In Security Outsourcers We Trust

The push to shrink security staff means more companies are outsourcing security functions to MSSPs, according to this year's Global Information Security Survey.

. What's this?

By , Senior Editor

October 01, 2010CSO

IT and business leaders acknowledge they don't have the staff or expertise to secure their data internally -- at least not without help from outside experts. If you work for a managed security service provider (MSSP), that's good news.

That's one of the takeaways from the Eighth Annual Global Information Security Survey CSO conducted along with sister publication CIO and PriceWaterhouseCoopers. Some 12,847 business and technology executives from around the world took the survey.

Part 2 of this series: Cloud security still a struggle for many companies, survey finds

Part 1 of this series: Business partners a growing security concern

More than half (52 percent) of survey respondents said that outsourcers, also known as managed security service providers (MSSPs), are important or very important to accomplishing their security objectives. Another 19 percent said outsourcers play some role. Meanwhile, more than 30 percent cited outsourcing of some or all security functions, such as e-mail filtering and management of application firewalls, as a top priority in the next 12 months, up from 18 percent a year ago.

While these numbers don't represent a tidal wave of change since last year, Mark Lobel, a principal in the advisory services division of PricewaterhouseCoopers, says they do signal a shifting of the winds.

The greater interest in outsourcing "is an outcome of the cut in IT services," he says. For example, companies are no longer as willing to pay someone in-house to monitor security operations overnight when a vendor can do it for less. "The cost of doing a bad job in-house is cheaper than what vendors will charge you, but the cost of doing security really well in-house is more expensive than what vendors will charge," Lobel says.

Companies realize it's better to put security in the hands of those who are immersed in it, says Warren Axelrod, a former CSO and author of the book "Outsourcing Information Security."

"If you need surgery, you would rather go to a surgeon who does five of these procedures a day instead of one a month," he said.

More than 30 percent of survey respondents are making outsourcing a priority so they can establish security safeguards that aren't currently in place, including functions such as e-mail filtering and penetration testing. Meanwhile, 60 percent said they already outsource the secure disposal of technology hardware and 59 percent said they've delegated administration of password resets. In the areas of strategy and standards, 32 percent said they have outsiders helping them establish security baselines for external partners, suppliers and other IT vendors. Twenty-four percent outsource their centralized security information-management procedures.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER