Let’s face it. IT security is a mess. If that wasn’t obvious from years of high-profile breaches, the recent Equifax tsunami certainly sealed the deal. The only good news on the cybercrime front is that IT managers are asking for help: 47% of IT organizations surveyed in our annual IT Outsourcing Statistics study are increasing their use of outside security services. And all signs point to this as a long-term trend.
As shown in Figure 4 from our full study, IT Security Outsourcing Trends and Customer Experience, only 2% of organizations using security service providers are reducing their outsourcing of this function. Nearly half are increasing their level of outsourcing.
“The Equifax debacle and other high-profile breaches have put security at the top of mind for IT executives,” said Tom Dunlap, director of research for Irvine, Calif.-based Computer Economics. “But the new threats present IT security staffing challenges, because the variety and sophistication of threats require new skills that can be hard to find or even identify. Service providers can be a smart way to tap into the latest skills.”
Other metrics in the full report are also revealing. For instance, the frequency of outsourcing (the number of organizations currently outsourcing security services, entirely or in part) went from 39% in 2016 to 43% in 2017. We think this trend will continue, because of the wider array of threats and the need for more specialized knowledge.
However, there are factors that keep this outsourcing percentage from going through the roof. One is that security is not a discrete function. It is intertwined into other functions such as the network, applications layer, and even end-user support. Organizations cannot outsource all of security to a service provider, because security is a mandate of nearly every IT function. It is easy to hire someone to conduct penetration testing or employee training as an aspect of security, but if an organization outsources network security to a service provider, the in-house network and development staff still has to be highly skilled in security for the organization to be safe. Because of its complexity, security outsourcing will always be a partnership between service providers and internal staff.
In light of the new realities, the full study is designed to help IT executives compare their outsourcing activity and experience with other IT organizations. We present data about the five-year trend in IT security outsourcing. We use three metrics to measure IT security outsourcing activity: how many organizations outsource IT security (frequency), how much of the workload is typically outsourced (level), and the change in the amount of work outsourced (trend). We also measure the cost and service experience of organizations that outsource this function, and determine how outsourcing activity and experience vary by organization size and sector.
This Research Byte is a brief overview of our report on this subject, IT Security Operations Outsourcing Trends and Customer Experience. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).
Avasant’s research and other publications are based on information from the best available sources and Avasant’s independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.
Login to get free content each month and build your personal library at Avasant.com
