For all the stories we see on the news about the breadth and depth of cybersecurity breaches — millions of users compromised, billions of social security numbers, passwords and bank accounts stolen, ready to be weaponized at any moment — it can be underwhelming to learn that one of the biggest threats of all also may be the most prosaic: email spam.
That’s right. Those annoying emails, most harmlessly trying to sell you something or get you to visit a website also include the social engineering phishing attacks that allow hackers to get into systems, where they can burrow deeply, undetected, until they can wreak maximum havoc.
If you work for almost any size organization, no doubt you’ve clicked through your share of cybersecurity training videos, trying to ingrain into you enough skepticism of unfamiliar email requests that, rather than clicking, as most folks still do, you forward it to your company’s security team. You’d think by now we’d all know better.
And yet, as we participate in the 16th year of collaboration between government and industry on National Cybersecurity Awareness Month, email phishing remains the number one way attackers breach systems. For companies like Rackspace, the risk is two-fold: we must train our employees to be ever vigilant, for they protect not only our own data and assets, but that of tens of thousands of our global customers as well.
Security from the inside out
Internally, our focus is on strengthening and broadening our security foundation, which revolves around IT hygiene (patch management, configuration management and asset inventory). We are doing this in part by broadening our use of automation and analytics. By automating more of the day to day tasks, our cybersecurity analysts are freed up to do more valuable, proactive work; we’re also more thoroughly analyzing the mountains of data and intelligence we acquire each and every day.
That’s critical, because “daily events” are coming at us with even more frequency, events that must be assessed to determine what is a true “incident.” Both analytics and our proprietary automation tools help here, allowing us to integrate with all of the cloud control planes and supported cloud native tools to sift through the noise to determine where best to focus our attention.
Automation and analytics also help in another way: retaining talent. I have now served as Rackspace Chief Security Officer for three months, and what I have been most impressed with in that time is the quality of the talent of our security teams. Combined, our security experts hold more than 500 certifications, in cyber defense, digital forensics, incident response, pen testing and networking. I am honored to work with some of the best in the business; it’s my job to keep them motivated — and allowing them to do high value work is one way to do that.
The benefits of managed security services
Security is a top concern for our customers and by taking advantage of a managed security service provider, or MSSP, companies can access top, skilled talent. For example, Rackspace Managed Security offers a comprehensive portfolio of security and compliance offerings, for all major private and hyperscale public clouds — and we do it in a way that allows companies to use (and pay for) exactly the services they need, when they need them. We call them Service Blocks: discrete sets of capabilities that companies can choose from, depending on the security and compliance requirements of their business.
There are many, many companies today entering the managed security services market. According to Gartner, the total enterprise security market is roughly $115 billion, with managed security services accounting for more than 50 percent of this emerging market. Cloud security is a smaller piece of that, at $440 million annually, but with an eye-popping growth rate of 30 percent CAGR.
And it’s no wonder. The talent shortage is just one reason companies turn to managed security service providers. From limited security expertise, too many point solutions in an environment, compliance requirements and budget constraints, business leaders and their security counterpoints are all seeking expert partners.
Every major analyst firm now offers in-depth market and vendor reports on the MSSP landscape to help companies assess which company makes the most sense for its security needs; most recently, IDC released its 2019 MarketScape report, U.S. Emerging Managed Security Services 2019 Vendor Analysis, which places Rackspace in its “Major Player” category.
The report notes that “Rackspace has strengthened its position with managed security services and solutions that can be wrapped into its multi-cloud offerings for AWS, Azure, and Google. … Customer feedback stated that Rackspace goes above and beyond putting the customer first and tries to accommodate their needs and finishes projects before the scheduled completion time.”
We’re proud of our ability to meet customers wherever they are on their cybersecurity journey. But whether you choose Rackspace Managed Security or another MSSP, please never forget: do not click on that spam email.