CXO

Survey shows outsourcing security popular

Outsource security? "Sure," said TechRepublic members in a recent survey. See what your peers say they will and will not outsource when it comes to security.


The majority of TechRepublic members who responded to a recent CIO Republic survey say they are outsourcing some aspect of their network security.

The survey, which ran in the CIO community Sept. 4-8, received 130 responses. Of those, 67 said they did outsource some aspect of their security.



Why are you outsourcing such a vital element of business? As the graph below shows, the majority of you said you simply didn’t have the internal resources needed to adequately address security problems. Budget cost savings was the second most popular reason.



What to outsource
Interestingly, TechRepublic members have a wide range of experience in outsourcing as a group.

When we asked what you outsourced, 40 respondents said they outsourced security. Fewer of you are actually paying for more high-end services, such as digital certificates (20) or incident response teams (14). Respondents were allowed to choose more than one answer.



Next, we asked what you would consider outsourcing. In all, there were 362 responses to this question because we allowed multiple answers. Most of you expressed interest in outsourcing security analysis—which may refer to the fact that most respondents said they were outsourcing because they lacked internal security expertise.



As the chart above shows, also high on the list were managed firewalls, intrusion detection, and filtering for malicious code.

Twenty-three respondents, or 6 percent, said outsourcing was too important to outsource.

We also asked what services you would not consider outsourcing. E-mail security topped the list. Surprisingly, managed firewalls also rated high, despite the fact many of you are already outsourcing this function.



Auditing your vendors
Finally, we wondered whether TechRepublic members intended to test the security of the vendors you planned to trust. So we asked respondents whether they planned to audit the vendors.

As the chart below shows, the vast majority will perform security audits on their outsourcers.



The survey also showed that 60 percent of respondents said that they plan to audit vendors at least twice a year with another 30 percent planning annual audits.
Your input drives our content, so if you want to know what other TechRepublic members think about a particular topic, e-mail us and we'll try to include your questions in future surveys.

Editor's Picks