IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Managed service providers: effective scoping to avoid costly vendor pitfalls

By Contributor
Tue 17 May 2022

Article by Blue Connections practice manager - networks, security and communications, Paul Wilson.

Cybercrime is one of the most pervasive and destructive threats to business, costing billions of dollars each year. Organisations can never be entirely secure, but they also need to not live in a constant state of fear about safely using digital systems. By instilling a strong culture of cyber awareness, implementing a range of industry best practices, and engaging subject matter expertise on how to structure and protect systems, companies can establish an optimal security baseline.

Managed security services are outsourced services focusing on the security and resilience of business networks. Organisations engage partners to monitor and respond to security incidents, providing cybersecurity controls and expertise for complex business environments. The service complements internal security measures while adding redundancy and a safety net of industry experience that improves an organisation’s risk posture by sharing knowledge and responsibility.

Choosing the right managed security services partner (MSSP) and scoping the project effectively are two essential elements in achieving strong returns on the investment in this relationship.

Entry-level managed security services include around-the-clock firewall monitoring, antivirus and malware protection. Companies working in sectors with specific regulatory requirements may add penetration testing and disaster recovery drills to comply with stricter security benchmarks. Larger enterprises and government organisations may engage multiple MSSPs to layer in additional fencing, distribute loads, and provide bespoke resourcing based on unique needs.

There are four elements organisations need to understand to scope their needs accurately:

1. Cyber risk exposure. This will determine what tier of managed services is needed for safer operations.

2. Valuable data. It’s important to identify the sensitive data that could lead to financial and reputational damage in the case of a data breach.

3. Systems. Understanding which systems are vulnerable to common types of attack and where gaps in expertise or technology exist will let the business determine where the immediate needs are.

4. Assets. It’s important to audit assets, including physical, logical, and environmental components such as networks, computers, virtual appliances, data centres, and other ICT systems.

Thoroughly documenting and communicating the complete security requirements of an organisation before even calling an MSSP is key to both coverage and cost-effectiveness. Scope creep happens too often, usually when there is a lack of clear communication between organisations and MSSPs. To avoid this, organisations should develop an explicit scope statement at the outset.

Both parties need to be on the same page from the very beginning, with expectations cemented in service level agreements and a constant feedback mechanism that closes the loop on iterative project work. When entirely reactive, projects can easily become more expensive and time-consuming than originally anticipated, compromising productivity and trust.

The best way to avoid scope creep with any managed service provider is by front-loading effort in the planning process before any work begins. With cybersecurity, in particular, every minute spent planning before deploying to a production environment is worth an hour down the line. The evaluation process before engaging a managed security services provider should address this comprehensive outline of requirements.

With agreements in place, proposed security services can then be defined and structured with that holistic view of the landscape, preventing time and cost blowouts that inevitably result from rushing the all-important scoping process.

Related stories
Top stories
Story image
SaaS
Ping Identity appoints Deloitte Australia as a partner
Ping Identity has appointed Deloitte Australia as a Consulting Technology Partner, uniting its offerings with the company's consulting services.
Story image
Training
Barracuda customises training to fit ACSC Essential Eight
Barracuda has announced that its Security Awareness Training now provides a customised training curriculum in line with the Australian Cyber Security Centre’s (ACSC) Essential Eight.
Story image
Collaboration
Enterprise service management: the importance of a one-stop shop
In an online world, employees and end-users want one place to go for all their questions and requests. Intranet technology and self-service portals are useful tools that help serve this purpose.
Story image
Artificial Intelligence
Decision Inc. partners with provenio.ai to expand offering
Decision Inc. Australia has partnered with provenio.ai to expand its offering to clients in the retail, FMCG, manufacturing, supply chain and logistics sectors.
Story image
Infrastructure
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Story image
Artificial Intelligence
Siemens expands NVIDIA partnership for industrial metaverse
Siemens is expanding its partnership with NVIDIA to enable the industrial metaverse and increase the use of AI-driven digital twin technology.
Story image
Voice recognition
Renesas and Cyberon expand services with voice recognition
“We are honoured to collaborate with Renesas to simplify the development of embedded voice recognition functions."
Story image
Digital
Ivanti puts spotlight on power of employee digital experiences
The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe this impacts morale.
Story image
Infrastructure
Video: 10 Minute IT Jams - An update from Paessler
Sebastian Krüger joins us today to discuss how unified infrastructure monitoring enables MSPs to seamlessly deliver services to their clients.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Management
MYOB snaps up Sydney-based management software specialists
MYOB has announced the acquisition of Sydney-based business management software and support specialists, GT Business Solutions.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Cybersecurity
How organisations can mitigate IoT and IIoT security risks
IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured, putting organisations in danger of cyber threats. Here are tips on how to mitigate those risks.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Ransomware
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Sustainability
Honeywell named Frankston facility services provider
Honeywell has been named the joint facility services provider for Frankston Hospital’s AU$1.1 billion redevelopment.
Story image
Documentation
Adobe study finds lack of digital trust and utilisation in Australian Government agencies
New research commissioned by Adobe has revealed a significant lack of digital trust within Australian Government departments, along with the continued underutilisation of key digital processes.
Story image
Aspire
NEC expands Open RAN ecosystem with Aspire Tech acquisition
With its agreement to acquire Aspire Technology, NEC Corporation has further increased its capacity to deliver End-to-End Open RAN ecosystems.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Artificial Intelligence
Dynatrace extends automatic release validation capabilities
Dynatrace has extended its platform release validation capabilities to improve user experience at every stage of the software development lifecycle.
Story image
Ransomware
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Story image
IDTechEx
The next stage for 5G in thermal materials - IDTechEx
IDTechEx says higher frequency deployments, such as mmWave devices and very different station types such as small cells, present their own technological evolution and, with it, thermal challenges. 
Story image
Cybersecurity
Palo Alto Networks' cloud security platform receives IRAP assessment
"We provide help protect all forms of compute, cloud native services and access to data within public and private sectors."
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Solutions
Progress launches latest version of network visibility solution
In Flowmon 12 network solution, Progress has expanded its support for public cloud provider flow log monitoring and launched new features.
Story image
Artificial Intelligence
Vectra AI named as AWS security competency partner
Threat detection and response company Vectra AI has announced that it has become an Amazon Web Services Security Competency Partner.
Story image
Telstra
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Amazon
What brands can expect from Amazon Prime Day in Australia
Amazon Prime Day is the annual two-day shopping event, kicking off this year from July 12-13 and is the global online shopping platform's biggest sales event. 
Story image
Apple
Your tools, your choice: why allow employees to choose their own devices?
Jamf Australia says giving your team the freedom to work with their digital device of choice could help to attract and retain top talent in a tight labour market.
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
Compliance
SentinelOne integrates with Torq to empower security teams
"With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.”
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.