Outsourcing security tasks brings controversy - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED WHITEPAPERS

Core PCI Requirements for Windows and Active Directory NetPro

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry regulations imposed by the major credit card companies to ensure the safety, security, and integrity of cardholder data. Any business that processes, stores, and transmits cardholder account data must comply with this complex new standard, and must be able to demonstrate that compliance through automated and manual audits of their systems. This white paper looks at the key challenges and requirements of PCI DSS as it relates to Microsoft Windows and Active Directory, and shows you how a third-party software solution can help with PCI compliance.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Reduce Complexity and Cost - Windows Server Consolidation with Virtualization from Novell Novell

There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

Its not hard to keep on eye on how much bandwidth that you are using, check out this page for more info: http://technicianspot.blogspot.com/2008/05/monitor-bandwidth.html- Anonymous

Join the Discussion

Outsourcing security tasks brings controversy

Outsourcing security gives in-house IT staff a chance to be freed up from mundane tasks, but not everyone likes it
By Ellen Messmer , Network World , 03/20/2008
  • Social Web 
  • Email 
  • Feedback 
  • Close

When it comes to outsourcing security functions, skepticism still rules the day for many users. The idea of handing over control of network security to an outside firm paid to maintain gear, monitor for attacks, perform scans, collect logs or update security software for employees is, to say the least, controversial.

Security managers are split on the issue, arguing it's either a boon or bane for the company. According to advocates, outsourcing security gives in-house IT staff a chance to be freed up from mundane tasks to deal with more strategic matters without having to take on additional staff. The naysayers worry that outsourcing means losing sight of security risks because outsiders will mechanically follow a contract without thinking critically enough. Whether outsourcing is cost-effective is part of the debate, too, but the central question of control stirs the greater emotion.

Those bullish on security outsourcing say it's a way to move their in-house security specialists, already in short supply, into more strategic jobs while making sure everyday tasks get done.

"We either have to bring in more internal IT people or get other people through outsourcing security services," says Andre Gold, lead, IT risk management in the North American arm of ING, the Holland-based global financial services firm.

Click to see: Survey shows most opposed to outsourcing security.

Survey shows most opposed to outsourcing security.

Gold says tasks such as patch and vulnerability management tasks or antivirus support are consuming a lot of staff time that might be better used in strategic risk-management operations for online business goals with partners and customers, for instance.

"I'd rather push the ING people up the ladder," Gold says, noting that next month ING expects to select at least one security outsourcing provider — it may be offshore in India or elsewhere — for large, multiyear contracts to handle a wide variety of data and network-security management remotely.

"I call it security right-sourcing," Gold says, adding that ING already outsources some IT maintenance and application development. Consequently, advocating security outsourcing was not a culture shock at the company. Gold says he expects security outsourcing to prove cost-effective over adding in-house staff, but he says in this case, it's not the primary motivator for doing it.

1 | 2 | 3 | 4 |  Next >
Comments (2)
Login
Forgot your account info?

Firstly , assess the risk of security outsourcingBy Anonymous on March 25, 2008, 10:41 amInteresting topic and good article. However, I believe one important aspect is missing - measuring the risk. Outsourcing is fine if your processes are working properly,...

Reply | Read entire comment

Good article yet this is only a snapshot of the marketBy lawless38 on March 24, 2008, 12:43 pmGood write up and not surprising responses, however, I feel we are only covering a "snapshot" of the higher end of the market for outsourced security services. Many...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code