A growing number of higher education institutions are deciding to engage managed security service providers (MSSPs), an arrangement that places one of IT’s most important functions in the hands of outside experts — at least partially. Several trends have coalesced to drive this shift, and colleges are at the center of what has become a perfect storm. Many find that today’s higher ed landscape demands relentless vigilance from a security perspective, despite heavy constraints on the very resources that vigilance requires.
A Perfect Storm
First and foremost, the threat landscape is more serious than ever. Just this year, the education sector rose to the No. 2 most targeted spot in Symantec’s 2016 Internet Security Threat Report, up from No. 3 last year. Nowadays, the question is not if colleges will experience an information breach, but when — and how bad the damage will be.
Second, colleges possess vast sums of sensitive personal data from students, from Social Security numbers to financial aid records. Colleges generate, in academic research and through government and industry partnerships, valuable intellectual property. On the flip side, colleges historically have lagged behind the corporate sector when it comes to shoring up digital defenses, a weakness that hackers are all too happy to exploit.
To make matters worse, budgets are tight everywhere you look, from state-level funding to individual departments. That means colleges and universities are struggling to fight back with fewer resources, and that includes both technology and people.
Finally, higher education is often unable to retain its best and brightest IT experts, particularly CISOs and other security specialists. All too often, those who shine are snatched up into lucrative private-sector positions, leaving a dearth of talent in an industry that needs it most.
It’s easy to see why MSSPs have emerged as a smart solution.
Agility and Other Advantages
Although institutions can contract out many aspects of IT, security is one of the most logical functions to outsource. MSSP arrangements can take the form of remote management or cloud-based solutions paired with in-house management. In either case, MSSPs can alleviate a significant burden on in-house teams, freeing up time and energy to focus on other aspects of their work.
MSSPs also deliver advantages that in-house departments find hard to match, simply by virtue of scale and logistics. By servicing multiple customers, MSSPs have better scalability, which means they can easily adapt to shifts in demand. They can also pass on cost savings when it comes to investing in best-of-breed hardware and software.
In addition, the best MSSPs are nimble when it comes to keeping pace with the ever-evolving demands for IT expertise. Part of what you’re paying for, of course, is providers’ depth and breadth of knowledge — and their commitment to continually maintain that expert status. IT staff face a never-ending evolution of malware, zero-day attacks and other threats. Even the best teams may find it difficult to consistently counteract, detect and respond to vulnerabilities alongside their many other duties.
Finally, MSSPs can provide a layer of reassurance that institutions are complying with all data privacy regulations.
A True Partnership
Evaluating which functions an MSSP can and should provide for your institution is an important first step in determining whether this solution fits your needs. Services can range from detailed security assessments to full-scale security programs, alongside focused initiatives that address mobile security, incident response and compliance.
As with any vendor relationship, choosing an MSSP amounts to choosing a partner. Choose wisely, and you may just decide that engaging an MSSP is one of the best decisions your IT department can make.
This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.