Recent recommendations released by the National Cybersecurity Division of the US Department of Homeland Security have distinguished between the ‘spirit’ and the ‘letter’ of IT security advice being promoted by the National Institute of Standards and Technology. Entitled "FY 2012 Inspector General Federal Information Security Management Act Reporting Metrics," the report containing the recommendations is urging organizations to follow the ‘intent’ of NIST guidelines rather than literally adhering to the exact IT solutions sometimes promoted via those guidelines.
Although the DHS has targeted this advice at government agencies concerned about improving their IT security measures, the cabinet department's remarks are equally applicable to private businesses including those that are small or medium-sized. As the old saying goes, there is "more than one way to skin a cat." When applied to an IT context, this saying means that there is more than a single way to accomplish a given security objective. Quite often, small and medium-sized businesses find that a managed services approach to their overall IT needs is also the best way to address ongoing security needs as well.
In part, this conclusion stems from the specific nature of a managed services model. Because remote monitoring on a 24/7 basis is a typical component to a managed services approach, many businesses find that cybersecurity improves once they take advantage of outsourced IT. After all, even the most dedicated IT department head cannot work around the clock, not even with the help of automated alerts. In managed services approach, however, businesses contract with an IT company rather than a single individual and thus have access to a much larger support base and source of assistance.