Information Security Buzz Expert Panel Question – May
Gartner forecasts that the total security outsourcing market will grow from $14.1 billion in 2014 to $24.5 billion in 2019 at a compound annual growth rate (CAGR) of 14.8% — making it the highest-growing security services market. What are the challenges and benefits of outsourcing your security functions?
In simpler times, say, in 2009 or 2010, security technology approaches were clearly defined and primarily based on prevention with solutions like firewalls, antivirus, web and email gateways. There were relatively fewer available technology segments and a relatively clear distinction between buying security technologies and outsourcing engagements.
Organizations invested in the few well known broadly used security technologies themselves, and if outsourcing the management of these technologies was needed, they could be reasonably confident that all the major security outsourcing providers would be able to support their choice of technology.
As observed by Gartner, this was a market truth for both on-premise management of security technologies and remote monitoring/management of the network security perimeter (managed security services).
The increasing complexity of the threat landscape has spawned more complex security technologies to combat those threats. Thus, the importance of the “human element” is more prevalent in security management discussions than before. Today, the choices are either to procure security technology and deploy adequate internal resources to use them effectively, or outsource to a provider who is experienced with the selected technology.
Outsourcing security allows organizations to affordably leverage expertise that may not be available internally, but at the cost of losing control. Many providers offer cookie-cutter, one-size-fits-all solutions, which may not meet a specific enterprise’s needs.
A third option that is gaining increasing popularity is co-sourcing. In this model, the provider does the technology-specific heavy lifting and leaves a specific organization’s network independent, allowing remediation to be performed by the in-house team. Organizations can also customize the solution, and keep data on your premises.
Chief Information Security Officers are under pressure to demonstrate adequate risk management and accountability, and simply outsourcing cybersecurity to a managed security services provider won’t pass muster with the Board.
A. N. Ananth is on our expert panel list. To find out more about our panel members, please visit the biographies page
A.N. Ananth is the co-founder and CEO of EventTracker. He was one of the original architects of the EventTracker enterprise log management solution. “Ananth” has an extensive background in product development and operations for telecom network management and has consulted for companies on compliance strategy, audit policy and automated reporting processes.
A leading expert on IT compliance with over 20 years experience in IT-control and operations, Ananth is a frequent speaker on topics including security breaches, big data analytics, audit and compliance, and IT forensics.
Prior to EventTracker, Ananth worked on product development for companies including Ciena, Westinghouse Wireless and Equatorial Communications.
He holds a MSEE from the University of Texas.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.