Financial Services Firms Should Outsource Security
Information security is often viewed as being too important to trust to an outsourcing arrangement. Financial institutions have reasoned responsibility for security risks to and accountability of an institution, its board, and its management team cannot be placed in the hands of third parties.
Yet, with the IT aspect of security growing in complexity and changing at an ever-increasing rate, new research from TowerGroup asserts that now is the time for financial institutions to consider outsourcing the IT portions of security.
The report, IT Security: Too Important to Outsource or Too Important Not To?, by Rodney Nelsestuen, senior analyst in the Cross Industry practice at TowerGroup, outlines why financial institutions should investigate outsourcing the IT portions of security.
This study, released today, finds that managed security service providers (MSSPs) can often offer security best practices and maintain the high-quality technological and human resources that many financial institutions simply cannot sustain internally.
With a synergistic approach to state-of-the-art security protocols, MSSPs working with financial institutions can establish a powerful and effective framework; rooting leadership for enterprise security programs within the institution while the actual security technology is managed by the MSSP.
However, for outsourcing to be effective, TowerGroup believes the service provider and the institution must establish the right contractual expectations as well as a collaborative governance structure.
Managed security services (MSSs) can and should be incorporated into a financial institution's enterprise-wide, integrated risk management and regulatory regimen to maximize operational leverage. A graphic illustrating the ideal roles and responsibilities of each party in an outsourcing arrangement can be viewed and downloaded at: the Tower Group's website.