Today’s cybersecurity executives have a lot of choices in how they wish to purchase and consume products and services.
The traditional approach of a large up-front capex investment in perpetual licenses works for some organizations, but many are looking towards managed services to reduce their up-front costs and move the overhead of managing the solution to a provider that can efficiently deliver results.
Very few security teams can boast of being fully staffed, but even so, given the propensity of security risks to multiply, those lucky few teams will soon find themselves underwater, as well.
Justifying a move to a managed service requires a realistic review of your infrastructure costs, operational support costs, staffing costs and intangible costs. You should look at those costs over at least three years. You may not own the budget for some of this, so it will require a little bit of investigation, but it is a very valuable exercise.
Here are some examples of the costs that you will want to consider:
It’s easy to forget about infrastructure costs especially if it is handled for your IT team. You’ll need to do a bit of digging here to come up with your costs, but this is an important part of the justification. Make sure that you consider growth in your calculations since environments tend to grow over time and resource requirements may change.
Now that you have calculated the cost of infrastructure, we’ll turn to the cost of managing the underlying platforms to ensure that they stay in compliance with your internal IT practices.
A realistic view of how much time you will need to spend to manage the solution is key. All security solutions require some level of care and feeding as well as an investment in sustaining application knowledge.
When you consider a managed service, that team becomes your application experts, and you can focus your efforts on responding to the information provided versus extracting the key bits for yourself. Expertise in any domain requires experience to develop; managed services teams leverage a breadth of expertise that is very difficult for most companies to acquire.
It’s important to realize that any managed service will require some time from internal resources. Typically, it is dramatically reduced (10-20% of a perpetual deployment), but any managed service that says they can deliver value without talking to you should be questioned.
It is also important to consider how many resources you would need to apply if you were to achieve maximum value from the product. A managed service can improve your ability to use more advanced features of the solution without requiring the burden of more overhead.
Finally, there is the intangible. This may not apply to everyone, but these could be very real scenarios.
Tripwire ExpertOps provides managed File Integrity and Secure Configuration from the cloud with the assurance of a team of experts delivering managed services to customers for nearly a decade.