|
Page 1 of 6
By Daniel Wallace
Last week, SecureWorks completed the purchase of VeriSign's managed security service business.
This continuing trend toward consolidation and specialization in the security services market that has seen IBM take over ISS, Verizon take over Cybertrust and BT take over Counterpane.
The players in this space appear to be adding scale in anticipation of the growth that is expected in this industry.
IDC's 2009 Worldwide Security Services Forecast predicts that this market will grow from $23.5 Billion in 2008 to $44.1 Billion in 2009.
Other industry experts suggest that the security services growth rate could be higher in light of a continued global recession that forces firms to stabilize security costs and cut staffing while dealing with a more sophisticated threat environment.
The decision to outsource information security isn't the right approach for every business; the choice of provider and which services to farm out to a 3rd party are unique to each organization and set of circumstances.
Furthermore, while the responsibility for information security's daily care and feeding can be outsourced, the accountability for compliance, information protection, and assurance will still reside within the organization usually in the CISO's office.
There are several things the CISO will need to focus on and ways to not only influence the security outsourcing decision but also take ownership of assessing the risk inherent in the outsourcing relationship.
For purposes of this discussion I am going to skip over the managed vs. hosting provider; onshore vs. offshore; bundled service suite vs. a la carte analysis that factors into most outsourcing decisions.
I am also going to ignore the tactical consideration of whether firewalls, IDS/IPS, authentication, scanning and pen testing is better done in house or left to someone else.
Instead I am going to present a generic set of considerations that will enable the CISO to ensure that risk considerations are baked into whatever direction the analysis takes.
|
