Does Outsourcing IT Security Make You Uneasy?
A new study from Ovum says fewer CIOs are willing to rely on outsourcers for their IT security.
Outsourcing IT security has never been popular among IT professionals. The topic has always caused controversy. But according to research and analysis firm Ovum, headquartered in London, now even fewer CIOs think outsourcing IT security is a good idea.
Ovum surveyed more than 500 CIOs around the world. Of those, only 7% said they were considering outsourcing IT security over the next two years, down from 18% currently. The findings are part of a new report entitled CIO Investment and Outsourcing Priorities Have Shifted Post-Recession.
Ovum senior analyst Rhonda Ascierto, attributes the planned reduction in IT security outsourcing to a lack of confidence. “Organizations are now more subject to compliance considerations in the form of both formal external and internal policy-driven requirements, particularly in the wake of the U.S. banking controversies and other financial scandals,” she said in a prepared statement.
Ovum cites several other reasons for the unease: the difficulty in obtaining measurable security metrics from outsourcing providers, the desire for organizations to gain greater control over their own IT operations, and contractual clauses from outsourcers that often do not give the quantitative assurance organizations want.
I don’t think Ovum’s findings are terribly new, but it is interesting that there are now fewer of the small number of organizations that were willing to outsource security to begin with. I agree with all of Ovum’s assessments, particularly the new-ish concerns regarding the current regulatory climate, in which state and federal legislators are looking to hold organizations more accountable for their operations, particularly with regards to finances. And of course, most IT organizations have smaller budgets—a fact that has impacted IT outsourcing overall.
But as I said, outsourcing IT security has always been controversial and suspect. Consider a survey of about 480 security professionals conducted by the Computer Security Institute in late 2007. When asked what percentage of computer security functions were outsourced in their organizations, 61 percent of respondents answered "none.” Those surveyed represented a broad spectrum of industries, such as finance, transportation, retail, education, telecom, and government.
Just a tiny group—only 5 percent—had outsourced more than 60 percent of their computer security functions. And only 2 percent had outsourced more than 80 percent of their functions. When the annual survey was conducted that year, CSI noted that the results related to the question of outsourcing security hadn't changed in the three years since they started asking it.
I’m interested to hear from you all. Does your organization outsource any of its IT security functions? If so, how much? Why? If no, why not?
Previous Post: Outsourcing Overseas Means What?Next Post: India Scores More Big Outsourcing Contracts
Most Discussed Posts
Cloud computing has emerged as one of the most significant game changers to hit the technology landscape in the past 20 years. With this massive expansion of the cloud, the perception of the IT organization is shifting from a utility player to a change agent. This eBook breaks down five ways progressive organizations are using cloud-based IT Management solutions to help drive innovation and become more strategic, including: adding visibility and analytics, speeding up time-to-value, lowering costs, improving prioritization, and providing a blueprint for future cloud deployments.
Read the white paper to see how IBM helped Citigroup deliver new services and enhancements to their 200 million customers faster.
There are 3 ways to modernize legacy applications: rewrite completely, acquire packaged solutions or migrate existing code. This paper explains why it's best to migrate and how IBM® Rational® software can help.
Accommodating specific lines of business can result in a hybrid ecosystem of applications and servers. The resulting complexity of this architecture makes for an environment that is costly to maintain and difficult to change when addressing new challenges.
This whitepaper will help you to define a mobile device passcode policy. Security managers must attempt to reconcile two opposing goals. They must: 1) create a passcode policy that is strong enough to protect the device if it is lost or stolen, while: 2) not annoying users with needless length or complexity.
This whitepaper, authored by The Radicati Group, looks at the key reasons organizations should consider moving to a cloud-based archiving solution. Email archiving solutions enable organizations to store, monitor, and collect electronic data exchanged by their users to comply with internal policies and regulations.
ATERNITY will showcase a 30-minute demo on how Fortune 500 companies are leveraging its award-winning FPI Platform to deliver a user-centric approach to Proactive IT Management.
For businesses to move forward and tap into the ever-expanding universe of Internet users and network-enabled devices, it's critical to learn how to make the transition to IPv6. Learn the critical steps your organization must take to make a seamless transition-and keep your business world connected.
Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks.
Learn how to build a solid business case for your migration to Red Hat Enterprise Linux so you can run leaner, innovate faster, be more flexible and own the New Now.
Social media isn't about you; it's about everything around you. As you consider how your customers want to communicate with you, social media is something that can't be ignored. But what should your strategy be? Is social media "just another channel?" What kind of a plan makes sense for your contact center and for your customers? Join our experts as they share their insight and research results.
Hardware tokens were a popular method of strong authentication in past years but the cumbersome provisioning and distribution tasks, high support requirements and replacement costs have limited their growth. The additional log-in steps that hardware tokens require and the resulting user frustrations have limited adoption and make them impractical for larger scale partner and customer applications.
Sponsored Links
