Outsourcing your IT security: yes or no?

CloudSec_comp“Should we keep IT security in-house or is it better to outsource?” This has long been a thorny issue for organizations. Recently, it was one of the most important topics during a LeaseWeb Security Round Table with customers and I’d like to share some of the things I learned.

The discussion immediately took off following a statement from one of the participants, an end user: “In the Netherlands, the mantra is to focus on your core business. I dare to differ. I always learned that when operations are critical to your organization, you should keep them close. If security is critical to your company, why outsource it? If you outsource, you disconnect it from your company. What do you think about this?”

The question was addressed directly towards the Round Table organizers, employees of LeaseWeb, including yours truly. I didn’t have to think long about the answer though. If it were up to me, I would not advise you to have in-house systems. I would outsource the IT systems to the cloud. Security is core business for cloud providers. They are experienced, patching frequently and accurately. If you have to choose between in-house or the cloud, the cloud is the most secure option. But outsourcing is always also based on trust. The question thus becomes: do you trust your provider enough to outsource your security?

When I proposed this during the discussion, one of the participants provided his insight: “It depends on what kind of company you are. We are an IT company, which means our processes are ISO 27001 certified. We make sure we patch our systems. We update our hardware, switches and firewalls on a regular basis, to ensure we adhere to the latest technological standards.”

Another participant also added that: “Sometimes, outsourcing will be the best solution. If your organization lacks sufficient resources, you have to let someone do it who has all the proper knowledge.”

As you can see, two very different points of view (which made it a great discussion). Eventually we managed to connect these two very different point of views. It’s good to keep security close. But how do you do this? A large organization has its own resources. But if you are smaller and are forced to outsource your IT security, you still have to ask the right questions to make sure you understand and know everything is being arranged safely.

And there you have it. There is no one-size-fits-all answer. As the oracle of Delphi advised: know thyself.

Leave a Reply

LeaseWeb on Twitter

Are you at @Digital_Dragons ? Don’t miss Onno Lammers’ talk “Don’t play their games: keeping #gaming IT safe from hackers” 18:00, Hall D

test Twitter Media - Are you at @Digital_Dragons ? Don’t miss Onno Lammers’ talk “Don’t play their games: keeping #gaming IT safe from hackers” 18:00, Hall D https://t.co/WJ4x2k2ErM

We are at @Digital_Dragons Meet us at booth A43 or set up an appointment with our #gaming #infrastructure experts digitaldragons.pl

test Twitter Media - We are at @Digital_Dragons Meet us at booth A43 or set up an appointment with our #gaming #infrastructure experts https://t.co/dCyKKVExQp https://t.co/Qa6DtTGKz5

#TechSummitIO We are giving away one free ticket to the first 10 people to use the code I-CANT-WAIT-TO-BE-THERE! techsummit.io/amsterdam/#tic…

test Twitter Media - #TechSummitIO We are giving away one free ticket to the first 10 people to use the code I-CANT-WAIT-TO-BE-THERE! https://t.co/fnYYEhkC97 https://t.co/Oc4HTETpPN

Just won the Silver Award at the Hosting & Service Provider Summit. We would like to thank our customers and partners for voting for us!

test Twitter Media - Just won the Silver Award at the Hosting & Service Provider Summit. We would like to thank our customers and partners for voting for us! https://t.co/vxTQtfw33i