Is cybersecurity as a service (CSaaS) a good solution for enterprise or is it more suited to a startup or SME?

1.5k views4 Comments

Director of Technology Strategy in Services (non-Government), 2 - 10 employees
The different models that we're seeing through my network are interesting, particularly here in NZ. I guess it's just a scale thing for us. For the clients I'm working with, it's often not feasible for them to manage their own security environment internally, so outsourcing makes perfect sense. Most of the managed service providers (MSPs) that I've come across or that I've been involved with have some form of security offering. Whether it be the basic level, malware and threat detection or whether it goes right up. We've started to see more companies and providers emerge in the market that are offering it.
Board Member, Advisor, Executive Coach in Software, Self-employed
You can outsource the task and responsibility, but you can't outsource accountability for the result. Too frequently people confuse that, whether it be cybersecurity, or outsourcing of app development, etc. I was on a Slack channel with 100+ peers recently and outsourcing came up. A lot of people said, “I've done it but they don't respond as fast as internal resources do,” or “I've done it and I'm not really happy.”

So even if you outsource it, you're still going to end up co-sourcing things because of the complexity of what is occurring in your environment. Unless they're a dedicated team—like a true contract worker that's completely under contract with you—they're in this stew of all the other things that they're doing. They may have some pods but they're a shared resource across other clients.
CEO and Co-Founder in Software, 51 - 200 employees
It's impossible to manage. I see it. When we started RiskSense as a service, you always looked at cost economics. And the reason we were given was that it's pure cost. The technology might be what you get a break on but when it comes to the real work, it's down to cost economics. We all know that but nobody's willing to transfer the risk.

When you sign a contract, you don't have the option to say, “I'll only allow you to take on a 10 million dollar risk.” But in contractual negotiation the question is, how much risk am I willing to take? Nobody's going to take on unlimited risk. That means that you haven't transferred your risk by default, you just transferred the work. And even then, you're at the mercy of the vendor.
1 1 Reply
Board Member, Advisor, Executive Coach in Software, Self-employed

And in this case, you can't really transfer the risk. You might be able to transfer the financial implications of the risk but if your data is stolen or if you’re ransomed, it's not like it’s their problem. They might write a check under some limited liability perhaps but that’s it.

Content you might like

CEO in Services (non-Government), Self-employed
Using AI tools 2-3 a week. Use cases: 
-summaries of content 
-slide outlines
-Beauti.Ai for slide preparation
-Chat GPT 4
Read More Comments
3.5k views2 Upvotes9 Comments




Non-production DBs (Dev, Training, QA, etc.)31%


1.3k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.6k views131 Upvotes319 Comments

Structured Business Data62%

Unstructured Business Data37%


1.9k views2 Upvotes