Outsourcing Security: Do the Benefits Outweigh the Risks?

By: Katie Daggett| - Leave a comment


Today’s security landscape has made it difficult for all but the largest organizations to keep security functions in-house. Outsourcing security has grown more common, especially among companies struggling to keep up with the ever-changing cybercrime community and operate numerous enterprise security products by themselves.

Many companies lack the bandwidth to perform necessary security functions with any adequacy. An IT department with limited staff is particularly unlikely to have all the specialized security skills the organization would need to protect itself against modern threats.

For organizations of any size, even those that prefer to keep security in-house, outsourcing makes sense during periods of rapid growth. Without outside help, it would be nearly impossible for even the largest firm to ramp up a dedicated information security department in a short amount of time.

The Pros and Cons of Outsourcing Security

Outsourcing at least some basic security functions to a managed security services provider (MSSP) has become increasingly popular for a number of reasons — one of the biggest being the amount of time it can save.

Outsourcing gives a company, no matter how limited its internal resources, access to 24/7 coverage from trained security experts. Most enterprises cannot provide the same level of service on their own because they have to confront other technical issues related to security, such as penetration testing, spam filtering, log monitoring and awareness training across the company — all of which were considered among the most frequently outsourced tasks by growing IT shops, according to CIO. Outsourcing also reduces risk, especially for organizations with only one person (usually the chief information officer) dedicated solely to security.

Of course, outsourcing security also has its drawbacks. An outsourced security provider can lack important insight into the organization when examining its risk. Without guidance from someone within the company, an MSSP may not understand typical user behaviors. They may also have trouble discerning between noise and real security problems that need to be addressed.

Filling Outsourced Security Gaps

How can an organization navigate the drawbacks of outsourcing security? To start, it’s critical to select the right service provider, as switching to another vendor if things don’t go well isn’t always easy. Look for a provider with experience in your specific industry. Make sure the provider’s toolsets are expansive and its employees are trustworthy — you might solicit a recommendation from another non-competing vendor for this purpose.

Next, implement processes and communications channels to provide the MSSP with the right context for evaluating alerts. Internal teams should be prepared to explore and troubleshoot more events. If possible, assign someone internally to serve as liaison with the MSSP. It’s great to have someone to hold the provider accountable, but the role can quickly become a full-time job if not managed properly. If done well, however, these steps can help your company get the most out of its security investment.

Topics: , , , ,


About The Author

Katie Daggett

Freelance Writer

Katie Daggett is owner and chief content strategist of KD Copy & Content. She is an agency-caliber copywriter with more than 15 years' experience in marketing communications and specializes in creating exceptional B2B and B2C marketing content. Katie has worked with clients big and small in a variety of industries, writing everything from direct mail pieces to television ad campaigns. She's learned what it takes to write an effective headline or email subject line, how to engage readers emotionally so that they keep reading and encourage them to take the next step with a strong call to action. Today, Katie specializes in writing SEO website copy and online marketing content directly for client companies. She is passionate about helping B2B and B2C marketers create content that generates more leads and convert those leads into sales.

Articles by Katie Daggett
See All Posts