The Case for Outsourcing Security Grows Stronger

The Case for Outsourcing Security Grows Stronger

There's no rest for the weary – and IT security professionals rank high among that group. Their battles are never-ending. Just take a look at these findings from Risk Based Security, released in January, which revealed that 2016 saw more than 4,000 breaches that exposed over 4.2 billion records. That was approximately 3.2 billion more records than the previous all-time high, it states.

Yahoo!, of course, reported the single largest breach ever disclosed in December (more than 1 billion records impacted!). But also contributing to the breach pile-up, as tracked by IdentityForce, were hacks at the University of Central Florida, the U.S. Department of Justice, and Verizon Enterprise Solutions, among many others.

With attack surfaces expanding but security budgets staying tight, talent remaining scarce, and tools lacking seamless integration, it's no wonder that security pros have concerns that they can put their defensive technologies to work as effectively as they'd like.

A recent Cybersecurity Report reveals that security pros’ biggest sources of concern related to cyberattacks include mobile devices, the public cloud and cloud infrastructure, as they create more endpoints to protect and widen the security perimeter.

Yet, the percentage of security pros who review and improve security practices regularly is down from 56% in 2015 to 53% last year.

I don't interpret that to mean that security pros are growing either lax or overconfident about the threat landscape. What it shows is a recognition that there's only so much that resource-restricted internal security organizations can handle on their own – and it may not be enough to effectively detect and defend against attackers.

Security Outsourcing Leads the Pack

That position is bolstered, I think, by what researchers are telling us about the growing use of security outsourcing services:

  • Close to three-quarters of recent survey respondents indicated they relied on third parties for 20 to 80 percent of their security, with those relying most heavily on outside help plan to increase their use of external vendors.
  • In a survey conducted last year by CIO, CSO and Computerworld, 56 percent of the respondents said that their organizations are enlisting outside consultants to help with information security strategy, and 40 percent said they’re turning to MSSPs.
  • The top functions being outsourced are penetration testing/threat assessments (70%), spam filtering (46 percent), threat intelligence (40 percent) and log monitoring (34 percent).
  • Computer Economics IT Outsourcing Statistics 2016/2017 study shows that IT security outsourcing is increasing at the fastest rate of all outsourced functions and that no organization already engaged in security outsourcing reported plans to decrease usage. IT security also ranked among the top three outsourcing functions with the greatest potential for improving service.

"Many organizations are changing strategies from primarily threat prevention to threat detection, which requires another skill set," said Computer Economics VP of Research David Wagner in a statement. "IT departments are responding to this need for a wide variety of specialized skills by outsourcing more.

Relief at Hand

When companies turn to outsourced expertise via solutions such as managed security services, they alleviate the uncertainty security pros currently experience about their ability to take full advantage of the technology they have on hand and to keep their security infrastructures up-to-date. Some 37% of survey respondents said they aren't equipped with the latest-and-greatest tools even though they replace or upgrade their security technologies on a regular basis.

Unifying existing enterprise security solutions and complementing them with a suite of advanced security features under an integrated and managed framework will bring a sigh of relief from in-house security personnel. They’ll still be an integral part of securing the enterprise, but at least they won’t have to carry the load alone.

To learn more about how Masergy's managed security service can help your organization, read our whitepaper Masergy's Unified Enterprise Security Solution.

About Craig D' Abreo

VP, Security Operations, Masergy
Craig oversees the Managed Security, Threat Intelligence and Security Professional Services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in Computer Science and an MBA in Information Security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.