Outsourcing: Not When It Comes To Security, Most Say

Is outsourcing security a good idea? Itdepends on where you live, according to the InformationWeek Research 2004 Global Information Security Survey. Slightly more than 70% of North American and European respondents say they don't outsource security. In contrast, only 32% of Asia-Pacific respondents and 56% of South American respondents hold similar views.

Some managers cite bad experiences. "We outsourced firewall and intrusion-detection monitoring only to learn through a third-party audit that our firewalls weren't being managed as promised," says the security executive at a small West Coast credit union.

But United Parcel Service Inc. has made gains from security outsourcing, says Tamara Schwartz, applications manager at the package-delivery and logistics company. "One of the biggest benefits is that [security service providers] have their own hackers. They have people who investigate vulnerabilities and develop interim solutions. That's a very highly skilled resource to have," she says. UPS also uses outside auditors to conduct security reviews. "We leverage them to show us what we're doing right and what can be improved upon."

Credit-information provider First American Credco has used security service provider TruSecure Corp. for years. "It's better to have a second pair of eyes reviewing your systems and security stance," says Benjamin Powell, manager of network services for Credco. He says TruSecure has proven its worth: "When Sasser hit, none of our systems got infected."

Illustration by Christoph Niemann

Return to main story: "Under Attack"