Analysis

Don't be scared of outsourcing your security needs

Outsourcing can be a good thing - provided we avoid the stereotypes - claims Davey Winder...

My late father always told me that in order to be successful I should play to my strengths. He was talking about life skills, but his words stuck with me when it came to business as well.

Nearly 25 years ago when a career change was being forced upon me, I reflected upon what I was good at and it turned out that my skills were: writing, conversation and hacking. So I put these things to good use and became a security consultant and journalist. Given that the 'focus on what you know' advice is pretty much business 101 stuff, why is it then that so many organisations find it so hard to outsource their security needs?

New research from Computer Economics says that when it comes to outsourcing, only eight per cent of technology budgets within larger enterprises are earmarked for outsourcing. Even though the report suggests that security is on an upward outsourcing trend, being one area where the enterprise sees real third-party vendor value, it still leaves me feeling that most organisations are simply running scared of letting go.

There is an argument that outsourcing is seen as a money saving move, nothing more and nothing less. This perception of the outsourcing market - a perception held more by consumers than corporates it has to be said - is amplified when it comes to security. After all if you suffer a breach and customer data is impacted then everyone looks for the weaknesses in your security posture that allowed it to happen. The fact you outsourced your security needs to some cheap offshore outfit is not going to do your brand reputation much good. 

For a start, outsourcing your security needs does not automatically mean offshoring; one of the biggest cloud-based security outfits is based in Cardiff, for example. Not that it matters, especially when we are talking security-as-a-service, when it comes to cloud. Not only do we need to get over the whole outdated and arguably racist overseas call centre image of outsourcing, we need to stop confusing value with cheapness as well.

Get your security-as-a-service investment right and you may well be saving money courtesy of not having to employ or hire analysts for log monitoring and management, for threat research and investigation or find the capital expenditure and ongoing upkeep costs of in-house infrastructure. Outsourcing such things means it's all wrapped up in budgetable fixed fee. That is not the same as doing it on the cheap, that is delivering value to your enterprise and to your customers through improved security.

But it's not all about the money anyway; value isn't just measured in monetary terms. Improved security with better flexibility is a good thing, and even if it costs much the same as doing it less effectively in-house it still delivers value. It is also good practice. So stop avoiding the outsourcing option just because of bad experiences or unfair stereotypes. Anyone with an ounce of sense will realise that spending money where it makes a difference to the overall security posture of the enterprise is good, and throwing money at the security equivalent of treading water is bad.

Investing money in people that understand the security issues facing your organisation, and the processes required to mitigate those risks, is nothing to be scared of...

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

What is AES encryption?
Advanced Encryption Standard (AES)

What is AES encryption?

30 Nov 2020
UK's Huawei 5G ban brought forward to September 2021
Security

UK's Huawei 5G ban brought forward to September 2021

30 Nov 2020
Hacker claims to be selling C-suite executives' Microsoft credentials
Security

Hacker claims to be selling C-suite executives' Microsoft credentials

30 Nov 2020
What are biometrics?
Security

What are biometrics?

27 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020