Outsourcing security gains appeal

Recent research from Stamford, Conn.-based Gartner Group Inc. indicates that by the year 2003, 50 per cent of small- and medium-sized enterprises that manage their own network security, and use the Internet for purposes other than e-mail, will experience a successful Internet attack. And more than 60 per cent of those enterprises won’t even know it.

For more and more companies, outsourcing security is becoming an obvious and easy choice. By simply outsourcing security needs, there is one less thing for the IT staff to worry about.

Dan McLean, a research manager with Toronto-based IDC Canada Ltd., noted that according to research done by his firm, a lot of companies are choosing to use third-party companies for their security needs.

“Companies are finding that hiring someone with the expertise is really difficult,” he explained. “In the whole space of security, I would say that most of the expertise that’s out there in terms of the people, are really connected with vendors and with third-party service providers. I think companies are going to be hard-pressed to hire a security expert themselves.”

Richard Stiennon, research director of network security with Gartner Group, agreed with McLean and noted that by hiring someone else, enterprises will have an expert on call, 24 hours a day, seven days a week.

“The other advantage is that the investment in infrastructure that a large service provider has can’t be matched by most enterprises – only the very large ones,” Stiennon said, citing as examples redundant systems, redundant connectivity and the high-availability of support features.

So how should companies choose which third-party to go with? In Canada, it is probably best for companies to talk to any of the major consulting companies or systems integrators, because most of them have developed practices around security, McLean said. IBM, Ernst & Young, PriceWaterhouse Coopers and CGI are all options.

There is a lot of help available, so it is really just a matter for companies to figure out what they want to do, he said.

“The whole process of what you should be implementing security-wise begins with that front-end assessment piece…(identifying) the level of risk that you feel that you can expose your IT systems to. And that’s a consulting type of engagement,” McLean said.

“Any third-party that starts with that premise is probably a good company to be talking to,” he said.

Network administrators should be looking at three things: the assets that need to be protected within the company; the level of vulnerability that they are exposed to; and the degree of threat that is out there. From there, the next step would be to look at solutions, with which a third-party can also help.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now