Considering outsourcing security management of your data vs. keeping it in-house? InformationWeek.com and DarkReading.com‘s report on Finding the Right Security Outsourcing Balance sheds some light on the benefits and potential pitfalls of outsourcing, as well as the criteria your organization needs to have for any potential providers in order to keep security at a premium.
The report recommends asking potential providers questions that speak directly to their level of experience, expertise, employees and workflow:
Other well-known advantages of outsourcing include no capital investments; monthly or annual fees for operational costs (vs. managing staff, training, equipment maintenance, etc.); expert knowledge resources; responsive, proactive and focused support; ease of scalability and more.
When it comes to cloud computing outsourcing concerns, 50 percent of respondents in a survey of business technology and security professionals were most concerned about the unauthorized access to or leak of customer data, slightly up from 48 percent in 2011. The next concern was about security defects in the technology itself (48 percent), and unauthorized access to or leak of proprietary information (43 percent).
The study also asks organizations if they performed their own risk assessment of cloud providers – while nearly 29 percent responded yes, they perform their own audits; 15 percent said they did not conduct any risk assessment of their cloud provider at all. Fourteen percent use the providers’ self-audit reports to conduct their assessment. An alarming 9 percent said they wanted to conduct their own audits, but reported providers as being generally uncooperative.
Outsourcing comes with a variety of advantages, including significant cost-savings, but balancing security and compliance concerns (PCI, HIPAA and SOX) at the same time can be a struggle. If you’re seeking more information about outsourcing vs. in-house security, read our HIPAA Compliant Data Centers white paper.
When To Outsource Security – And When Not To