Best and Worst Security Functions to Outsource

Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.

Kelly Sheridan, Former Senior Editor, Dark Reading

September 29, 2017

10 Slides

Security teams need more advanced people than they can find or afford. For many, outsourcing has become key to bridging the skills gap and addressing tasks they lack budget or talent to do.

Dark Reading's report "Surviving the IT Security Skills Shortage" found 45% of businesses don't outsource any of their security functions. Nearly 30% outsource a few hard-to-find skills and services, and 22% outsource some security functions while relying on third-party service providers for others. Six percent outsource most of their security tasks to third parties.

It's possible to outsource just about any security function, says IP Architects president John Pironti, but just because you can outsource doesn't mean you should. The question, he says, is where do you want your team to focus its time and attention?

"You have to calibrate expectations of what a third party will provide," he explains. "They will not have the same interest or passion in your world as you will."

Some security functions are best left in-house, Pironti adds, because they require intimate knowledge of business infrastructure and processes. Organizations will continue to master this balance as security threats evolve and multiply.

Outsourcing is more involved than simply passing off responsibilities to other people, adds Ryan LaSalle, global managing director for growth and strategy at Accenture. You have to work with providers to manage the functions you're outsourcing and how they're being performed.

No matter which functions you outsource, it's critical to define expectations and processes for your partner firm, says Pat Patterson, VP of enterprise security solutions at Optiv. Most of the time, companies end up disappointed because they didn't communicate what they needed.

"The better you as a customer can define expectations and requirements, the more prepared you will be to leverage that relationship," he explains.

Which functions to outsource, and which to handle in-house? Read on to see the experts' list of the most common and beneficial security functions to outsource, as well as the tasks that should be kept in-house.

(Which functions do you outsource, or which are you considering outsourcing? Let's keep the conversation going in the comments.)  

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights