Abba Center for Excellence

Abba Workforce Augmentation

Careers with Abba

Managing Security

Clear benefits help organizations overcome aversion to outsourced security.

These days, organizations generally have few qualms about outsourcing key aspects of their IT environment to a qualified managed services provider, given the demonstrated ability of such arrangements to reduce operational costs and improve network efficiency. Security, however, remains an exception.

No doubt, outsourcing security requires a leap of faith. Most organizations fear that seeking outside help in this area is essentially giving away the keys to the kingdom.

Despite the fears, outsourcing at least parts of the IT security infrastructure makes sense, especially for small to midsize businesses (SMBs) that typically don’t have the internal resources to effectively and cost-efficiently secure their networks. A recent survey conducted by the non-profit Small Business Technology Institute (SBTI) and Small Business Technology Magazine verifies that SMBs tend to approach IT support on a reactive basis and allocate very limited human and financial resources to IT functions.

“The small businesses we surveyed confirm that IT support is a burning issue that has a significant impact on their productivity and bottom line,” said Andrea Peiro, SBTI CEO and publisher of Small Business Technology Magazine. “Fifty-seven percent of our respondents said they do not allocate personnel to support the IT functions, leaving the majority of IT decisions (73 percent) falling on the shoulders of the CEO or president.”

Leveraging Expertise

Given those challenges, outsourcing security offers clear benefits for SMBs. Managed security services providers (MSSPs) have a broader handle on the most recent worms and viruses sweeping the Web, and employ teams of security experts who can track how those threats move across the globe. MSSPs also generate detailed reports on how the security infrastructure is performing, which can improve compliance with regulations such as Sarbanes-Oxley, HIPAA and the Payment Card Industry Data Security Standard.

Two recent studies show that organizations are beginning to overcome their natural reluctance to outsourced security and are actively seeking services that free them from having to make investments in security appliances, software and monitoring.

A report by Butler Group estimates that the market for managed security and privacy services is set to grow at roughly 15 percent annually through 2010. Another report by the Computing Technology Industry Association (CompTIA) reveals that buyers of managed IT services will focus primarily on security and disaster recovery services in 2007, with one-third of 322 respondents saying they plan to invest or upgrade their spending in those areas.

Handle with Care

Still, care must be taken before turning over critical security functions to a service provider. Organizations must perform due diligence in order to reap any benefits. Following are some of the criteria to consider:

Facilities. Ideally, the provider should have multiple operations centers running around the clock in order to achieve continuous management and monitoring. Make an on-site visit to ensure it isn’t a shoestring operation run out of someone’s garage.

Expertise. The provider should employ security specialists with certified expertise across a broad range of security products from a variety of vendors. This allows a company the freedom to select best-of-breed solutions.

Longevity. Make sure the provider has a proven track record of delivering quality security services to a broad range of industry sectors over a long period of time.

Breadth of services. Does the provider offer real-time monitoring and management of firewalls, intrusion-detection systems, VPNs and other security products? If so, that is an indication it can meet the security needs of a wide variety of companies.

Documentation. A qualified MSSP should be able to provide documented standards and policies for handling typical and atypical operations and threats. It should also have a variety of notification methods to allow customers’ staff the ability to mitigate risk in real time.

Many organizations today can benefit from outsourcing the management and monitoring of their security operations. Yet organizations must be aware of the potential risks, and they must expend the time and effort to define, evaluate and manage those risks. For all its benefits, outsourced security will never be a “set and forget” solution.

Back to Menu
Back to Archive
888-ABBATECH
Abba Home Abba Contracts Contact Abba