This paper identifies and analyzes the most common reasons provided by IT directors and chief information security officers for moving IT security functions to a hybrid or fully managed security services provider (MSSP) model. While rationales ranged from tactical to strategic, MSSPs offered unique methods of overcoming several common challenges. Depending on an organization’s ability to hire, train and retain in-house security experts, and efficiently use their costly skill sets, the case for an MSSP goes from being a convenience to the only viable way to effectively expand the breadth and depth of an organization’s security coverage to acceptable levels.
Broadly speaking, the three most significant reasons to move to an MSSP are to augment skills, stretch security budgets, and improve security outcomes. The degree of each benefit depends on several variables, including organization size, industry, location, relative information security budget, brand profile, specific security gaps to cover, and one’s general IT philosophy. In this white paper, we will review each MSSP rationale in-depth, offering insight into which factors make the case to move to the MSSP model more or less compelling.