Given this threat landscape, IT teams are beginning to rethink the traditional do-it-yourself (DIY) approach in which every security challenge is handled in-house. Considering the breadth of security solutions most enterprises need today, the average IT organization doesn’t have the physical, financial, or human capital resources needed to effectively manage all of them. These include solutions like firewalls, DDoS and DNS protection, identity management, federation and single-sign-on solutions, fraud and malware protection, data loss prevention, and intrusion detection and intrusion protection systems. A side effect of this DIY approach is the tendency of IT to hyper-focus on specialized security solutions and technologies rather than on how best to manage risk. It seems clear organizations need to start rethinking DIY security. Is the best way to manage risk through outsourcing?