Outsourcing. There are a number of reasons why companies would want to outsource network security:
Extracts from this essay...
Outsourcing Network Security Research paper submitted in partial fulfillment for INFO 634 Jincy Sarah George Texas A & M University Fall 2007 Introduction Information is as significant as assets for businesses. Network and digital information can support the overall operation of any business and when they are compromised corporations can suffer grim financial consequences. But is it really safe to surrender the network security perilously in the hands of an outsider? This can be answered only if we understand the need for outsourcing and the pros and cons related to outsourcing. Also, this would also include all the IT regulations and knowledge about the different components of the network. Outsourcing can be an option only if all the steps to it are planned well else it will prove to be a futile effort on the part of the organization. Need for Outsourcing There are a number of reasons why companies would want to outsource network security: Challenges in technical expertise staff - In any business, ensuring network security is a 24X7 job. In addition to the system responsibilities, the staff needs to be constantly updated on understanding and shielding against the latest threats. This results in an ever increasing need for security staff accumulating to the budget of staff and related benefits. (Levine,2005) Cost Savings - A comprehensive network security system demands staff with very specialized technical expertise, continuous training, software etc. Outsourcing offers cost savings as they are able to reduce the IT staffing as the need to update security arises. (Mears, 2004) Also, costs of managing the security service works out to be less than hiring in-house, full time security experts. For example a managed security service provider spend about $75,000 a year to monitor a 250 user computer network on a T1 (1.5 MBps) gateway excluding hardware. Replicating these in an organization produces similar hardware costs, plus at least $240,000 in annual compensation to hire three full time specialists" (Information Week Survey, 2002)
The purpose of this act is to avert problems in big organizations by making certain that the higher management is actively involved and responsible for the correctness of data used in reporting the finances of the organization. (Haworth and Pietron, 2006). The data would most often be linked to a computer system which would explain the importance of knowing the Acts. GLB - This act was put in place to bring about a standard for financial institutions to protect personal information. There are some federal agencies have been given the responsibility of establishing standards to ensure the confidentiality of customers and protect against any expected loss of such records. (Bragg, R. et al, 2004) The federal Trade commission safeguards rule says that any financial institution should take serious security measures which would include administrative and technical, whenever they are dealing with sensitive customer data (Bragg, R. et al, 2004, pg. 774) The IT personnel working with any sensitive financial data should be aware of these rules. HIPAA - The Health Insurance Portability and accountability act was introduced to establish standards to safeguard health-related personal information. HIPAA reuires that all health departments and organizations offering health related services should make provisions to adhere to this Act in order to safeguard patient information which they would be using for their activities (Bragg, R. et al, 2004, pg. 776) Again the department of IT in that organization would be held responsible if they were not kept aware of this and sensitive patient health information will be jeopardized. Outsourcing Network Security From the above reading we understand that the move to hand off security functions to outside parties is a tough decision. With numerous government regulations and increased and complexed security issues, its time we looked at some of the benefits and risks of outsourcing to decide. Benefits of Outsourcing Network Security Below are benefits in accordance with Mears (2004)
6. Define a partnership model - A good partnership which maps the outcome to payment and incentive structure becomes mutually beneficial to both the parties which results in a successful business relationship. 7. "Negotiate and renegotiate a win win deal" - Clients should make sure short term contracts are signed so that they could "realign expectations and benefits on an annual basis" and also benchmark performance and measure customer satisfaction. 8. Choosing vendors with the "consortia approach" - The market should be scanned for different types of outsourcing service vendors. 9. A good central management plan should be implemented - There should be reponsibilities matrix set along with rules on continuing relations without conflicts 10. Outsourcing relationships must be rejuvenated - It is very important to strike the right balance of trust and control with your outsourcing partner to form a successful business relation. By following these ten steps, managing the outsourcing activities and ongoing communication on all levels will help to better the relationship with the service provider. Conclusion If companies were to decide on outsourcing network security, then it should be made after outlining the organization's overall outsourcing strategy and also the IT department should have the necessary expertise, tools and capacity to manage a successful outsourcing relationship. There are some companies like John Hamalka CIO of Harvard Medical School who feel that there is no benefit to outsourcing because his company deals with sensitive patient data. On the other hand, organizations like Credit Suisse finds that financial savings and IT staffing are two of the greatest benefits of outsourcing network security. There is no best model for outsourcing security. Small companies do not have a committed security staff so they can use service providers to relieve themselves from routine security functions. Whereas large companies may have the staff but they would have to continuously update themselves with new vulnerabilities and compliance issues. Therefore, we can conclude that if outsourcing is clearly planned and monitored, then it is just a matter of time and experience before outsourcing network security becomes a feasible alternative for companies.
Found what you're looking for?
- Start learning 29% faster today
- Over 150,000 essays available
- Just £6.99 a month
- Over 180,000 student essays
- Every subject and level covered
- Thousands of essays marked by teachers