Today’s organizations face constantly evolving threats that can put sensitive data, operations and reputations at risk. Demand for our managed cyber services has grown steadily, driven in part by the need to combat ever-increasing threats while navigating technological transformation, talent shortages and budget cuts.
Over the past year, organizations have improved their defenses against a variety of threats, but there are no quick fixes and businesses need the agility to adapt to whatever comes next. Judging by what we’re seeing in the market, organizations are taking that step in a few different ways. Some are moving from a collection of disparate tools to a “security platform” approach to drive efficiency and automation through interconnectivity, while others are leveraging sustainable, integrated solutions to address their evolving cybersecurity needs.
This is where managed services come in. By leveraging emerging technologies and a talent pool of skilled, improvement-focused consultants aligned with an organization’s specific needs, PwC’s cybersecurity managed services model offers a proactive, comprehensive approach to mitigating cyber risks, enabling organizations to shift their focus from managing these operational challenges to managing outcomes that drive the strategic direction of their business.
That’s because managed services shouldn’t simply be approached as a “one-off solution to clear up the mess” for an organization. Managed services should work with each client to determine the level of support they need and continually improve their services to meet changing business needs.
Our approach is two-fold: We deliver sustainable solutions that cost-effectively increase and continuously improve your organization’s risk mitigation capabilities. We help organizations address growing risks as business challenges, the adoption of new technologies, budget and talent constraints – all these factors continue to shape and evolve.
How Managed Services Can Accelerate and Sustain Cyber Maturity
As organizations increasingly move their business to the cloud, they must consider whether their security operations and broader cyber risk management processes are aligned with the new environment and pace of change. Approaches that worked to protect on-premise assets may not be effective in the cloud. That’s why managed service providers need to understand the skills, processes and technologies required to protect cloud-based assets and help organizations securely make the most of their cloud-first strategy.
Another well-known driver is expense pressures. As macroeconomic conditions change, CISOs are being asked to justify their budgets. Often, they are considering outsourcing strategies to either do more with the same resources or do more with fewer resources. Cybersecurity management services can help organizations develop better, more sustainable capabilities than they had in-house, saving both time and money.
It’s important to take a long-term view. When evaluating potential service providers, organizations need to understand exactly what they need and identify services that can address their immediate requirements. On the other side of the partnership, the service provider needs to develop a roadmap for how their services can evolve and be more efficient. At PwC, we take our managed services partnerships with clients a step further. We work to improve automation and delivery efficiencies by reducing fees year-over-year and sharing the efficiencies gained with our clients.
Organizations are also struggling to find talent. According to our latest Global Digital Trust Insights survey, executives cited their organization’s security talent shortage as a top challenge over the past year. Cybersecurity managed services can help fill that gap, and organizations are ready to invest. The survey ranked managed security services second only to network security as a top cyber investment priority for 2023.
Managed service providers also face talent needs, and PwC has embraced diversification in its delivery model, with centres of excellence across the globe giving it access to the widest talent pool, and flexible operating models to suit each client’s specific needs.
Building a sustainable managed services partnership
Organizations shouldn’t view support from managed services as something to simply check a box as if the provider comes in to solve a business problem, packs up their bags and leaves. It’s an ongoing partnership, and business leaders should treat it as such. Setting expectations from the start will help ensure that years down the line, the provider will continually evolve to meet changing business needs and mitigate the threat landscape impacting the organization.
A provider’s goal is to deliver continuous improvement that is predictable and scalable over time. The last thing a provider wants is to force a client into an unexpected cost spike at the start of a partnership. PwC avoids this problem by offering a predictable fee structure.
We also work closely with our clients in a partnership format to augment our teams, rather than as a fully outsourced organization. Take security monitoring as an example: many providers ingest logs into a remote, multi-tenant SIEM and act as an “alert reflector” service, placing heavy lifting back on already stretched resources. In contrast, our managed threat detection and response services operate our customers’ technology in their environment and proactively embed resources within our customers’ teams, creating a “one team” mentality that provides true detection and response capabilities.
Conclusion
In the cyber world, there are always new technologies and solutions that organizations can leverage. When trying to keep up with the evolving threat landscape, it can be tempting to chase these new technologies to solve new business problems without putting the right governance in place.
The key is to maintain operational discipline and bring people and processes into these new technologies. That’s where managed services come in, providing structure to your operations. With a range of technical capabilities and a commitment to continuous improvement, the best providers can deliver lasting results that meet each client’s needs.
This post was co-authored by Aiden Lynch, Cyber Managed Services Partner at PWC.