Should the Government Turn to MSSPs to Prevent Cyberattacks?

By: Katie Daggett| - Leave a comment


Defending the U.S. from cyberattacks is expected to be a hot issue in the upcoming presidential election. In the waning days of his second term, President Barack Obama is working with renewed focus to strengthen federal government networks following a string of data breaches in recent years.

Cyberattacks have long been on the president’s radar, but the issue charged to the forefront in 2015 when it was revealed that the sensitive information of at least 22.1 million federal employees, contractors and job applicants was stolen from the databases of the Office of Personnel Management (OPM), as reported by The Washington Post.

Protecting the Country From Cyberattacks

Now more than ever, local, state and federal governments are on the hunt for new and improved strategies to protect citizens from cyberattacks.

Consider this statement by FBI Director James B. Comey: “There is no doubt that everything has changed because we’ve connected our entire lives to the Internet,” he said in a speech at the 2015 International Conference on Cyber Security. “All of the parts of life that the FBI is responsible for trying to protect — whether it’s criminal, counterintelligence, counterterrorism, protecting children, fighting fraud — it all happens there because that’s where life is.”

Comey went on to outline the FBI’s strategy for addressing today’s cyberthreats. “We’re going to try to focus ourselves, we’re going to try to shrink the world, we’re going to try to impose real costs on bad actors, we’re going to try to improve our relationships with state [and] local law enforcement and most importantly of all, we’re going to try to improve our relationship, our battle rhythm, our working relationship with private-sector partners,” he said.

Given the seriousness of this issue, government agencies have no time to waste when it comes to beefing up their cyber defenses. But what is the best approach?

The Pros and Cons of In-House Security

The confidentiality of data is extremely important to government agencies, so it is easy to understand why many would prefer to keep the vital task of cybersecurity in-house.

Unfortunately, when all aspects of information security are handled by an internal team, the costs are higher and the risks are greater. A successful security program requires extensive knowledge and vigilant monitoring of the current threat landscape, and many organizations — government or otherwise — don’t have the resources to do this successfully.

When agencies strapped by limited budgets attempt to manage information security internally, they are often stopped cold by the prohibitive cost of:

  • Hiring and training: Any organization that tries to manage its own information security often lacks the in-house resources required to adequately protect online systems around the clock. Hiring and training in-demand security professionals can be a difficult, time-consuming and expensive process.
  • Software and licensing: The initial licensing costs of most enterprise-class security software technologies go well into six figures, and annual license fees are typically between 10 and 25 percent.
  • Implementation: Deploying security software in enterprise environments is a complex and expensive process that often requires a costly consulting engagement that can last anywhere from six to 18 months.
  • Management: Due to their complexity, resources will need to be spent on full-time security managers and database administrators in order to keep technology up and running. In addition, implementing and managing security solutions can divert IT resources from other critical initiatives, including preventing the next attack.

Outsourcing as a Potential Solution

By outsourcing security operations to a managed security services provider (MSSP), government agencies would be able to take advantage of the expert skills, tools and processes they need to enhance security without making a large investment in technology and resources.

Even after turning over monitoring and management, government agencies would still be in control. Many MSSPs offer a portal through which their partners are able to view their entire security infrastructure and remain actively involved with their information security programs.

Ultimately, the addition of managed security services would provide government agencies with high-value services that require minimal security device investment or maintenance. By outsourcing their security services, agencies would potentially be able to reduce the total cost of ownership versus performing security operations in-house.

Topics: , ,


About The Author

Katie Daggett

Freelance Writer

Katie Daggett is owner and chief content strategist of KD Copy & Content. She is an agency-caliber copywriter with more than 15 years' experience in marketing communications and specializes in creating exceptional B2B and B2C marketing content. Katie has worked with clients big and small in a variety of industries, writing everything from direct mail pieces to television ad campaigns. She's learned what it takes to write an effective headline or email subject line, how to engage readers emotionally so that they keep reading and encourage them to take the next step with a strong call to action. Today, Katie specializes in writing SEO website copy and online marketing content directly for client companies. She is passionate about helping B2B and B2C marketers create content that generates more leads and convert those leads into sales.

Articles by Katie Daggett
See All Posts