with a managed cyber security partner will be charged a flat rate for access to an entire team of knowledgeable resources. While this cost will vary depending upon the partner and the type of contract, it will almost certainly represent substantial savings compared to an in-house team.
- Time. Hiring talented cyber security professionals isn’t just expensive, but it takes time. How long can vary, however, one estimation suggests it can take up to eight months to fill a vacancy on a cyber security team. In a different study, more than a quarter of those surveyed (27%) have found themselves unable to fill cyber security roles at all. Even going with the less bleak finding; that is still a long time to go without being at full strength in today’s high stakes security climate. These concerns are off the table for those working with a managed cyber security partner. Not only is the partner responsible for the hiring process, but a partner’s ability to carry a larger team will prevent any noticeable service disruptions in the event of turnover.
- Training. Once a new hire is brought on board, he or she won’t be able to hit the ground running. Expert level resource or not, it’s going to take time to learn the inner workings of an organization and its unique environment. This could take up to four months according to one industry insider. Once again, this is an area where a managed cyber security partner can take work off an organization’s plate. A partner can train a new resource on the fly while relying on other experienced members of its team to shoulder the majority of the workload.
- Availability. Not to keep harping on team size, however, it is a chief distinguishing characteristic between these two approaches to cyber security. As a result of its larger team size, a managed cyber security partner is able to offer a level of availability that would be hard for in-house teams to match. Vacations, sick days – all of these things can leave an in-house team scrambling to continue meeting its obligations. Managed cyber security providers, again, have enough resources on-staff necessary so as to avoid allowing these types of concerns to become an issue for their customers.
- Organizational Knowledge. Here’s one area where in-house teams shine, although the gap may not be as great as one might think. No one knows a system quite like those who work inside it every single day. That’s to say nothing of the vast amount of organizational knowledge that comes from working with only one team, as part of one organization, day in and day out. It is possible a good managed cyber security partner can give in-house teams a run for their money. A partner should spend ample time early on integrating itself with an organization with the goal of accumulating some of that specialized internal knowledge. A partner’s team should interface with all areas of an organization, developing contacts and comfortability throughout. After all, cyber security is a company-wide concern and the relationships developed by a managed cyber security partner should reflect that.
- Holistic Knowledge. This point ties in the solution side of cyber security. The tools companies have come to rely on don’t exist in bubbles. Instead, they often find themselves layered between varieties of other technologies, from a plethora of other providers. Tending to a technological web that grows more complex with each passing quarter requires a broad set of skills, beyond those associated with particular security solutions. Many managed cyber security partners also cover a wide range of disciplines outside of security, e.g., cloud, data center, networking, etc. Having that broad base of knowledge allows the partner to more holistically address an organization’s technology environment. If a security solution isn’t playing nicely with, say a piece of the network, a managed security partner may lean on its deep bench of experts to figure out why. It would be difficult for any organization to afford that depth and breadth of knowledge without detracting from its ability to perform core business functions.
Next Steps: Putting the right approach to work securing your organization
Organizational priorities and industry regulations are two factors that can certainly shift the balance during conversations about managed cyber security versus building out in-house teams. If you’ve assessed your existing capabilities, your goals, and everything else that makes your organization stand apart, and would like to learn more about managed cyber security services, Arraya Solutions can help. Our team can provide insights into our unique approach to managed security and how it could fit into your strategy.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.