So where does that leave you? Wilson says the key is not to expect too much, quoting security-as-a-service vendors who complain that many SMBs simply want to dump the whole mess on someone else. But that won't work. You cam shift responsibility for security, but you're still accountable for it. "You can't just hire somebody and forget about it."
Too bad, huh?
You'll have to make do with a partnership, Wilson says. You still need to know what you need, what your priorities are, or a service provider isn't going to be able to help much. It's often a good idea to start with outsourcing just one or two services, and expand as things go well, setting expectations and sharing feedback with your providers to make sure you're getting what you need.
And while cost is important, it shouldn't be the only consideration where security is concerned. In fact, while you may get more for your money, outsourcing security doesn't actually cut security costs in most companies!
Finally, just because you've successfully outsourced your security doesn't mean you can forget about it. You've still got to monitor and test to make sure your provider is protecting you against the key threats.
All this doesn't mean that there's no value to security outsourcing. It's just that there really is no such thing as a free lunch.