As stated earlier what is being outsourced is the operational aspects of some security technologies. Organisations will not and should not outsource their security responsibilities. They will still need to develop a security management infrastructure and supporting processes. This will include the security outsourcing and how the security partner interfaces with the FSP. Perhaps a better term is "co-sourcing", to indicate the overall control and responsibilities that the FSP retains.
For an organisation to achieve the best results the security infrastructure needs to be in place or at least defined, before they invest in any Internet security products or services. Organisations need to carefully select the appropriate co-sourcing partner. They will also need to pay due care to the terms and conditions of the contract. This will have to capture the types of service and service levels required by the organisation, not those that can be provided by the supplier.
Key criteria for selecting a managed security service provider will be the responsiveness and the quality of the services provided. Trust in the supplier will also be an important factor as will a global presence for large international organisations.
One possible pitfall which should not be underestimated is the internal politics that can arise. Technical operational teams may well resent and resist attempts to take ownership of their cherished firewalls away from them. While not strictly true in that the teams will still own the equipment and specify what changes are to be made, it is still a difficult mindset to overcome. Care has to be taken to involve all parties and ensure a smooth transition from the in-house support teams to the co-sourcing supplier.
While there are possible pit falls when co-sourcing to a managed security services provider, the substantial benefits are there to be gained. This is why so many institutions are considering engaging a managed security services partner. For the maximum benefit it will need an initial effort on the part of the client organisation to select a supplier and then to specify the services required. However, such effort would be well rewarded.
FSPs have been outsourcing their physical security for decades, including the key security requirements for the transferral of funds. The outsourcing of electronic security is the next logical step.