Light Dark
December 9, 2020 By Spencer Ingram
Marc von Mandel
3 min read
Data Protection
Security Services

Hybrid and multicloud solutions have created and will continue to offer great benefits for businesses. However, this means security experts will need to pay even more attention to the cloud as we move into the next several decades. Data visibility and management are key elements to watch when working with a managed security service provider (MSSP).

Future Security Operational and Compliance Priorities

A recent IDC Survey, Security Operational Priorities in 2020, found that for IT and security experts, access management and compliance are the two most important topics in 2020 and beyond.

As more and more employers move to the cloud and more people work from home, they also deploy new cloud services. This can introduce gaps in data security, data privacy and data residency. At the same time, these entities face new data protection rules. National laws focus on data origin, transfers and storage more and more.

Some groups are expressing concerns over data residency, which in turn is fueling strong demand for managed security service providers (MSSP) that are able to deliver their global processes and services in a regional model. What should companies review for data visibility and management working with an MSSP? Here, find some insights into how an enterprise might approach this choice.

Data Visibility and Management Can Vary by Country

Data privacy laws can vary from country to country. They can even have different meanings within each nation-state for how personal data is stored, shared and managed. The penalty for poorly handling data within different nations varies widely. But in any case, the impacts can be severe — from intense audits to high fines.

Data residency is a newer term, emerging over the last couple of years. It focuses most on the origin or national residence of the data. It comes from the rise of national rules about how companies collect, process and transfer the data of a country’s citizens.

An MSSP can handle complex data defense, privacy and residency concerns related to compliance. Businesses on their own may have strong data security controls but lack the controls to meet local compliance and privacy rules. Keeping an eye on and managing this aspect of data can take a long time and be too expensive. Therefore, many groups use a third-party MSSP to complete regular audits of their data.

Selecting an MSSP? Know Before You Go

Groups that outsource their data security and privacy needs should review the following with their MSSP. Focus on key data residency, security and privacy challenges.

  1. Where are the delivery centers located? Many current MSSPs can provide 24/7 support, but they lack the robust and proven processes, combined with formal security operations centers (SOCs), to support business needs around protection and residency. Ask your current or future provider where their centers are located.
  2. How is data protected within the regional SOC landscape? Next, review and understand what proven and tested controls the delivery center has to handle the stringent data privacy needs. Ask questions about how the provider inventories data assets. How does the SOC restrict access to sensitive data? Does it deploy zero trust strategies to limit access? How does it monitor and manage data storage and transfer?
  3. What auditing processes does the provider have for compliance? For mature projects, audits confirm rigorous processes and controls are in place. As you take a look at local MSSPs or your current one, ask to review how often and with which tools the provider conducts compliance audits. Do they complete the audit through the lens of various industry standards, such as the PCI DSS, ISO 27001 and SOC 2 Type II? Also, understand how the MSSP handles and resolves issues that have come up in past audits. Are they quickly solving problems and recording the changes they’ve made?

Use of MSSPs Becoming More Common

The work that needs to be done to answer the questions above can be daunting. A shortage of industry experts can make it more complex and risky to address these challenges. Entities of all sizes now face these same challenges. This is driving more MSSP outsourcing that can fully manage the data life cycle, simplify critical data controls and handle and resolve audits.

IBM Security Opens Kingdom of Saudi Arabia SOC

The Kingdom of Saudi Arabia’s (KSA) laws cover data privacy rights in accordance with the National Cybersecurity Authority-issued controls and standards. In general, the data within the country must be safeguarded and cannot be confiscated, delayed or breached. Over the course of 2020, IBM Security has made major investments into its SOC located in Riyadh. Our Middle East and Africa (MEA) customers also benefit from the global processes and procedures found across our six other SOCs.

Our team is aligned with fostering talent locally in KSA, including in-depth training, early hiring, and a commitment to hiring women (over half of our current KSA SOC analysts identify as female).

Check out the report excerpt from the IDC MarketScape for Worldwide Managed Security Services for more detailed coverage of our strengths and capabilities in serving clients around the world. Download a complimentary copy of the IDC MarketScape: Worldwide MSS Vendor Assessment.

 | 
Spencer Ingram
Vice president, global managed security services (MSS), IBM Security
Marc von Mandel
Product Marketing Manager, IAM & Product Professional Services

More from Data Protection
January 27, 2025

How secure are green data centers? Consider these 5 trends

4 min read - As organizations increasingly measure environmental impact towards their sustainability goals, many are focusing on their data centers.KPMG found that the majority of the top 100 companies measure and report on their sustainability efforts. Because data centers consume a large amount of energy, Gartner predicts that by 2027, three in four organizations will have implemented a data center sustainability program, which often includes implementing a green data center.“Responsibilities for sustainability are increasingly being passed down from CIOs to infrastructure and operations…

January 21, 2025

Why maintaining data cleanliness is essential to cybersecurity

3 min read - Data, in all its shapes and forms, is one of the most critical assets a business possesses. Not only does it provide organizations with critical information regarding their systems and processes, but it also fuels growth and enables better decision-making on all levels.However, like any other piece of company equipment, data can degrade over time and become less valuable if organizations aren’t careful. What’s even more dangerous is that neglecting data hygiene can expose organizations to a number of security…

January 3, 2025

Router reality check: 86% of default passwords have never been changed

4 min read - Misconfigurations remain a popular compromise point — and routers are leading the way.According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfect position to compromise enterprise networks. Why put the time and effort into creating phishing emails and stealing staff data when supposedly secure devices can be accessed using "admin" and "password" as credentials?It's time for a router reality check.Rising router risksRouters…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature