The task of staying on top of all of the alerts and alarms that security monitoring tools send out constantly is becoming an unsustainable burden to some IT departments. In balancing setting up and manning these alerts – sometimes millions of them -- while at the same time providing other mission-critical services to grow the business, something has to give. The problem has even been blamed in the massive 2014 Target breach, in which relevant alarms were not noticed in a timely manner.
Security monitoring tools are all but useless without human IT resources to follow up on them, and quickly. It’s become a specialized service area for some enterprises, who want to outsource the monitoring to experts who do nothing but, and know the ins and outs of setting thresholds and balancing monitoring of multiple systems.
Managed service provider Logicalis US has compiled five questions for CIOs considering bringing on a monitoring service provider to support IT’s security responsibilities.
It’s about balance and value, says Michael Strysik, services principal, Logicalis US:
"The question CIOs have to answer with regard to IT monitoring is whether or not they are getting the best value out of the tools they are using. When alerts are flooding in, are they able to efficiently filter the 'noise' to be able to focus on the top issues that are the root cause of the problem impacting the environment? A managed service provider experienced in monitoring IT environments for customers will be able to bring a lot of intellectual property to the table. They are accustomed to monitoring and managing a 24x7 environment for thousands of devices across an array of heterogeneous environments. At the end of the day, for many customers, it makes sense to take advantage of a managed services model rather than trying to recreate that expertise in house."
The five questions CIOs can use to weigh keeping monitoring in-house vs. outsourcing to a specialist:
Is your monitoring tool configured properly? Most organizations have off-the-shelf monitoring tools that gather information from all of the devices on their network. The information coming from these tools can be overwhelming, and while it may be helpful to have access to all of that data, weeding through it in crunch-time can be cumbersome. To limit alerts to those that are most important takes training, knowledge and expertise, which leads many organizations that want to manage IT monitoring in house to employ full-time experts just to configure and manage their monitoring tools.
Do you update regularly? Since rules are continually being added to monitoring tools, monitoring isn't an "implement and forget it" situation, which means IT departments spend a considerable amount of time making sure the tools they depend on for alerts are as current and up-to-date as possible.
Can your tool provide event correlation? A single network error can have a ripple effect impacting applications that would otherwise be completely unrelated. As a result, it's critical that an IT monitoring tool provide event correlation to speed diagnosis and remediation in all affected areas.
Does your monitoring tool offer historical trending data? When managing an enterprise environment, IT pros need to analyze historical trend data to identify recurring issues as well as to do capacity planning which, in many cases, can help prevent issues before they arise. Some of today's popular monitoring tools, however, either operate in real time or store historical data for 30 days or less. Knowing what your tool offers is important information since being able to intelligently analyze and manage an organization's IT environment can depend on having access to this historical data long term.
Do you have the right expertise in house? In an enterprise IT environment, it's important to consider internal staffing needs and the expertise required to manage the monitoring tools and process in house. Keeping an enterprise environment up and running is no longer IT's value-add; it's an expectation. Today, most organizations want their IT staff delivering business results, which is why it may make sense to consider outsourcing monitoring to a third party skilled in assessing and limiting incident reports to only the handful that a busy internal staff actually needs to address.
Kachina Shaw is managing editor for IT Business Edge and has been writing and editing about IT and the business for 15 years. She writes about IT careers, management, technology trends and managing risk. Follow Kachina on Twitter @Kachina and on Google+