The Case for Outsourcing Security Grows Stronger
There's no rest for the weary – and IT security professionals rank high among that group. Their battles are never-ending. Just take a look at these findings from Risk Based Security, released in January, which revealed that 2016 saw more than 4,000 breaches that exposed over 4.2 billion records. That was approximately 3.2 billion more records than the previous all-time high, it states. Yahoo!, of course, reported the single largest breach ever disclosed in December (more than 1 billion records impacted!). But also contributing to the breach pile-up, as tracked by IdentityForce, were hacks at the University of Central Florida, the U.S. Department of Justice, and Verizon Enterprise Solutions, among many others. With attack surfaces expanding but security budgets staying tight, talent remaining scarce, and tools lacking seamless integration, it's no wonder that security pros have concerns that they can put their defensive technologies to work as effectively as they'd like. A recent Cybersecurity Report reveals that security pros’ biggest sources of concern related to cyberattacks include mobile devices, the public cloud and cloud infrastructure, as they create more endpoints to protect and widen the security perimeter. Yet, the percentage of security pros who review and improve security practices regularly is down from 56% in 2015 to 53% last year. I don't interpret that to mean that security pros are growing either lax or overconfident about the threat landscape. What it shows is a recognition that there's only so much that resource-restricted internal security organizations can handle on their own – and it may not be enough to effectively detect and defend against attackers."Many organizations are changing strategies from primarily threat prevention to threat detection, which requires another skill set," said Computer Economics VP of Research David Wagner in a statement. "IT departments are responding to this need for a wide variety of specialized skills by outsourcing more.
Security Outsourcing Leads the PackThat position is bolstered, I think, by what researchers are telling us about the growing use of security outsourcing services:
- Close to three-quarters of recent survey respondents indicated they relied on third parties for 20 to 80 percent of their security, with those relying most heavily on outside help plan to increase their use of external vendors.
- In a survey conducted last year by CIO, CSO and Computerworld, 56 percent of the respondents said that their organizations are enlisting outside consultants to help with information security strategy, and 40 percent said they’re turning to MSSPs.
- The top functions being outsourced are penetration testing/threat assessments (70%), spam filtering (46 percent), threat intelligence (40 percent) and log monitoring (34 percent).
- Computer Economics IT Outsourcing Statistics 2016/2017 study shows that IT security outsourcing is increasing at the fastest rate of all outsourced functions and that no organization already engaged in security outsourcing reported plans to decrease usage. IT security also ranked among the top three outsourcing functions with the greatest potential for improving service.