Because of the increasing number of data breaches and the heightened focus on risk.
According to a recent survey, the top functions being outsourced are:
· Penetration testing/threat assessments (70%)
· Spam filtering (46%),
· Threat intelligence (40%),
· Log monitoring (34%),
· Anti-DDoS/web application firewall protections (27%),
· Business continuity and disaster recovery (26 percent)
· Awareness training (22 percent).
Outsourcing security functions appeals to small and midsize companies in particular because their resources are already stretched thin and most lack the bandwidth to adequately perform security functions. Smaller companies are also less likely to have people with specialised security skills who can focus on staying on top of a continually changing landscape.
Other developments that push companies toward outsourcing their cyber security include the increase in the number of hackers and the extent of products designed for enterprise security. Trends like these make security difficult to manage for smaller organisations.
“The inevitable conclusion is companies increasingly have to rely on security handled by an MSSP because they can’t keep up — they just don’t have the resources,”
Outsourcing: Not an either-or proposition
The outsourced or managed services model works because there is often no one other than the IT Manager or similar dedicated to security, which opens a company up to risk. Security ends up being sliced up and dished out to 10 percent of several people’s jobs, but because no one beyond the IT Manager is responsible, it’s very tough to make progress or to stay on top of it the way you have to.
Getting a helping hand from outside providers, including an MSSP, not only helps offload some security work, it also means the organisation has 24/7, 365-days-a-year coverage from a highly trained set of eyes.
“IT staff will not be able to provide this kind of service, because they have to handle all types of IT issues, security included, for several users”