Every IT manager could use an extra hand. Outsourcing security responsibilities is how many businesses fill gaps in their IT resources to keep up with the growing threats they face.

Outsourcing proves especially valuable to small and midsize businesses that lack the resources to manage firewalls, antivirus efforts, and intrusion detection and prevention around the clock, something bigger businesses usually can do more easily.

One-quarter of U.S. companies surveyed in InformationWeek Research's Global Security Survey 2006 outsource at least some of their security functions to managed services providers. Twenty-three percent of U.S. companies surveyed plan to increase spending on security outsourcing this year compared with last, as do 45% of Indian, 24% of Chinese, and 16% of European businesses.

The most serious security challenge for privately held HealthCare Partners is preventing network-based attacks, and it has prompted the company, which has 40 offices and 3,500 employees, to consider outsourcing the monitoring of its firewalls and intrusion prevention systems. "That would give me 24-by-7 coverage, which I don't have now," says Leo Dittemore, director of IS security administration. HealthCare Partners expects to pay an outsourcing firm 60% of what it would pay its own network engineers to do the same work.

Another closely held midsize company, Amerisure, has used VeriSign to manage its denial-of-service detection, intrusion attack notification, and antivirus updates for the past five years. Amerisure pays $75,000 a year for the services. While this is at least 25% more than what it would cost the mutual insurer to do the work itself, it's more scalable as the company grows. VeriSign also studies Amerisure's intrusion detection logs and condenses that data into regular reports.

Continue to the sidebars:
Built-In Software Security Flaws Have Companies Up In Arms
and Global Differences

Return to the story:
InformationWeek Global Security Survey 2006: Controlled Chaos