When it comes to outsourcing security functions, skepticism still rules the day for many users. The idea of handing over control of network security to an outside firm paid to maintain gear, monitor for attacks, perform scans, collect logs or update security software for employees is, to say the least, controversial.
Security managers are split on the issue, arguing it's either a boon or bane for the company. According to advocates, outsourcing security gives in-house IT staff a chance to be freed up from mundane tasks to deal with more strategic matters without having to take on additional staff. The naysayers worry that outsourcing means losing sight of security risks because outsiders will mechanically follow a contract without thinking critically enough. Whether outsourcing is cost-effective is part of the debate, too, but the central question of control stirs the greater emotion.
