Analysis

Don't be scared of outsourcing your security needs

Outsourcing can be a good thing - provided we avoid the stereotypes - claims Davey Winder...

My late father always told me that in order to be successful I should play to my strengths. He was talking about life skills, but his words stuck with me when it came to business as well.

Nearly 25 years ago when a career change was being forced upon me, I reflected upon what I was good at and it turned out that my skills were: writing, conversation and hacking. So I put these things to good use and became a security consultant and journalist. Given that the 'focus on what you know' advice is pretty much business 101 stuff, why is it then that so many organisations find it so hard to outsource their security needs?

New research from Computer Economics says that when it comes to outsourcing, only eight per cent of technology budgets within larger enterprises are earmarked for outsourcing. Even though the report suggests that security is on an upward outsourcing trend, being one area where the enterprise sees real third-party vendor value, it still leaves me feeling that most organisations are simply running scared of letting go.

There is an argument that outsourcing is seen as a money saving move, nothing more and nothing less. This perception of the outsourcing market - a perception held more by consumers than corporates it has to be said - is amplified when it comes to security. After all if you suffer a breach and customer data is impacted then everyone looks for the weaknesses in your security posture that allowed it to happen. The fact you outsourced your security needs to some cheap offshore outfit is not going to do your brand reputation much good. 

For a start, outsourcing your security needs does not automatically mean offshoring; one of the biggest cloud-based security outfits is based in Cardiff, for example. Not that it matters, especially when we are talking security-as-a-service, when it comes to cloud. Not only do we need to get over the whole outdated and arguably racist overseas call centre image of outsourcing, we need to stop confusing value with cheapness as well.

Get your security-as-a-service investment right and you may well be saving money courtesy of not having to employ or hire analysts for log monitoring and management, for threat research and investigation or find the capital expenditure and ongoing upkeep costs of in-house infrastructure. Outsourcing such things means it's all wrapped up in budgetable fixed fee. That is not the same as doing it on the cheap, that is delivering value to your enterprise and to your customers through improved security.

But it's not all about the money anyway; value isn't just measured in monetary terms. Improved security with better flexibility is a good thing, and even if it costs much the same as doing it less effectively in-house it still delivers value. It is also good practice. So stop avoiding the outsourcing option just because of bad experiences or unfair stereotypes. Anyone with an ounce of sense will realise that spending money where it makes a difference to the overall security posture of the enterprise is good, and throwing money at the security equivalent of treading water is bad.

Investing money in people that understand the security issues facing your organisation, and the processes required to mitigate those risks, is nothing to be scared of...

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020