Once, securing a simple corporate-style Web site was little more than ensuring Web forms submitted customer-provided information over SSL links instead of standard HTTP links. However, the growth of the Internet has brought with it more complex networking environments and more business-critical functions, which organizations must secure. Network security departments of organizations are now responsible for securing company and customer data processing, confidential settlement of financial transactions, and other crucial tasks.
The vast majority of organizations are not in business to manage Web sites, process data, settle financial transactions, or otherwise complete tactical information technology (IT) functions. Thus, many large organizations are now outsourcing these functions to specialists in the IT industry known as managed service providers.
Current research indicates that the outsourcing trend is now shifting toward IT security. Data from industry analyst firm Gartner confirms that many organizations plan to leverage their positions on IT security by outsourcing repetitive security monitoring and management functions to Managed Security Service Providers (MSSPs). This will allow organizations to focus their resources on high-value-added internal business initiatives.
In addition, according to Frost & Sullivan, this is a large, growing portion of IT outsourcing budgets. Projections show that MSSP revenues will grow 20.7 percent to more than $1.2 billion by the end of 2007. Further predictions from Frost & Sullivan indicate that by 2013 this figure will reach nearly $4 billion.
Rise of the Managed Security Service Providers?
The challenge of meeting these projections is enormous. MSSPs must demonstrate their abilities to scale their infrastructure to meet the increasing security needs of their customers. For example, can MSSPs ensure outsourcing organizations’ compliance with regulations such as Basel II, HIPAA, and Sarbanes-Oxley and guarantee that organizations and their employees are protected from bombardment by inappropriate content as well as from accidental transmission of sensitive data within or outside their networks?
Also, MSSPs have taken over the issues of updating, upgrading, and maintaining IT infrastructure and business continuity from customer organizations. And MSSPs must provide security scalability and flexibility without incurring additional bandwidth overhead to organizations.
MSSP challenge number one
By far, the biggest challenge for MSSPs is to manage large numbers of remote security devices over diverse and disparate networks with their individual security-policy needs, potentially handling separate customer systems with many different LANs—but do it with a scalable, centralized infrastructure. At the same time, MSSPs must confidentially address the security and management requirements for every customer network, regardless of system topology or products. Consequently, one uniform policy across all the networks serviced by an MSSP is insufficient for the needs of so many different types of customers.
The key to effective customer infrastructure management lies in a truly central and flexible management system—not management approaches falling short of centralization and flexibility. This all-in-one management system must be able to administer access control and information flow control and monitor, manage, collect, and report on infrastructure events and activities of processes and services:
- Access control management
MSSPs need to manage access control to processes and services among distributed and unconnected business environments. Policies need to be managed on a global and on a per-organization basis - Information flow control
MSSPs must be able to effectively protect and control business transactions and communications within an organization while preserving the data integrity and privacy of each organization - Monitoring, managing, collecting, reporting
Since MSSPs do not control the entire infrastructure, they must quickly be able to identify and resolve problems. They have to be able to efficiently monitor, manage, collect, analyze, report on, archive, and retrieve infrastructure events and activities for managed organizations
Centralized, flexible management
The Provider-1 centralized security management product from Check Point can manage many remote security devices over Check Point and third-party networks for multiple MSSP customers and each of their individual security policies. Simultaneously, it confidentially meets their customer security-management requirements, regardless of topologies or products. It does this with the concept of a Multi-Domain Server (MDS), which houses Customer Management Add-Ons (CMAs), all Provider-1 system information, and substantial customer network and policy details on one or more servers.
Priovider-1 also provides a comprehensive solution for managing access control and information flow control as well as monitoring, managing, collecting, and reporting on infrastructure events. This is all completed with business-transaction data integrity and privacy regardless of the level of connectedness or spread-out nature of the business environment. Specifically, the Provider-1 Multi-Domain GUI (MDG) enables provisioning of administrators, policies, and other management of access control and information flow control. And since in Provider-1 each "customer" has its own virtualized database and management environment, privacy and integrity of individual customer data is ensured.
Optionally, Provider-1 can be integrated with Eventia Analyzer and Eventia Reporter security information and event management tools to provide an effective solution for collecting, reporting on, and analyzing infrastructure event data for a single management domain. Or they can combine analysis data from multiple domains, offering an MSSP-wide security overview.
Conclusion
Today, MSSP security management poses challenges that require a flexible, centralized, and secure solution for the enterprise information of individual MSSP customers. And it all needs to be consolidated within a scalable network-security management infrastructure, given MSSP requirements for a unified security architecture manageable from a common interface.
Provider-1 is the one-of-a-kind security management solution designed to meet the scalable and centralized security requirements of MSSPs. As a multilevel, multipolicy management architecture, it offers features designed for the needs of MSSPs to help them automate time-consuming, repetitive security management tasks like the administration of access control and information flow control as well as the need to monitor, manage, collect, and report on security information and event management data for the infrastructure of their customers. This enables them to reduce administrative costs of managing large security deployments on behalf of their customers, helping fulfill the promise of the rapidly expanding outsourced IT security market.