Change. The one constant in this world. This is also true for trends in Information technology. And, the common trend that outsourcing of critical information security functions is a bit slower than norm has also been altered lately. This post in CIO-Asia from Forrester’s Manatosh Das illustrates how significant factors have contributed to this change by addressing concerns such as letting external parties access internal networks and manage IT security operations exposes them to too much risk.
Skill shortages are leading to higher risk exposure. The pool of technical specialists with internal security skills have been ‘shallow’ and limited resources may have led to the cost increase of staffing – that severely restricts efficiency, as well as increase of security breaches by giving cybercriminals more time to carry out attacks undetected.
Internal security teams can’t keep up with business change. With the rapid pace of business evolution in Asia Pacific region putting more pressure on the CIO’s organization, building in-house capabilities to monitor and manage IT security around the clock is becoming an unrealistic option for many.
To address these challenges, Asia Pacific companies need to contract managed security service providers (MSSPs). Working with external parties such as MSSPs can be tricky at first, especially because it’s a new practice, but it does lead to some success. By carefully selecting vendors and managing the relationship closely, security and risk leaders will not only improve their chances for success but also help improve the organization’s security/risk stance.