Managed Security Services

All day, every day. In today’s world, that is what's needed — 24/7 vigilance to protect a real estate or construction business from constant and constantly evolving cyber threats.

As management teams focus on the myriad of priorities required to grow their companies, many do not have the capability of protecting them from cyber attacks on a continual basis.

Moreover, security risks continue to escalate as the industry rapidly assimilates intelligent, connected buildings and devices. Today, owners and operators need to be concerned about not only breaches in information security, but also potential sabotage such as disabling of building systems, which could compromise tenant safety.

For small and mid-size companies, managing countless risks can tax already stretched resources. At the same time, keeping security up to date is increasingly challenging while the repercussions of one blunder could be disastrous.

Cyber security has become so complex and specialized even large, sophisticated organizations can find it challenging to do this well with internal staff alone. Moreover, skilled security professionals are in high demand in virtually every industry, becoming an increasingly rare and costly internal resource.

This is why companies are turning to turnkey security solutions — outsourcing all or key components of their cyber protection to managed security service partners. With round-the-clock operations centres staffed by experts, these service providers act as an extension of a company's team, helping to prevent, detect and respond to threats and to mitigate risks before they cause major damage. They provide support that can address all or portions of a company's security processes, including compliance, management, administration, deployment and reporting.

Service contracts are customized to an organization's specific needs: from doing a cyber security health check, to vulnerability scanning, threat monitoring and alerting; managing firewalls; data protection; intrusion detection, prevention and response; intelligence reporting; regulatory compliance; to forensics. Sometimes, dedicated administrators or managers are included in agreements to facilitate client service and communication. Senior security experts may also be part of some agreements, providing executive-level strategy and guidance to improve an organization's overall security strength.

Because providing security services necessitates a high degree of proficiency and requires a high level of trust, thorough due diligence is fundamental when assessing a potential managed security services partner. Here are some key areas to explore.

• Do they understand your industry, your business and the security challenges you face?
• Do they deliver a holistic, risk-based approach to security?
• What is their reputation and track record?
• Do they have a state-of-the-art, 24-7 operations centre equipped with the latest technologies and well-trained security staff?
• Do security staff have relevant professional qualifications, certifications, skills and experience?
• What is the staffing structure; would your account have dedicated staff? Are senior staff hands-on?
• What is their quality control process? What standards and best practices do they follow?
• Do they have strong relationships with manufacturers and other suppliers so they can quickly resolve product issues?
• Are their policies and procedures for communicating, responding and reporting clear and comprehensive?
• What benefits will you receive from partnering with them? How does this compare with costs?
• Do your two organizations blend well; is there a good cultural match?

If you decide to establish an agreement with a managed services provider, the next step would be to enable this partner to gain a clear understanding of your business, the current state of your security and your goals and needs. The company will also conduct a comprehensive assessment of your overall security architecture including software, networks, control systems, policies, procedures and people.

Equipped with a clear picture of the current situation, your managed services security partner will recommend practical and affordable solutions to address gaps and weaknesses.

For real estate and construction companies that choose to outsource oversight for security management, monitoring and response to a trusted third party, there are numerous advantages.

You can reduce pressure on IT staff and enable them to do work that adds more business value, acquire more security expertise and resources, strengthen overall security capability, reduce overhead and capital budgets, and most important, free your time and attention to focus on driving your business forward.

Danny Timmins, CISSP, is the National Cyber Security Leader of MNP and a member of the firm's Enterprise Risk Services team. Contact Danny at 905.607.9777 ext. 230 or [email protected].

This is the fourth in a series of articles featuring MNP perspectives on cyber security for Canada's real estate and construction companies. Other articles review essential components of a strong security posture, including maturity and threat analyses, penetration testing, and cyber incident response planning.