- A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.
- It is unclear what processes could or should be outsourced versus what functions should remain in-house.
- It is not feasible to have 24/7/365 monitoring in-house for most firms.
- You are outsourcing support, not accountability, unless you preface that with your customer.
- For most of you, you won’t have a choice – you’ll have to outsource high-end security skills to meet future needs.
- Third-party service providers may be able to more effectively remediate threats because of their large, disparate customer base and wider scope.
Impact and Result
- Documented obligations and processes. This will allow you to determine which solution (outsourcing vs. insourcing) allows for the best use of resources, and maintains your brand reputation.
- A list of variables and features to rank potential third-party providers vs. internal delivery to find which solution provides the best fit for your organization.
- Current limitations of your environment and the limitations of third parties identified for the environments you are looking to mature.
- Security responsibilities determined that can be outsourced, and which should be outsourced in order to gain resource allocation and effectiveness, and to improve your overall security posture.
- The limitations or restrictions for third-party usage understood.
This guided implementation is an eight call advisory process.
Guided Implementation #1 - What to outsource
Call #1 - Assess your responsibilities to determine which ones you can outsource
Call #2 - Determine your ideal cost savings and benefits from outsourcing
Call #3 - Perform costing analysis and evaluate each responsibility
Guided Implementation #2 - How to outsource
Call #1 - Understand the third-PP market and determine what variables to evaluate the third-PPs on
Call #2 - Identify which features to look for in an MSSP and create a third-PP shortlist
Call #3 - Evaluate and rank the third-PPs
Guided Implementation #3 - Manage your third-party provider