Analysis

Don't be scared of outsourcing your security needs

Outsourcing can be a good thing - provided we avoid the stereotypes - claims Davey Winder...

My late father always told me that in order to be successful I should play to my strengths. He was talking about life skills, but his words stuck with me when it came to business as well.

Nearly 25 years ago when a career change was being forced upon me, I reflected upon what I was good at and it turned out that my skills were: writing, conversation and hacking. So I put these things to good use and became a security consultant and journalist. Given that the 'focus on what you know' advice is pretty much business 101 stuff, why is it then that so many organisations find it so hard to outsource their security needs?

New research from Computer Economics says that when it comes to outsourcing, only eight per cent of technology budgets within larger enterprises are earmarked for outsourcing. Even though the report suggests that security is on an upward outsourcing trend, being one area where the enterprise sees real third-party vendor value, it still leaves me feeling that most organisations are simply running scared of letting go.

There is an argument that outsourcing is seen as a money saving move, nothing more and nothing less. This perception of the outsourcing market - a perception held more by consumers than corporates it has to be said - is amplified when it comes to security. After all if you suffer a breach and customer data is impacted then everyone looks for the weaknesses in your security posture that allowed it to happen. The fact you outsourced your security needs to some cheap offshore outfit is not going to do your brand reputation much good. 

Advertisement
Advertisement - Article continues below

For a start, outsourcing your security needs does not automatically mean offshoring; one of the biggest cloud-based security outfits is based in Cardiff, for example. Not that it matters, especially when we are talking security-as-a-service, when it comes to cloud. Not only do we need to get over the whole outdated and arguably racist overseas call centre image of outsourcing, we need to stop confusing value with cheapness as well.

Get your security-as-a-service investment right and you may well be saving money courtesy of not having to employ or hire analysts for log monitoring and management, for threat research and investigation or find the capital expenditure and ongoing upkeep costs of in-house infrastructure. Outsourcing such things means it's all wrapped up in budgetable fixed fee. That is not the same as doing it on the cheap, that is delivering value to your enterprise and to your customers through improved security.

But it's not all about the money anyway; value isn't just measured in monetary terms. Improved security with better flexibility is a good thing, and even if it costs much the same as doing it less effectively in-house it still delivers value. It is also good practice. So stop avoiding the outsourcing option just because of bad experiences or unfair stereotypes. Anyone with an ounce of sense will realise that spending money where it makes a difference to the overall security posture of the enterprise is good, and throwing money at the security equivalent of treading water is bad.

Investing money in people that understand the security issues facing your organisation, and the processes required to mitigate those risks, is nothing to be scared of...

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/digital-transformation/354201/boston-dynamics-dog-like-robots-sniff-out-bombs-for
digital transformation

Boston Dynamics dog-like robots sniff out bombs for Massachusetts police

26 Nov 2019
Visit/business-strategy/mergers-and-acquisitions/354191/xerox-threatens-hostile-takeover-after-hp-rebuffs
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
Visit/security/data-breaches/354192/t-mobile-data-breach-affects-more-than-a-million-users
data breaches

T-Mobile data breach affects more than a million users

25 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019