This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
April 2002 (vol. 35 no. 4)
pp. 20-21, 26
Bruce Schneier, Counterpane Internet Security, Inc.
Deciding to outsource network security is difficult. The stakes are high, so it?s no wonder that paralysis is a common reaction when contemplating whether to outsource or not:
  • The promised benefits of outsourced security are so attractive. The potential to significantly increase network security without hiring half a dozen people or spending a fortune is impossible to ignore.
  • The potential risks of outsourcing are considerable. Stories of managed security companies going out of business, and bad experiences with outsourcing other areas of IT, show that selecting the wrong outsourcer can be a costly mistake.

If deciding whether to outsource security is difficult, deciding what to outsource and to whom seems impossible. Over the past few years, we?ve seen many different companies offering different capabilities under the general category of "managed security services." The field is so confusing that even the industry analysts can?t agree on how to categorize the services offered. This company manages firewalls. That company offers periodic vulnerability scans. Another offers to manage security policies, or monitor the network, or install the IDS, or host the computers. Some of these businesses make sense, and some of them don?t. Some will survive; some won?t.

Citation:
Bruce Schneier, "The Case for Outsourcing Security (Supplement to Computer Magazine)," Computer, vol. 35, no. 4, pp. 20-21, 26, April 2002, doi:10.1109/MC.2002.10026
Usage of this product signifies your acceptance of the Terms of Use.