Leading with SecurityBy Michael Vizard | Posted 2008-12-09 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
IT managers bemoan the risks of outsourcing their security functions, but the reality is solution and service providers are better equipped to protect their clients’ digital assets. The challenge for solution providers is making their competencies known.
This may come as a shock to some people in the solution provider community, but there are actually people working within internal IT departments that don’t want to see providers of outsourced IT services succeed.
In terms of news flashes, this ranks right up with the fact that there is gambling going on in
In a survey conducted by the Ponemon Institute and security vendor Lumension Security, half the IT respondents ranked security issues as a major concern when it comes to outsourcing.
Nothing new there. But what’s interesting is the vast majority of the companies that provide outsourced IT services are a whole lot better at providing security than any internal IT organization. As well-intentioned as any internal IT person might be, the providers of IT services can afford to hire the best talent to master the latest products and technologies in a never ending battle with all the digital miscreants seeking to breach corporate data.
So arguing that somehow employing a third-party services provider might compromise corporate data sounds like a pretty hollow argument. But in reality, a lot of internal IT people can get away with making that argument because there is nobody really around to refute it.
That’s why it’s becoming increasing important for providers of any type of managed service or cloud computing platform to lead with security. It may seem inherently obvious to the solution provider, but in the absence of any firm statement to that effect, it turns out that many internal IT people are using the security issue to sow fear and doubt within their organizations about IT services companies.
Naturally, this is a misguided effort to protect their jobs. But as we have seen time and again in politics and business, all’s fair when it comes to saying something negative about the other guy.
The challenge IT services providers might have is that keeping pace with all the security issues may be outside their own core competency as well. That’s why the rise of security-as-a-service offers a lot of potential for IT services companies to wrap security solutions around their offerings without having to invest their own capital to create it. Of course, they can opt to make that investment. But given these tough economic times, putting capital to use elsewhere might make more sense, which is why Lumension CEO Pat Clawson says his company is considering adding its own security-as-a-service offering to the growing numbers of vendors offering similar services.
In either scenario, it’s pretty clear that providers of outsourced IT services need to put more emphasis on security. You can bet that every time a business executive brings up the issue of third-party IT services, the security issue raises its head. The best thing to do then is to not wait until the issue comes up, but lead with security as a fundamental part of your offering. That way you can take the issue off the table before somebody else raises it outside of your earshot as part of an effort to discredit service offerings that make some people in IT al together less comfortable than they would otherwise prefer.