Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Manage Third-Party Service Security Outsourcing

Making informed decisions about your outsourcing options.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail

Your Challenge

  • A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.
  • It is unclear what processes could or should be outsourced versus what functions should remain in-house.
  • It is not feasible to have 24/7/365 monitoring in-house for most firms.

Our Advice

Critical Insight

  • You are outsourcing support, not accountability, unless you preface that with your customer.
  • For most of you, you won’t have a choice – you’ll have to outsource high-end security skills to meet future needs.
  • Third-party service providers may be able to more effectively remediate threats because of their large, disparate customer base and wider scope.

Impact and Result

  • Documented obligations and processes.This will allow you to determine which solution (outsourcing vs. insourcing) allows for the best use of resources, and maintains your brand reputation.
  • A list of variables and features to rank potential third-party providers vs. internal delivery to find which solution provides the best fit for your organization.
  • Current limitations of your environment and the limitations of third parties identified for the environments you are looking to mature.
  • Security responsibilities determined that can be outsourced, and which should be outsourced in order to gain resource allocation and effectiveness, and to improve your overall security posture.
  • The limitations or restrictions for third-party usage understood.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to understand how to avoid common mistakes when it comes to outsourcing security, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. What to outsource

Identify different responsibilities/functions in your organization and determine which ones can be outsourced. Complete a cost analysis.

2. How to outsource

Identify a list of features for your third-party provider and analyze.

Guided Implementations

This guided implementation is an eight call advisory process.

Guided Implementation #1 - What to outsource

Call #1 - Assess your responsibilities to determine which ones you can outsource
Call #2 - Determine your ideal cost savings and benefits from outsourcing
Call #3 - Perform costing analysis and evaluate each responsibility

Guided Implementation #2 - How to outsource

Call #1 - Understand the third-PP market and determine what variables to evaluate the third-PPs on
Call #2 - Identify which features to look for in an MSSP and create a third-PP shortlist
Call #3 - Evaluate and rank the third-PPs

Guided Implementation #3 - Manage your third-party provider

Call #1 - Create a metrics program and understand how to align your third-PP to your organization
Call #2 - Create a third-PP management process