Information Security Buzz Expert Panel Question
Gartner forecasts that the total security outsourcing market will grow from $14.1 billion in 2014 to $24.5 billion in 2019 at a compound annual growth rate (CAGR) of 14.8% — making it the highest-growing security services market. What are the challenges and benefits of outsourcing your security functions?
In simpler times, say, in 2009 or 2010, security technology approaches were clearly defined and primarily based on prevention with solutions like firewalls, antivirus, web and email gateways. There were relatively fewer available technology segments and a relatively clear distinction between buying security technologies and outsourcing engagements.
Organizations invested in the few well known broadly used security technologies themselves, and if outsourcing the management of these technologies was needed, they could be reasonably confident that all the major security outsourcing providers would be able to support their choice of technology.
As observed by Gartner, this was a market truth for both on-premise management of security technologies and remote monitoring/management of the network security perimeter (managed security services).
The increasing complexity of the threat landscape has spawned more complex security technologies to combat those threats. Thus, the importance of the “human element” is more prevalent in security management discussions than before. Today, the choices are either to procure security technology and deploy adequate internal resources to use them effectively, or outsource to a provider who is experienced with the selected technology.
Outsourcing security allows organizations to affordably leverage expertise that may not be available internally, but at the cost of losing control. Many providers offer cookie-cutter, one-size-fits-all solutions, which may not meet a specific enterprise’s needs.
A third option that is gaining increasing popularity is co-sourcing. In this model, the provider does the technology-specific heavy lifting and leaves a specific organization’s network independent, allowing remediation to be performed by the in-house team. Organizations can also customize the solution, and keep data on your premises.
Chief Information Security Officers are under pressure to demonstrate adequate risk management and accountability, and simply outsourcing cybersecurity to a managed security services provider won’t pass muster with the Board.