Posted in Information Technology, IT Security, Outsourcing, Technology

Outsourcing IT Security: Is it worth the RISK?

For every lock, there is someone out there trying to pick it or break in.   – David Bernstein

In this fast changing world, most companies now integrate IT into their organization. So how will the company protect its highly sensitive data against attacks and damages? The number of cyber hackers is growing and they are breaking into the company’s computer system, intruding and causing damage to the organization’s operations.

The best thing for a company to do is to invest into IT security to protect its data from these hackers.

Image Source:

According to Edward S. Ferrara, “Security is so hot that good people are hard to find, and they’re expensive.” So outsourcing IT security is most likely the best option since it is cost efficient than hiring your own IT personnel. There are however issues and risks with outsourcing IT security, some of which includes data control, privacy of confidential information and the quality of service.

Image Source: Muhammad Shahbaz |

According to Cloud Security Alliance, outsourcing is not advised for governance-related security functions, but for operations-related security functions like firewall management, network security, vulnerability scanning, anti-malware, host security and database firewall management.

In order to mitigate the risks involved in outsourcing IT security, it is necessary for the organization to have in place proper procedures or measures in the SLA. A company should choose the right service provider that could meet the security requirements of the organization without compromising its sensitive and confidential information.


4 thoughts on “Outsourcing IT Security: Is it worth the RISK?

  1. I think that companies should conduct a thorough risk assessment to analyse where their risks are in relation to IT security, the controls that they have already in place to manage these risks, rate the risks (Critical, High, Moderate, or Low) and if the risk is still critical or high then look at additional controls which may mean outsourcing their IT security.

    Maybe put some examples of those companies who have been hacked and the cost of recovering their data. e.g. refer to the website below:

    This site states that the U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.

    The photos in the blog are very good and relevant.


  2. You are absolutely right! There are many IT security companies out that provide various forms of security for various needs of any company.

    It is best to outsource systems like security to companies that have a strong knowledge of possible security breaches.

    It is also cost effective!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s