Some managers cite bad experiences. "We outsourced firewall and intrusion-detection monitoring only to learn through a third-party audit that our firewalls weren't being managed as promised," says the security executive at a small West Coast credit union.
But United Parcel Service Inc. has made gains from security outsourcing, says Tamara Schwartz, applications manager at the package-delivery and logistics company. "One of the biggest benefits is that [security service providers] have their own hackers. They have people who investigate vulnerabilities and develop interim solutions. That's a very highly skilled resource to have," she says. UPS also uses outside auditors to conduct security reviews. "We leverage them to show us what we're doing right and what can be improved upon."
Credit-information provider First American Credco has used security service provider TruSecure Corp. for years. "It's better to have a second pair of eyes reviewing your systems and security stance," says Benjamin Powell, manager of network services for Credco. He says TruSecure has proven its worth: "When Sasser hit, none of our systems got infected."
Illustration by Christoph Niemann