Subscribe

Outsourcing infosec can be a risky business

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 17 Mar 2016

ITWeb Security Summit 2016

Kris Budnik, from SLVA Information Security, will be speaking at the ITWeb Security Summit 2016 on 17 and 18 May. He will focus on how to protect Internet banking from external and internal adversaries. To view the full agenda click here. To register and ensure you benefit from the early bird price, click here.

The costs associated with properly securing an organisation number among the most expensive for today's businesses. At the same time, the majority of companies are trying to lower expenses, increase productivity and boost profits.

Outsourcing security can go a long way towards achieving this, but it can also be a risk if not handled properly.

"The benefit of outsourcing the security function to a specialist provider is the dedication, focus and specialisation that such a team will bring to your organisation," says Kris Budnik, director of Slva Information Security, who will be presenting on 'Outsourcing the information security function - are you really giving away the keys to the kingdom?' at the ITWeb Security Summit 2016, to be held from 16 to 20 May at Vodacom World in Midrand.

"As a consumer of the service, you do not need to worry about staff retention, training or breadth of skills needed," he explains. "But beware, often it is tempting to outsource such a role to a general IT services provider who layers the security service in as a 'value add'."

He says this is the quickest way to introduce mediocrity into your environment, because such service providers are frequently focused on IT only and do not possess the skills necessary to place security activities in the correct context in the business.

Kris Budnik, director of Slva Information Security.
Kris Budnik, director of Slva Information Security.

"This often means that there is a mismatch in respect to the priorities for security and worse still, you may land up being guided to what works for the service provider and not what is necessary for you."

What is key when it comes to outsourcing the IT security function, says Budnik, is to ensure that you fully understand your requirements and expectations before making any commitments. "I also caution against outsourcing to a general IT outsourced services provider."

During his talk, Budnik will explore the criteria to use when considering the various outsource services as well as the measures to employ to ensure that the outsource arrangements are effective and efficient.

Share