As businesses cut costs and optimise resources in a world after the crunch, outsourcing is increasingly attractive.
Outsourcing any business function, from HR systems to security, can be a demanding, technical struggle. Add IT security to that, and there's a whole new layer of complexity.
Before you sign the cheque and throw out your firewall and IPS/IDS boxes, take a close look under the hood of outsourcing, the trends behind it and the issues that come with outsourcing IT security.
Cost savings are often touted as a key driver towards outsourcing, and many of the benefits are indeed financial.
By default, outsourcing security functionality such as email scanning or web fi ltering will save many highly skilled, specialised and expensive man-hours inhouse.
Additionally, staff freed of a potentially time consuming, tedious task can then focus on business priorities, something extremely hard to service externally.
Player Pate, managed securityservices marketing manager, IBM Internet Security Systems, says: "It's important that a business fi rst understands why it is seeking to outsource a particular function.
This allows an assessment of the business case, and an analysis of the objectives that the solution needs to be in line with.
"One common issue is that of expertise. IT security is an increasingly complex fi eld, and many businesses have realised they simply don't have the expertise in-house to deal with it. Most IT departments will see some kind of manpower saving if they outsource certain IT security functions, for example," he says.
Choosing to pass on some of this caseload and specialist ability to a managed security service provider - MSSP - is an increasingly common step.
The option to buy a "clean pipe" from an ISP has been in demand for some years, and is a growing, viable service, especially to combat the inexorable rise in spam, which now accounts for 96.5 percent of all business email, according to IT security software specialists Sophos.
Also, web malware is recording almost exponential year-on-year growth, making in-house tracking a nearimpossible task.
Graham Jones, UK managing director of Integralis, agrees: "Keeping up with the sheer throughput of online threats and email malware is a giant task, and encourages many to seek expert help.
"It's definitely an area of increasing maturity though - email security is now easy, web filtering is now done, too, although a few years ago this wasn't true. I anticipate we'll see fi rewalls go next, probably mid-to late next year.
"They're beginning to become a commodity that just needs to be there, there's not a massive amount of difference between the top players. IPS and IDS management will go the same way eventually, due to the sheer volume of false alerts that they generate.
"In some cases we'll also see two-factor ID management outsourced also - small law firms, for example, that need the technology but don't have the inhouse expertise or time to manage this themselves."
Compliance has been a huge driver for outsourcing. As regulations tighten in almost every sector, the specific compliance items on every CISO's list has grown exponentially.