Managed Security Monitoring: Public Sector
This is the first article in a three-part series offering guidance for organisations seeking managed monitoring services, including protective monitoring (PM) and Security Operations Centre (SOC) services.
While this advice primarily targets public sector organisations, it is applicable across various sectors. If you’re a public sector organisation, consider using G-Cloud to procure these services. For more information, refer to the G-Cloud Buyer’s Guide.
Why Use G-Cloud for Protective Monitoring Services?
Using G-Cloud for protective monitoring offers several advantages:
- Competitive Pricing: The open marketplace drives down costs.
- Simplified Commercials: Suppliers have already agreed to terms and conditions.
- Short-Term Contracts: Two-year terms ensure suppliers remain competitive. You can opt for shorter terms and switch suppliers quickly if needed.
- Trial Options: Some services may offer trial periods to ensure they meet your needs.
- Easy Supplier Comparison: G-Cloud allows you to compare prices, features, and benefits effortlessly.
Although G-Cloud is buyer-friendly in many ways, this article focuses specifically on protective monitoring.
Common Concerns with G-Cloud for Protective Monitoring
Concerns about using G-Cloud for protective monitoring often revolve around contract terms and implementation:
- Short-Term Contracts: Organisations worry that with short contracts, they’ll just be getting started when it’s time to renew. PM services often require time to deploy and fine-tune, especially for larger organisations.
- Supplier Lock-In: There is concern that suppliers may implement their own software, making it difficult for customers to switch suppliers.
- Existing Investments: Customers may have existing security technology they wish to retain, rather than replacing it with the supplier’s tools.
- Integration with Existing SOCs: Customers with existing Security Operations Centres or security staff may wonder how a G-Cloud PM service will integrate with their current setup.
- Scope and Service Gaps: Larger organisations with broader PM needs may find G-Cloud PM services lacking in SOC or CERT capabilities, raising questions about how to effectively combine multiple services.
To address these concerns, ensure you understand precisely what the PM service includes. Use a comparison matrix to evaluate suppliers on both technical and operational aspects.
Selecting the Best Monitoring Services Supplier
Take full advantage of G-Cloud’s offerings. Two key areas in G-Cloud service terms—onboarding and offboarding—are often misunderstood in the context of PM services. These are fixed costs that the supplier must adhere to when deploying and removing their service, as well as when migrating data to a new supplier.
- Fixed Onboarding Costs: Ensure the PM service has clear, fixed onboarding costs that cover all required time, effort, and equipment. Don’t accept vague claims about the difficulty of predicting costs.
- Fixed Offboarding Costs: Similarly, offboarding costs should be fixed, covering all necessary time and effort to remove the service and migrate data. If a supplier claims this is too difficult, reconsider your options.
By fixing these costs, you can accurately evaluate the total cost of a service, the cost of switching to a new supplier, and the cost of implementation. If unsure, opt for a short initial term or trial period, as G-Cloud allows for easy supplier changes.
Supplier Approach and Technology Agnosticism
When selecting a supplier, look for flexibility and a collaborative approach. The supplier should accommodate your existing services, even within the constraints of a G-Cloud contract. Focus on suppliers that are as technology and product-agnostic as possible. While G-Cloud may not cover SOC staff for existing technology, look for a SaaS PM service that integrates lightly with your current setup and supports a collaborative delivery model.
Service offerings that provide this type of integration are often described as SOC services, which typically offer more comprehensive capabilities than standard PM services.
Key Questions for Potential Monitoring Suppliers
Once you’ve narrowed down your list to suppliers offering true SOC services, ask the following questions:
- How will you integrate with our existing technology?
- How will you support our current processes?
- How will you collaborate with our existing team?
- Can you provide a full two-year cost breakdown for the following scenario… (request the same from all shortlisted suppliers)?
- Can you provide fixed onboarding, offboarding, and data migration costs?
Choose a PM supplier that offers short contract terms, such as 3 or 6 months, even if you’re considering a two-year agreement. This flexibility indicates that the supplier has designed their service to minimise onboarding and offboarding efforts.
Conclusion
When selecting a monitoring service:
- Prioritise suppliers offering services rather than specific products. The service aspects are what truly matter.
- Focus on the outcomes that need to be achieved rather than solely on technical details.
- Ensure the service includes relevant SLAs, covering all critical areas.
- Compare the scope of services, including whether the supplier offers more than just log monitoring and alerting.
- Look for suppliers with up-to-date Cyber Essentials Plus (CES+) and ISO27001:2013 certifications, ensuring these cover the services they provide.
In the next part of this series, we’ll explore why these services can become expensive and provide advice on avoiding common pitfalls.