In this digitally evolving business environment, every business has become a data business. While this may not have been so in the past, the rapid pace of digital transformation has made data a core component of every organisation.

By Wayne Olsen, Managing Executive: Cyber Security, BCX

Most businesses are not cybersecurity specialists, which is why they are better served working with domain experts. Getting the most out of these relationships requires both parties to have a clear understanding of their roles and responsibilities.

Gartner reports that 82% of businesses plan to let employees continue to work from home post the pandemic. This virtual environment brings with it increased security risks that in most instances are insufficiently managed. Businesses need to ensure they are leaving no room for error, miscommunication or misunderstanding.

Below, I outline how businesses can look to coordinate their cybersecurity efforts with their managed service providers to keep their data and businesses safe.

It is a joint responsibility – Businesses place huge emphasis on their managed service providers for security, whether it is data security or perimeter security. The responsibility, however, does not just lie with the provider. It also lies with the organisation. Businesses need to take ownership of their role in keeping their environment secure by working in tight concert with a managed service provider that complements their efforts.

Common understanding of digitilisation requirements – Many organisations are moving workloads and infrastructure to the cloud, something that has been accelerated with the increased need for people working remotely. This, however, may not work for all their systems. For example, legacy apps and services are required to be managed and secured on-premises. Understanding the business requirements will provide the business and their managed security provider with insights on how best to manage the changes. Internal IT departments need to work hand in hand with their managed service providers to keep legacy systems secure and accessible, including moving relevant workloads to the cloud with as little risk as possible.

Prioritise security – Many businesses have migrated their workloads to the cloud with little consideration given to workload security, which is traditionally seen as the sole responsibility of an IT department. In a digital hybrid working era, security must be woven into every facet of business operations. Considered appropriately, cybersecurity can protect businesses against the perils of cyberattacks, ensure data integrity and protect against fraud, allowing them to remain relevant and trusted in the market.

Choose a partner carefully – In choosing a managed service provider, businesses need to conduct thorough due diligence to ensure the chosen partner has a proven reputable track record – one that has specialised in-house teams and that understands the complexities and nuances of securing on-premise and cloud workloads. Security is not a one-size-fits-all discipline, which means the provider needs to understand the impact of downtime to the business, especially to the bottom line. It is critically important that business and security requirements are aligned from the start of the relationship.

Present a united front – Security can be a key competitive differentiator for organisations that employ an integrated and collaborative approach to managing the security team. Including security providers, business and IT into a single team with the same KPI creates better alignment and understanding. Through integration and collaboration, managed service providers will have a deeper understanding of the business requirements and will be able to keep their customers agile, relevant and protected in the marketplace. A constant flow of information will ensure a successful partnership that becomes an extension of the business.

Tackle the people problem – Cybersecurity is a people problem rather than purely a technology issue. You cannot manage cybersecurity effectively without taking employees on the journey. Through advocacy programmes, regular and consistent communications businesses will reduce cybersecurity risks. Ensure employees are aware of the implications of their actions regarding ransomware attacks, cyber phishing and in protecting passwords and personal information. Organisations that have done this effectively have shown dramatic improvement in their security posture.

Cybersecurity isn’t a task to complete. It’s an ongoing effort that requires coordinated action from businesses and their managed service providers. Those businesses that can get these actions and relationships right will see the benefits, in the short and long term.