Outsourcing Computer Security


    In a CNET article reporter Dawn Kawamoto covers the latest computer security survey published by the Computer Security Institute.

    Kawamoto writes:

    The survey, released Thursday by the Computer Security Institute and the FBI, revealed dramatic changes in 2006 in the volume of offshore IT security work. Of the U.S. companies that indicated they farm out their security functions, the amount of work sent overseas in some cases doubled year over year.

    When I read that, I thought, "Ah, ha! That’s something that I should investigate." Any time the word "dramatic" is used in the topic of outsourcing, I tend to investigate.

    But there’s really not much drama when you read the actual survey results, which you’ll find here.

    The fact is that most companies don’t outsource security activities. In fact, 61% of respondents (security professionals) say they don’t outsource any computer security activities. That’s about the same as it was in the last two surveys.

    Even the largest companies do it minimally. The survey reports that those firms with revenue over $1 billion outsource about 15% of their computer security functions.

    Only 1% of companies say they outsource more than 80% of security services. Since 616 people returned responses, six people reported outsourcing to that extent. Does six people a trend portend?