Outsource with Caution

Q: What do you consider to be the top three benefits and pitfalls for outsourcing IT security? A: There are a number of benefits when it comes to outsourcing IT security. Security service providers deal with a wide range of clients and, as such, have a wide range of expertise. Outsourcing information security allows companies to leverage the best practices the provider has gained from other clients. Additionally, economies of scale can be leveraged, reducing costs while providing a variety of resources. Finally, for routine activities such as password resets, security monitoring, security management and others, outsourcing information security requires less resources.

However, there are disadvantages. When you outsource IT security, you give contractors access to your environment. Because of that, you need to control the level of access you grant your providers and ensure that their policies for screening their employees meet your standards. Furthermore, when developing your service-level agreements, ensure the necessary language is included so that you receive all the services you request and that your provider's staff understands and abides by your internal security policies. Finally, don't take for granted the importance of monitoring activity; provisions must be made to ensure ... // 70% Remaining