Managed services vs in-house
Complex IT security technologies out-pace in-house IT skills.
The ever-growing complexity of IT security technologies will continue to push more companies to outsource IT security to managed service providers. The average company just doesn't have the skills in-house to manage and maintain increasingly-sophisticated security tools.
So says Richard Broeke, an IT security expert at Securicom.
"Where stopping viruses and spam used to keep IT admins awake at night, these pale insignificance to the more complex security issues companies face nowadays such as targeted malware, data leaks and the like. Likewise, the complexity of the technologies used to combat those issues also pales in comparison to that of the systems needed nowadays.
"In fact, the complexity of today's IT security solutions generally outpaces in-house IT skills. IT administrators typically don't have the specialist skills that are needed to manage the technologies, never mind the threats," says Broeke.
In a recent Trustwave survey of IT professionals around the world, 65% of respondents said they are pressured to select and purchase security technologies with all the latest features, despite that 35% do not have the proper resources to effectively use all those features. Three out of four teams surveyed are responsible for installing and maintaining their security solutions in-house, but 85% said they will use or look to use managed security services in the future to relieve some IT security pressures. Specifically, 46% said they plan to use managed security services in the future, and 36% indicated that they already do. 22% of the IT professionals surveyed reported using a combination of in-house IT staff and a third-party managed security services providers.
Broeke says the environment is similar in South Africa.
"Businesses have huge amounts of data flowing in and out of their networks, so there is more data to secure than ever before, and regulations around data security are becoming more stringent. There are also more channels for attack, from the web, email and emerging technologies like mobiles and social media. Add to this the fact that threats are also becoming more hostile, and have long-surpassed the abilities of what we now consider security basics, such as anti-virus and firewalls.
"IT teams lack the skill to manage the systems required to address these risks. Particularly, they don't have enough time to give security the attention it requires. So, we are seeing a marked upswing in the number of local companies adopting a managed services approach for certain aspects of security, such as email security and content management.
"Looking ahead, we will not only see more companies doing so, but we can also expect more companies to outsource the entire security function. In many cases, it makes sense to outsource. Archiving, data storage and mobile device management are all well-suited to an outsourced strategy. Security has become very skills-specific and time-consuming, outsourcing the function frees-up IT personnel to focus on IT projects that enable the business and generate revenue," says Broeke.