Claims that outsourcing ‘provides no cost benefit and no greater technical advantages' have been criticised.
Rakash Gupta, chief executive of network and email security vendor PineApp UK, claimed in January that many companies are choosing to outsource their IT security to managed security providers at an unnecessary ‘great expense', and that companies ‘may simply have greater confidence in their ability'.
However, Richard Lewis, sales and marketing director at dns, disagreed with the opinion. He claimed that a combination of industry analysts, independent security advisors and a vast majority of organisations within the UK recognise that both the scale of the investment required and the focus away from the core business that in-house management requires, is an unnecessary risk and cost.
Lewis said: “An increasing number of UK organisations (Gartner estimate the market will grow at a 12 per cent CAGR between 2006-2011) report cost savings of up to 30 per cent in terms of infrastructure spend, operational and staff related costs. This doesn't take into account the reduced exposure to security breaches which a recent study by the Ponemon Institute and the PGP group found cost an average of £1.7 million per data breach.”
He also hit back at claims that in-house IT teams have the time and resources to do the work themselves, claiming that this will only apply to ‘the small proportion of firms in the UK that can afford to employ 10+ people to work 24/7 in this area'.
Lewis said: “However, the majority of UK organisations want their IT staff to focus on business enablement and revenue generating projects and leave IT security operations to a dedicated expert.
“The role of a security specialist undertaking a fully managed security service is to understand every aspect of a company and its security policies to help implement the right solutions to achieve compliance, and also to advise on the ever evolving threat landscape.”