Senate Explores Outsourcing Security Services - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
09:06 AM
Connect Directly

Senate Explores Outsourcing Security Services

The US Senate might outsource core cyber security support to a managed security service. Candidate tasks include network security monitoring, threat analysis, incident reporting, vulnerability analysis, and security engineering and research.

H-1B Visa Program: 13 Notable Statistics
H-1B Visa Program: 13 Notable Statistics
(Click image for larger view and slideshow.)

In a break from its current in-house service delivery model, the United States Senate might use managed security services providers for some of its core cyber security support requirements.

Some of the support functions being considered as candidates for outsourcing to a third party include network security monitoring, threat analysis, incident reporting, vulnerability analysis, and security engineering and research.

The only significant support functions that are not suitable for outsourcing include program management, quality assurance management, contractor supervision, technology assessment, and security policies and standards.

[Want more on the government's attitude toward the cloud? Read DoD Changes Cloud Computing Policy.]

Details of the Senate's interest in exploring a managed service option for some security functions are contained in a notice recently posted by the Office of the Sergeant at Arms at the US Senate. The notice seeks information from vendors able to deliver the services from their own facilities.

Vendors will be required to assist the Senate's technology staff in monitoring networks for threats, provide incident reporting and analysis and research, and evaluate and test security products and technologies. In addition, they will have to be subject matter experts in areas such as advanced persistent threat (APT) detection and mitigation and be willing to assist Senate staffers in operating and maintaining enterprise vulnerability assessments tools, the notice said.

The outsourcing route is one of two options currently under consideration by the Senate. The other option is to stick mostly with the status quo, which is to procure the support services using a combination of contractor-supplied resources and in-house personnel, equipment, and security operating centers.

111th US Senate class photo.
(Image: Wikipedia)
111th US Senate class photo.
(Image: Wikipedia)

The notice does not offer any explanation for the Senate's new interest in outsourcing key security functions to third-party providers. But it makes clear that the Senate intends to exert as much control as it can over any security outsourcing arrangement. The Senate, for instance, will maintain sole custody of all data under a managed service arrangement. It will insist on access to all security metadata maintained by the service provider in order to respond to threats faster.

Any managed service provider that is selected for the task will also need to provide the services using personnel who are US citizens working in US-based facilities and on computers, storage systems, and networks located on US soil.

It's unclear how quickly, or even whether, the Senate ultimately will outsource security support functions to a third party. The notice is merely an expression of its interest in considering other options to its current security delivery model. Even so, the Senate's interest in at least exploring the option is interesting, considering that a vast majority of federal IT professionals remain wary about migrating any IT service to the cloud.

In a MeriTalk survey of 153 federal IT professionals this September, 89% expressed concern about moving to cloud services for a variety of reasons. Forty-three percent of those surveyed compared moving to the cloud to giving a teenager the keys to a new convertible.

Many cited a lack of proper data governance as a reason for their reluctance to move applications and services to the cloud. Close to 80% cited security as one of the biggest reasons for holding back from the cloud.

To meet obligations -- and avoid accusations of coverup and incompetence -- federal agencies must get serious about digitizing records. Get the No Excuse For Missing Documents Tech Digest from InformationWeek Government today (free registration required).

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll