Corporations across Asia Pacific are expected to become more open to the concept of outsourcing the management of their IT security systems to third parties.
During the MediaConnect Asia Security Forum 2005, experts pointed out that the process of outsourcing IT security is already evident in more mature Asia Pacific markets like Australia, Japan, and Taiwan.
“Asia Pacific is catching up,” said Ed Elliff, VeriSign executive manager for enterprise in Asia Pacific. “For other countries in the region, we expect multinational firms to be the most receptive and lead others in the transition to managed IT security.”
Security demands for online applications, such as e-commerce and Web services, have been prompting more and more corporate customers to hand off their security functions such as intrusion detection and firewalls to third-party service providers.
Elliff said that the routine monitoring and maintenance of firewalls as well as the monitoring of the intrusion-detection system traffic alerts are mundane activities that can significantly reduce staff productivity, thus, more companies are looking forward to handing them out.
Andy Lee, Equant’s head of security practice in Asia Pacific, said that in a year or so, a significant number of Asia Pacific firms would find themselves outsourcing the management of their IT security infrastructure. “Cost benefits will be the number one factor that will primarily drive Asia Pacific firms to outsource,” he said.
Another reason why outsourcing is expected to become more evident in mature markets is the pressure from government regulations.
“Users are finding that outsourcing IT security can help augment an internal security strategy by preparing reports required by many new government regulations,” Elliff said. “Outsourcing IT security requirements also translates to outsourcing risks to a third party.”
He pointed out that this has already been a common practice among other sectors like insurance and financial firms.
Australian-based ethical hacking services company Pure Hacking, however, noted that Asia Pacific countries are 18 months behind with regard to subscribing to ethical hacking services offered by third parties.
Ethical hacking services or penetration testing is offered to clients who want to pinpoint the vulnerabilities of their current IT systems such as infrastructure, connectivity, and applications, then figure how fast they can respond to probable attacks.
“Based on experience, most companies were able to detect the attacks within half a day,” said Robert McAdam, chief executive officer of Pure Hacking. “Nevertheless, about 80 per cent of application attacks were still able to go unnoticed.”
About 80 per cent of Pure Hacking’s clients are in Australia and the rest across Asia Pacific.