IT Security Outsourcing in Decline

Seventh Annual Global Information Security Survey: Companies that once outsourced many IT security controls have opted to do more in-house. A look at what caused the shift. (Third in a four-part series)

By Bill Brenner

Wed, October 28, 2009CSO The worst economic recession in decades has compelled more companies to spend less on outsourced security services and do more in-house, according to the seventh-annual Global Information Security survey, which CSO and CIO magazines conducted with PricewaterhouseCoopers earlier this year.

Some 7,200 business and technology executives worldwide responded from a variety of industries, including government, health care, financial services and retail.

Related podcast: IT Security Outsourcing in Decline

A few years ago, technology analysts were predicting unlimited growth for managed security service providers (MSSPs). Many companies then viewed security as a foreign concept, but laws such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (affecting financial services) were forcing them to address intrusion defense, patch management, encryption and log management. Convinced they couldn't do it on their own, companies chose outsourcers to do it for them. Gartner estimated the MSSP market in North America alone would reach $900 million in 2004 and that it would grow another 18 percent by 2008.

Then came the economic tsunami, which appears to have cast a shadow over outsourcing plans even though security budgets are holding steady. Although 31 percent of respondents this year are relying on outsiders to help them manage day-to-day security functions, only 18 percent said they plan to make security outsourcing a priority in the next 12 months.

When it comes to specific functions, the shift has already begun. Last year, 30 percent of respondents said they were outsourcing management of application firewalls, compared to 16 percent today. Respondents cited similar reductions in outsourcing of network and end-user firewalls. Companies have also cut back on outsourcing encryption management and patch management.

At the same time, more companies are spending money on these and other security functions. Sixty-nine percent said they're budgeting for application firewalls, up slightly compared to the past two years. Meanwhile, more than half of respondents said they are investing in encryption for laptops and other computing devices.

The results surprise Mark Lobel, a partner in the security practice at PricewaterhouseCoopers. "When you think about it logically, some IT organizations have the resources and maturity to manage their operating systems and patches, but many don't," he observes. "Hopefully, the numbers simply mean IT shops have grown more mature in their security understanding."

Miguel Lopez, a Los Angelas-based IT security practitioner who has worked for such companies as MSC Software and Stamps.com, observed a stark trend toward less outsourcing while at MSC (he left the company earlier this year).

Gartner
Loading...
Security MarketSpace
The Case for Data Protection for SMBs
Email and Web Threats Require a Layered Defense
Learn how web threats are changing and how using a layered defense strategy can give you the security you need. Learn more »
Understanding Versatile Authentication
The next frontier in identity and access management processes is "versatile authentication." Learn more »
Today's Risky Data Environment
This paper explains how an IT and security service provider can provide a practical, manageable and reliable solution. Learn more »
A Comparative Cost Analysis of Email Environments
This Forrester report will help you evaluate the full cost of your email environment and it will explore the benefits of cloud-based technologies. Learn more »
Email and Web Threats Require a Layered Defense
Practical Approaches for Securing Web Applications
Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many don't understand, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle. Learn more »
Smart techniques for application security: whitebox + blackbox security testing.
 
SPONSORED LINKS
 

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Mining the Cloud to Ease the Enterprise Compliance Burden

Solve Five Key IT Security Challenges with Cloud-Based Authentication

IDC White Paper: CCM for IT Compliance and Risk Management

Keeping Your Members Safe from Online Scams and Predators

Learn about the growing threat of insider data theft.

Cisco SIO To Go for iPhone. It's like having a security expert in the palm of your hand.

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

See how AT&T can help protect your network.

White Paper: Improve Agility with Operational Responsiveness

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Seven Design Requirements for Web 2.0 Threat Protection

Cloud-Based Email Management: Opinion Shifts In Favor

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Dark Fiber from Sunesys Save on Unlimited Bandwidth with Fixed Costs.

Masters of Virtualization and Cloud Computing - Daily News

Webcast: The Costs and Challenges of Supporting Today's Information Worker

Top Five CIO Challenges

Return on Information: Google Enterprise Search pays you back. Get the facts.

Authentication as a Service by Forrester Research

Cloud-Based Authentication for Next-Generation Extranets

Mobile Security: The Essential Ingredient for Today's Enterprise

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

White Paper: A Security Blueprint Delivered From within the Network

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

Return on Information: Google Enterprise Search pays you back

Cut Costs & Green Your IT Operations with PC Power Management

Webcast: Unleashing the Power of Customer Data

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

The Total Economic Impact of Network Security Intrusion Prevention

Generation Remote Infrastructure Management - Changing the Paradigm

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

Secure & simplify your data center w/Juniper Networks.

Register for more Windows Enterprise Webcasts today.

Gartner Symposium ITxpo 2009: The World's Most Important Gathering of CIOs and Senior IT Executives

Stay informed with custom newsletters from Tech Dispenser

AT&T Synaptic Storage as a Service. Expand on demand

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords