Should Business Operations Managers Outsource Cybersecurity?
For many companies, tight budgets and a focus on strategic initiatives have pushed business operations managers to outsource a number of IT functions. However, while outsourcing IT support, desktop support and infrastructure is fairly common, outsourcing security remains a conundrum for many.
Certainly, if cost and resources weren’t an issue, more organizations would address their security needs in-house. But today’s IT organizations must work within increasingly limited budgets, and with the increasing complexity of identity and access management (IAM) and the widening skills gap, most organizations are struggling to find, train and maintain a staff with the expertise to rapidly detect an intrusion or thwart a sophisticated cyberattack.
The Outsourcing Option for Business Operations
More and more business operations departments are turning to managed security service providers (MSSPs) due to the cost-effectiveness of gaining access to specialized security tools and expertise on a shared basis.
The advantages of using an outside vendor to handle security are plenty. First, by using an MSSP, organizations have the option to consume only the technology resources they need without the overhead of acquiring and managing their own infrastructure.
And because there is no need for large, one-time purchases of technology, companies can significantly lower capital expenses and still have a security solution that can rapidly adapt to their changing business needs.
The Trouble With IAM
An area of growing concern for many business operations departments is IAM. Indeed, bring-your-own-device (BYOD), cloud computing and the rapid spread of distributed applications and data have all added to the security challenges surrounding IAM.
Lax security at third-party organizations continues to be implicated in data breaches, as reported by Infosecurity Magazine. The number of companies affected by these breaches continues to grow, and organizations must change how they manage third-party access if they don’t want to become one of them.
If in-house IT skills and bandwidth are in short supply, IAM security can also be outsourced. An IAM program that automates day-to-day tasks and makes authentication secure yet simple for third-party users will pay for itself by freeing up IT staff to perform more value-added responsibilities. It will also keep data assets protected while enabling them to be used in new and innovative ways.
The Widening Skills Gap
Another reason many business operations managers are turning to outsourcing partners is the increasing difficulty of finding qualified professionals to staff their internal teams. According to the ISACA’s “2015 Cybersecurity Global Status Report,” 86 percent of companies surveyed said they see a cybersecurity skills gap. In addition, 92 percent of those planning to hire more cybersecurity professionals this year expect difficulty finding skilled candidates.
The weakness of internal security teams and the expected increase of cybersecurity threats is causing many organizations to look elsewhere to beef up their security measures. This skills shortage is so worrisome that, according to InformationWeek, even the U.S. Senate is considering outsourcing some of its core cybersecurity support requirements, including network security monitoring, threat analysis, incident reporting, vulnerability analysis and security engineering and research.
Where Do We Go From Here?
If you determine that the use of an outside security vendor fits within your organization’s risk tolerance and may provide cost and effectiveness benefits, your next step is to evaluate providers and identify the services that are best suited to your organization.
Once you’ve identified the particular services of interest, you can begin to narrow down the vendor landscape to those that offer capabilities that meet your requirements. You can kick-start your vendor search by reviewing industry analyst reports from organizations such as Gartner, for instance, whose Magic Quadrant reports highlight the market leaders across various service offerings.
In today’s complex environment, many business operations find they must leverage third-party service providers to secure their data and infrastructure. Cybercriminals have an abundance of resources, talent and determination. Meanwhile, many IT departments lack the resources and skills required to make a meaningful difference. For many organizations today, outsourcing security to an outside vendor isn’t really an option; the only real decisions that remain are what services to outsource and to whom.