Keep up to date with the trending topics
from our industry experts

Is it risky outsourcing your IT and cyber security operation to the same provider?

Written by Lanware

Monday, 27 November, 2023

Webinar: This is your Microsoft Copilot speaking, we’re ready for financial services take off

On demand

Learn how this powerful AI tool can help you create, analyse and communicate better with your data.

Microsoft Copilot Webinar

Are you concerned they might be “marking their own homework?”

Financial firms are increasingly looking to third parties to provide security operations centre (SOC) services. A SOC is a team of experts that monitor, detect, and respond to cyber threats and incidents in a firm’s network.

The vast majority of smaller financial firms outsource their IT to a managed service provider (MSP). With the massive growth in demand for cyber security, MSPs are increasingly providing SOC services as part of their core offering, this means that clients don’t need to engage with a third-party SOC provider.

The BIG question

There is however one big concern which often gets raised, and that’s the need for independence. Should you have the same people managing your IT as your cyber security operation? Are you concerned they might be “marking their own homework?”

So what is the answer?

The case for using your MSP security operation centre

  1. Trust and relationship: If you already have a good working relationship and trust with your MSP, you may prefer to use their SOC service as well. This will avoid the hassle of finding and vetting another provider.
  2. Cost and value: Using your MSP’s SOC service may be more cost-effective than hiring an independent SOC provider, as you may be able to negotiate a better deal or get a bundled package.
  3. Control and flexibility: Using your MSP’s SOC service may give you more control and flexibility over your security operations, as you may be able to customise your security policies and procedures and align them with your business goals and needs.
  4. Speed: With an MSP, the SOC will typically sit alongside the wider IT team. This means they will be much better placed than a third party to understand security in the context of your business. A core component of a SOC is detecting potential cyber threats, which would be hard to spot if you don’t know how the business operates, i.e. what is normal and what is a threat? If you know both the business and technology landscape of a business, you can be constantly “tuning” the system increasingly to filter out the noise, thus speeding up the time to detect real threats.
  5. Response: Many third-party SOC providers do not fully “respond” to cyber threats, and they do not manage the security controls and technology infrastructure. That sits with the MSP. This means you can end up in a situation where there’s a serious delay, or worse, items get missed I.e. between when the SOC provider says, “We think you’ve been hacked”, and the remediate action of the MSP response. Third-party SOC providers often get accused of just “tossing alerts over the fence” and not actually remediating the threats.

The case for using a third-party Security Operation Centre

  1. Complexity: Large businesses, often do more in-house, rely less on MSPs, and have complex technology landscapes which involve disparate systems, locations, legacy, on-premise and the cloud. They often are made up of businesses which have been acquired, and “smashed together”, and all this increases the cyber risk, leading to multiple entry points. Often using a specialist, independent, third-party Security Operation Centre helps reduce these risks as they are more experienced in working across multiple environments. This includes a wider range of different technology, for example, the client might be developing their core platform in Google Cloud, but using Microsoft 365 for their Office applications, and have an on-premise banking system in their data centres.
  2. Skills, capacity and time zone: A specialist, independent, third-party SOC will have access to the latest skills, greater capacity, economies of scale and often a full 24/7 service which will provide coverage in every global time zone. Again, this is important for larger firms, who need this to cater for their complexity and global reach.
  3. Independence: By default, a specialist, third-party SOC is independent. In cyber this is seen to be important, particularly in regulated sectors, who like with their compliance, can’t be “marking their own homework.”. This however can be argued is important for pen testing, or security posture assessments, but not for the core running of cyber security. The need for independence is often talked about for security as a whole, but clients need to think that for some aspects of security, it could be a disadvantage.
  4. Brand: “The board wanted IBM” is a phrase we often here, used to highlight how often the brand of specialist third-party SOC, particularly the bigger players, carries more weight in the board room, and with investors. The reality however is the board needs a firm with strong reputation in their space and all the necessary third-party certification.

In summary, the choice between using your MSP’s SOC service or an independent SOC provider depends on your specific situation and requirements, but the biggest argument in terms of the “need for independence” is not a strong argument for this type of service, especially if you’re a small financial firm with an MSP who has a solid SOC offering!

Talk to Lanware to find out what cyber security operation is most suited to your business

Our services

Our 4 pillars for a complete choice of managed IT services - all tailored to the needs of financial services firms in London and the UK.

Finance Forward 365 - Microsoft 365 cloud services supported by experts

Finance Forward 365

Microsoft modern workplace & cloud technology for digital transformation.

Compliant Teams -  Microsoft Teams phone system with call recording and archiving

Compliant Teams

Increased productivity & collaboration with call recording whilst reducing costs.
Cyber security solutions for financial services

Cyber Security

Keep your data secured against rapidly changing threats within Financial Services.

Responsive IT managed services for financial services

Power BI

Business Intelligence transformation and support tailored for Financial Services.

Follow us:

Pin It on Pinterest

Share This