When To Outsource Security -- And When Not To

  /     /     /  
Publicated : 22/11/2024   Category : security


When To Outsource Security -- And When Not To


New Dark Reading report offers insights on the advantages and pitfalls of bringing in a third party to help with security



[Excerpted from Finding the Right Security Outsourcing Balance, a new report published this week on Dark Readings
Security Services Tech Center
.]
Enterprise networks have become so complex that few IT departments truly have the resources and expertise to manage them entirely on their own, particularly when it comes to keeping them secure. Outsourcing certain aspects of physical security -- such as lobby guards -- is commonplace, but enterprises have only relatively recently begun turning to third-party managed security services (MSS) to block spam and filter Web and email content.
Now, though, there is a trend toward outsourcing a growing number and variety of security services, including log management and patch and configuration management. Indeed, as enterprise security professionals are tasked with keeping an ever-increasing amount of data secure on a growing number and variety of devices -- often used outside the safety of the internal network -- more and more businesses are deciding to outsource security functions and processes to third parties. According to Gartner, growth in the European MSS market reached $2.1 billion in sales in 2010, with a predicted compound annual growth rate of 14% from 2010 to 2014.
The arguments for outsourcing are well-known: The model allows an organization to concentrate on its core competencies and manage its business instead of having to manage an IT infrastructure. IT security processes lend themselves well to outsourcing because they scale well, making them cheaper for a specialist company to deliver. Outsourcing also reduces capital and operating expenses by eliminating the need to hire and train specialized staff and purchase dedicated equipment.
When deciding which security functions to outsource, the broad answer is any service where a third party can provide better security at a lower price than you can deliver with your own team, while still allowing you to meet your regulatory and business obligations. The kinds of services that often meet these standards include vulnerability scanning, penetration testing, network monitoring, distributed denial-of-service protection, threat intelligence alert services, forensics, product installation, product configuration, and patch management.
Processes that require a lot of hands-on decision-making -- such as firewall management, where nearly every decision requires a custom response -- may be better kept in-house. Although the arguments for outsourcing are strong, outsourcing the wrong service or selecting the wrong provider can be a costly mistake.
To find out more about the advantages and pitfalls of security outsourcing -- and for a list of questions to help you choose the right service provider --
download a free copy of the report on security outsourcing
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
When To Outsource Security -- And When Not To