Follow sourcingfocus on Twitter

Outsourcing Trends Embrace Complex Security Capabilities – 2014 Fortinet Global Security Census

by Rupert Clayson, Regional Director UK & Ireland at Fortinet

In a recent global survey of over 1,600 IT leaders in large enterprises, decision makers revealed a growing appetite for managed security services, with a quarter citing ‘outsourcing some or all IT security functions’ to a managed security service provider as the single most important initiative for confronting the rising complexity and volume of cyber threats in their organisations.

Over three-quarters of decision makers said functions like firewall, IPS and email protection would be suitable to apply to an outsourcing strategy in their organisation. However, these basic security functions, long considered for putting into a trusted service provider’s hands, are now being joined by functionality such as authentication, Advanced Persistent Threat protection and even DDoS mitigation. Today, only a minority of ITDMs believe that even the most advanced IT security functions are unsuitable for outsourcing to a managed security service provider (MSSP).  So, what’s changed?

9 in 10 of the CIOs we surveyed said that the increasing frequency and complexity of threats is making the job of securing the business noticeably harder than it was just 12 months ago. And as high profile IT security attacks and national security scandals have become a common feature in news reports, this has seen a dramatic increase in pressure, awareness and involvement in IT security matters coming from the direction of the boardroom. 

According to the IT leaders we polled, this serious boardroom pressure to keep the enterprise secure has jumped almost one-third in the last 12 months, making security paramount and a more pressing consideration over other business initiatives.
Add in demands for securely enabling employee mobility, and emerging technology like big data, and there’s a lot of weight on the shoulders of senior IT professionals today - causing them to re-evaluate their goals to ensure they strike the right balance to achieve resilience in the face of rising cyber threats.
90% of IT leaders, for example, stated they have been provoked into looking at new IT security investment and to re-assess their security strategy, due to rising data privacy concerns and securing big data initiatives.

It should come as no surprise then, that the influencing factors for moving to managed security services are not led by cost and resource considerations, but by the need for always-on, high-performance, comprehensive, security infrastructure.

It was the increased complexity and scale of managing cyber threats that measured the largest driver to outsource, with half of all respondents selecting this as a key factor.  This was closely followed by rising data privacy challenges, whilst better financial models for procuring security followed in third and a lack of sufficiently skilled internal resources in fourth. 

Whilst the benefits of outsourcing IT infrastructure and applications have long been understood, migrating to managed IT security services has often been held back due to concerns over ‘letting go’, especially amongst larger enterprises.  However, as our IT leaders face the day-to-day reality of combating a relentless battle against the threat landscape, their attitude is changing.

When we asked about their own personal online security habits, 56% said they would be willing to trust their own personal data with a service provider that outsourced IT security. Along with this rise in as-a-Service consumption in our personal lives, perhaps IT leaders are also emboldened by the increased acceptance and successful adoption of cloud services, as they are now recognising that, with the right due-diligence and sourcing strategy, IT security is also suited to this model.

Of course, putting enterprise IT security into a service provider’s hands, especially increasingly complex functions, requires a high level of trust and assurance. For the IT decision makers polled, it is reputation in the enterprise market that wins out as the most critical attribute needed by an MSSP when winning their business.
Reputation was called out above portfolio of services offered, global scale of the organisation in third, and reliance on the SLA in fourth place as critical considerations when looking at a potential provider.

As the threat landscape has continued to evolve over the past 12 months, it’s no surprise that businesses of all sizes are increasingly considering the MSSP model for cost effective, multi-threat security solutions and perhaps most importantly, around-the-clock risk mitigation.

A demand fueled by compliancy, greater executive awareness and advanced persistant threats, combined with the need for sourcing expert security personnel and global threat-response intelligence - outsourcing security capabilities to managed security service providers is emerging as a key strategy for enterprises today.

With the clear majority of IT decision makers in the research citing high levels of pressure and their job of protecting the business as getting tougher and tougher, the rise of managed security services will indeed be an interesting trend to track, with all indications pointing to its upward trajectory.


  • Favicon
  • Digg Favicon
  • Facebook Favicon
  • NewsVine Favicon
  • Reddit Favicon
  • StumbleUpon Favicon
  • Technorati Favicon
  • TwitThis Favicon