Security Think Tank: Outsource only run-of-the-mill security functions

Opinion

Security Think Tank: Outsource only run-of-the-mill security functions

Outsourcing of IT support, desktop support and infrastructure is relatively common, while an increasing number of organisations are now investing in outsourcing of e-commerce systems, hosting of datacentres, and software and application development, the latter of which is commonly outsourced offshore.

However, this extensive experience does not mean that organisations do not still face enormous challenges around outsourcing. 

One of the most common issues raised by senior IT professionals is how to maintain and drive value from outsourcing when there are cost constraints in place. With budgets being slashed because of the recession, IT departments are looking for ways to achieve more with less.

When it comes to defining value, there are no easy answers. For some organisations and some projects, value is about cost savings and efficiencies, while others might see value as being driven by innovation and thought leadership.

Benchmarking techniques can help to provide insight into what value is being provided by service providers and/or internal IT teams and services, allowing organisations to make better decisions on outsourcing

One of the first questions IT professionals must consider is what to outsource and what to keep in-house. Benchmarking techniques can help to provide insight into what value is being provided by service providers and/or internal IT teams and services, allowing organisations to make better decisions on outsourcing

Benchmarking services such as those available through the Corporate IT Forum also allow organisations to compare their own performance with other organisations, although this is most useful when applied to organisations in similar industries or of similar sizes. Benchmarking that is not targeted in this way could be counter-productive or even misleading.

Areas of IT that can be delivered as a defined service are "ripe" for sourcing externally as outsourcing a process end-to-end is invariably more successful than outsourcing it partially. 

The Forum has found that organisations struggle, and are therefore reluctant, to outsource areas of IT security because business-critical information weaves its way through it. Many are subject to regulatory compliance that cannot easily be passed on to a third party.

In a recent sourcing survey, members stated that the top three areas that they were comfortable outsourcing were: voice networks; e-mail and messaging; and data networks. 

Security was in 15th place (only 5% had outsourced) – just ahead of project management. 

Interestingly, while 48% would not outsource their IT security teams, nearly 29% had taken a mixed approach – using third-party contracts for more "commoditised" areas of IT security. 

Organisations are outsourcing, more and more, those areas classed as "business as usual" (e-mail filtering, internet access, network support, etc) – processes that are not visible to the user. Areas that are staying within the business are those that have a level of internal decision-making and need an element of in-house ownership – areas such as project management and, ultimately, security. 


Dani Briscoe is research services manager at the Corporate IT Forum.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in May 2012

 

COMMENTS powered by Disqus  //  Commenting policy