Best and Worst Security Functions to OutsourceBest and Worst Security Functions to Outsource
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
September 29, 2017
Security teams need more advanced people than they can find or afford. For many, outsourcing has become key to bridging the skills gap and addressing tasks they lack budget or talent to do.
Dark Reading's report "Surviving the IT Security Skills Shortage" found 45% of businesses don't outsource any of their security functions. Nearly 30% outsource a few hard-to-find skills and services, and 22% outsource some security functions while relying on third-party service providers for others. Six percent outsource most of their security tasks to third parties.
It's possible to outsource just about any security function, says IP Architects president John Pironti, but just because you can outsource doesn't mean you should. The question, he says, is where do you want your team to focus its time and attention?
"You have to calibrate expectations of what a third party will provide," he explains. "They will not have the same interest or passion in your world as you will."
Some security functions are best left in-house, Pironti adds, because they require intimate knowledge of business infrastructure and processes. Organizations will continue to master this balance as security threats evolve and multiply.
Outsourcing is more involved than simply passing off responsibilities to other people, adds Ryan LaSalle, global managing director for growth and strategy at Accenture. You have to work with providers to manage the functions you're outsourcing and how they're being performed.
No matter which functions you outsource, it's critical to define expectations and processes for your partner firm, says Pat Patterson, VP of enterprise security solutions at Optiv. Most of the time, companies end up disappointed because they didn't communicate what they needed.
"The better you as a customer can define expectations and requirements, the more prepared you will be to leverage that relationship," he explains.
Which functions to outsource, and which to handle in-house? Read on to see the experts' list of the most common and beneficial security functions to outsource, as well as the tasks that should be kept in-house.
(Which functions do you outsource, or which are you considering outsourcing? Let's keep the conversation going in the comments.)
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023