Sep 23, 2014
Security isn't just an IT problem. Outsourcing is a bigger strategy for the organization -- and one that shouldn't be tackled by IT alone. Engage senior leaders in an in-depth security discussion; you'll get buy-in from the beginning and have some level of insurance should the deal go south. With the C-suite's stamp of approval, the next step is to determine exactly which elements of the infrastructure are appropriate to outsource and which type of security outsourcing is best for your situation.
When considering security outsourcing, the deciding factors are all about risk and reward -- which tasks and data are low risk and take a lot of staff hours to complete? The dream? Your low-risk and high-reward tasks will start paying back dividends on the first day of outsourcing. The reality? Only if you devote the time to manage vendor relationships and address issues.
IT must take a very data-centric view of outsourcing risks. While it might feel natural to protect infrastructure, even the catastrophic failure of 100 compromised servers is better than the loss of a significant number of customer identities and data. By rethinking your security outsourcing strategy from the ground up, you can ensure that hiring expertise will not only save money but free up staff resources. (S8151014)