Special Report: IT security's looming tipping point

Why (and when) outsourcing security makes sense

Offloading security strategy and day-to-day operations to a managed security service provider can free up IT resources. But be prepared: It’s not an entirely hands-off proposition.


Phenix Energy Group, an oil pipeline operator and construction company, is preparing to take its IT infrastructure from zero to 60 in a matter of months. To get a years-in-the-making pipeline project off the ground, the company is preparing to grow from a relatively small office environment to a data center setting of 75 servers and 250TB of storage. As a result, security, which hasn’t been a top priority, is suddenly a big deal, according to CIO and COO Bruce Perrin.

Given the high stakes — a downed system could cost about $1 million an hour — Perrin has spent the past five years researching options. While he’d prefer to run security in-house as part of an on-premises data center, Perrin is leaning toward outsourcing the function, at least initially, because he doesn’t have time to staff up a dedicated information security department in the few scant months before the pipeline goes online.

outsource Thinkstock

Just like Phenix Energy Group, many small and midsize companies are gravitating toward an outsourced model for security and day-to-day operations, given the increasing number of data breaches and the heightened focus on risk. In a recent survey of 287 U.S.-based IT and business professionals conducted by CIO, CSO and Computerworld, 56 percent of the respondents said that their organizations are enlisting outside consultants to help with information security strategy, and 40 percent said they’re turning to MSSPs.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon