Commentary
Outsource Security Carefully, And Carry A Big Audit Plan
Are IT managers desperate if they outsource security? That's the provocative question Larry Greenemeier asks in today's issue of InformationWeek. His conclusion? A resolute no. In fact, hiring an independent service provider might just be your best bet for staying safe in the midst of rising threats against malware, hackers, and internal saboteurs.Are IT managers desperate if they outsource security?
That's the provocative question Larry Greenemeier asks in today's issue of InformationWeek. His conclusion? A resolute no. In fact, hiring an independent service provider might just be your best bet for staying safe in the midst of rising threats against malware, hackers, and internal saboteurs.It's a good question, though. After all, handing over the job of keeping your all-important networks, systems, and data safe can seem like an act of last resort, acknowledging-as Greenemeier points out-that the job is simply too much for you. Yet isn't it better to make such an acknowledgement and seek appropriate help rather than denying evidence that you may be putting your organization at risk?
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Still, outsourcing shouldn't be done casually and without stepping exceedingly carefully through the vendor selection process. Greenemeier outlines the minimal actions you must take with this regard.
One thing he doesn't mention, however, which should be at the top of any IT professional's list: active risk management of vendors using independent third-party auditors. And a just-released study by Ernst & Young indicates that IT managers are woefully unprepared when it comes to protecting themselves against incompetent, unskilled, or generally ineffectual third-party security service providers. Only 14 percent of the 1,200 global IT professionals surveyed have formal security risk management procedures in place that are properly validated by auditors. And let's face it: independent auditing of vendor effectiveness is the single-perhaps the only-way to sleep at night when outsourcing something as important as security.
Indeed, although 60 percent of the survey participants who had outsourced information security activities already--or who were planning to do so--said they were doing it to focus valuable IT resources on other key areas, most were "overwhelmingly emphatic" about their determination not to outsource security functions because of the risks involved.
What do you think? Have you outsourced all or part of your security activities? Why or why not? Let me know what you think by responding below.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
