The Value of Outsourcing Detection and Response

Opret en gratis Insights-profil hos Ingeniøren og få direkte og nem adgang til whitepapers, webinarer og e-magasiner.
Når du tilgår dette materiale, accepterer du, at sponsoren af materialet kan kontakte dig på din oplyste e-mailadresse og telefonnummer med markedsføring af ydelser, der relaterer sig til emnet, som materialet omhandler.

Outsourcing IT services is common practice for organisations everywhere. The majority of organisations already outsource significant parts of their IT services to third parties,, and the remainder are likely to have at least considered it. Cost is still one of the key reasons for outsourcing, but other value-related reasons are becoming more important.

According to the Global Sourcing Association (GSA), outsourcing will continue to grow in the coming years. However, GSA also claims that outsourcing has an image problems. Personally, I have heard multiple stories that corroborate that claim, including stories about outsourcing leading to critical vulnerabilities and about costs escalating out of control. From my discussions with customers, it seems that many are not completely satisfied with their outsourcing partners. The general feeling is that they don’t get the flexibility and proactivity they expect or are promised, and there are far too many hidden costs. This article will not dive into a general discussion of the problems with outsourcing, but rather focus on how some security challenges may be successfully solved by outsourcing.

Making outsourcing decisions is hard. The general advice related to outsourcing is to keep core business in-house and outsource the rest. But what does that mean in practice? How does this advice relate to outsourcing security? Is security considered a core business?

Every organisation is unique but looking holistically at security challenges I think most would agree that there is a lot of ground to cover. The field of information security is vast, sometimes even intimidating. As a CISO or someone else who is responsible for the information security in an organisation, having the capacity to cover everything is extremely challenging and probably even unrealistic. I don’t have all the answers, but I will address some of the common challenges and provide some advice with a main focus on detection and response.