Tuesday, November 11

Outsourcing Security is NOT Riskier

Network World posted an article yesterday titled Myth or truism? Security experts judge conventional wisdom. I really love the idea of putting a panel of security experts together for a single question - it gives you multiple points of view on an issue. I also like that it wasn't conversational. Without hearing the other expert answers, people were free to wildly disagree with the crowd.

Expert Advice

The first take-away is that there is almost never consensus. So, add your own perspective to whatever security advice you hear. There will usually be someone smart who disagrees and you'll need to find your own middle ground based on your individual needs.

Outsourcing Security

The other really interesting thing I took away is on the topic of Outsourcing Security. Other than one, all of the experts seem to acknowledge the potential for better security in outsourcing. I often hear the argument that outsourcing has benefits in spite of security concerns. But, this panel had good reasons why outsourcing may create better security. Here are a few of the responses:
People are risky, whether they get a paycheck signed by you or one signed by the outsourcer... Often, an outsourcer has more security measures in place than you do.
- Bruce Schneier

If you need 24/7 coverage, choose a solid managed security service provider, and choose the right services to outsource.
- John Pescatore

Outsourcers can hire better people and because they see more real bad things, they are better at reacting.
- Richard Stiennon
As I said above, think about your own needs and make your own analysis, but hopefully we can agree to stop assuming that outsourced security is less secure.

4 comments:

Anonymous said...

Nice post!

In my latest post I listed 10 tips for outsourcing tech. Number 8 was "Don’t outsource your secrets". I think it's a valid point -- but definitely manageable if you're smart about it.

Matt Flynn said...

Good point Robert! I like the phrasing of that too - don't outsource your secrets. It drives home the point that who's managing the technology is not the issue. It's a matter of secret protection.

Anonymous said...

Nowadays, foreign companies are asking for assistance from business process outsourcing (BPO) companies. It saves them a great deal of money and in turn these foreign companies gain huge amount of profit. Furthermore, there is an assurance in outsourcing because of the strict security measures applied by the BPO companies to their employees. This results to reliability of the transactions made between foreign and BPO companies.

RNB Research said...

I chanced upon to view your blog and found it very interesting. Great ... Keep it up!