cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Choosing between in-house and outsourced IT security

With the importance of having robust IT security measures growing by the day, an increasing number of organisations are faced with the choice of managing it internally or turning to a trusted external party, Anthony Daniel of WatchGuard Technologies, writes.

user iconAnthony Daniel
Tue, 16 Aug 2022
Choosing between in-house and outsourced IT security
expand image

When making this decision, a number of factors need to be considered. First, it’s important to assess the security measures that are already in place and their ability to guard against threats.

Second, the technical skills that currently exist internally also need to be evaluated. The IT team needs to be able to effectively deploy, maintain, and manage a range of different tools to ensure protective measures are sufficient.

Third, a clear understanding is needed of the threat level faced by the organisation. Senior management needs to understand the level of risk they are prepared to have, and the governance measures required to ensure that their security strategy reflects that risk level.


The challenges to be solved

The choice of retaining security in-house or outsourcing it is also influenced by the problems that the organisation might be trying to solve. These can include staffing shortages and whether budgets allow the operation of a dedicated 24x7 monitoring team.

Other factors include the status of all security tools and whether regulatory and compliance requirements are being met. If significant shortfalls are identified, changes will need to be made.

Advanced security requirements will also influence the decision. With the cyberthreat landscape constantly evolving, there is a growing need for threat intelligence monitoring and forensics. If these are not in place internally, they will have to be provided by an external party.

Also, the overall complexity of the IT infrastructure needs to be considered. If multiple systems in different locations have been integrated and users are following hybrid work practices, greater management will be required.

The benefits and drawbacks of outsourcing

The decision to outsource an organisation’s IT security measures can deliver some significant benefits. One of the biggest is that it provides immediate access to a new pool of experiences and knowledgeable experts.

The shift can also lower the total cost of ownership of the security infrastructure while also providing access to a wider range of tools and platforms. This can significantly improve the level of protection achieved when compared with the previous internal structure.

At the same time, however, outsourcing can have some drawbacks. One is the fact that data must be entrusted to a third party which could increase risks. Also, the internal IT team will lose some control of their infrastructure which may not be well received.

The in-house security option

Retaining the IT security function in-house also has benefits. It gives the in-house IT team greater control of their infrastructure and allows them to have complete oversight of all the measures that have been put in place.

It also makes it easier to change strategic direction when required and exactly tailor measures to match specific organisational needs.

However, the in-house option also has drawbacks. The organisation will be limited to the skill sets held by internal staff and will have more restricted access to details on new trends and threats that might emerge.

There could also be challenges when it comes to managing workloads and providing round-the-clock support. This, in turn, could lead to staff burnout and resignations.

Making the right decision

The decision on whether to retain security in-house or shift to an external provider will be different for every organisation, so it is worth taking the time to carefully consider all the pros and cons.

Start by understanding exactly what needs to be achieved and what, if any, gaps exist in the current framework. While cost should also be considered, this won’t be the most important factor.

At the end of the day, having the right security in place is vital to ensure attacks can be prevented and disruption or losses avoided. Selecting the best option will ensure these goals are attained.

Anthony Daniel is the regional director – Australia, New Zealand and Pacific Islands at WatchGuard Technologies.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.