Managed Security Models and How They Work
There’s a popular misconception that small companies can’t grow up to become medium-sized companies until they finally staff their own in-house IT department. Likewise, there’s a parallel notion that medium-sized companies can’t grow up to become large companies until they finally staff their own security department separate from the IT department. Truth be told, these are pretty darned good benchmarks for evaluating a company’s relative maturity (technology-wise), but it isn’t a hard and fast rule. In reality, the “size” of a company has more to do with its gross revenues and total employee population than its organizational structure. Still, the fast-assessment rule is useful and shouldn’t be discounted.
The reason why consultants and salespeople tend to judge companies by their size is because it allows them make shrewd guesses about how the client’s management will react when they’re offered advice. If a company has a dedicated IT department with a clear mission statement and its own operating budget (no matter how large it is), then there’s a good chance that the client takes technology seriously, has formal protocols for deploying and supporting technology, and will be willing to listen thoughtfully to suggestions about how to improve their IT solutions. A company that doesn’t have a formal IT workgroup, on the other hand, is almost always going to be a challenge to work with. They might think that technology is a magic cure-all. Or they might be prone to believing the marketing balderdash on a slick sales brochure. No matter what, it’s much more difficult to advise a client who doesn’t take their IT support seriously.
Likewise, a company that understands enough about technology to split their IT security team apart from their IT operations team is far more likely to “get it” when it comes to understanding and deploying advanced security solutions. These businesses are very, very rare, since most companies “grew” their IT security team out of their network operations group. It’s the natural evolution. As a company grows, the head of IT decides to separate the switching, inside plant, voice, and IP management functions from his or her router and IDS/IPS management functions. Since both teams came out of the same group of network engineers, it’s almost always a minor management rearrangement and not a real mission change. So a small or medium company whose IT security team only handles firewall management is a security group in name only. They’re still beholden to the head of IT operations, and they still think like service providers – not like enterprise defenders. It’s very, very hard to evolve past this normal developmental stage, and every company that wants to survive must make this change eventually.
This is where the idea of “managed security services” can help a company make the logical leap into the next “size” or “class” of business. By partnering with a professional security services provider, the company gets all of the expertise of a much larger business immediately. They don’t have to go through the painful process of growing their own teams or forcing the culture to change to accommodate new ways of thinking about security. They can use a strong security provider as a catalyst to help them evolve quickly, thereby allowing them to add the capability back in-house later, once their culture is ready for it.
Check out Fulcrum Technology Solutions’ newest white paper on Managed Security Services for more thoughts on this topic.
The Fulcrum Difference
At Fulcrum Technology Solutions, we differentiate ourselves from other technology- and business-consulting firms with a unique guarantee: when you hire Fulcrum, we commit to finish the job. Whether working under a time-and-materials contract or a cost-plus arrangement, we will not leave until we’ve delivered exactly what we said we’d do. Our word defines us, and motivates us to give you the service that you deserve!