Analysis

Don't be scared of outsourcing your security needs

Outsourcing can be a good thing - provided we avoid the stereotypes - claims Davey Winder...

My late father always told me that in order to be successful I should play to my strengths. He was talking about life skills, but his words stuck with me when it came to business as well.

Nearly 25 years ago when a career change was being forced upon me, I reflected upon what I was good at and it turned out that my skills were: writing, conversation and hacking. So I put these things to good use and became a security consultant and journalist. Given that the 'focus on what you know' advice is pretty much business 101 stuff, why is it then that so many organisations find it so hard to outsource their security needs?

New research from Computer Economics says that when it comes to outsourcing, only eight per cent of technology budgets within larger enterprises are earmarked for outsourcing. Even though the report suggests that security is on an upward outsourcing trend, being one area where the enterprise sees real third-party vendor value, it still leaves me feeling that most organisations are simply running scared of letting go.

There is an argument that outsourcing is seen as a money saving move, nothing more and nothing less. This perception of the outsourcing market - a perception held more by consumers than corporates it has to be said - is amplified when it comes to security. After all if you suffer a breach and customer data is impacted then everyone looks for the weaknesses in your security posture that allowed it to happen. The fact you outsourced your security needs to some cheap offshore outfit is not going to do your brand reputation much good. 

For a start, outsourcing your security needs does not automatically mean offshoring; one of the biggest cloud-based security outfits is based in Cardiff, for example. Not that it matters, especially when we are talking security-as-a-service, when it comes to cloud. Not only do we need to get over the whole outdated and arguably racist overseas call centre image of outsourcing, we need to stop confusing value with cheapness as well.

Get your security-as-a-service investment right and you may well be saving money courtesy of not having to employ or hire analysts for log monitoring and management, for threat research and investigation or find the capital expenditure and ongoing upkeep costs of in-house infrastructure. Outsourcing such things means it's all wrapped up in budgetable fixed fee. That is not the same as doing it on the cheap, that is delivering value to your enterprise and to your customers through improved security.

But it's not all about the money anyway; value isn't just measured in monetary terms. Improved security with better flexibility is a good thing, and even if it costs much the same as doing it less effectively in-house it still delivers value. It is also good practice. So stop avoiding the outsourcing option just because of bad experiences or unfair stereotypes. Anyone with an ounce of sense will realise that spending money where it makes a difference to the overall security posture of the enterprise is good, and throwing money at the security equivalent of treading water is bad.

Investing money in people that understand the security issues facing your organisation, and the processes required to mitigate those risks, is nothing to be scared of...

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

26 Feb 2021