Manage Third-Party Service Security Outsourcing

Make informed decisions about your outsourcing options.

If you're already a member, click here to log in.

Major Business Pain Points

  • A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.
  • It is unclear what processes could or should be outsourced versus what functions should remain in-house.
  • It is not feasible to have 24/7/365 monitoring in-house for most firms.
Manage Third-Party Service Security Outsourcing-Pain Points


Key Points

  • You are outsourcing support, not accountability, unless you preface that with your customer.
  • For most of you, you won’t have a choice – you will have to outsource high-end security skills to meet future needs.
  • Third-party service providers may be able to remediate threats more effectively because of their large, disparate customer base and wider scope.


Manage Third-Party Service Security Outsourcing-Recommendations
  • Documented obligations and processes. This will allow you to determine which solution (outsourcing vs. insourcing) allows for the best use of resources and maintains your brand reputation.
  • A list of variables and features to rank potential third-party providers vs. internal delivery to find which solution provides the best fit for your organization.
  • Current limitations of your environment and the limitations of third parties identified for the environments you are looking to mature.
  • Security responsibilities determined that can be outsourced, and which should be outsourced to gain resource allocation and effectiveness, and to improve your overall security posture.
  • The limitations or restrictions for third-party usage understood.

Methodology and Tools

Executive Brief

Read the concise Executive Brief to understand how to avoid common mistakes when it comes to outsourcing security and review the methodology.

  • Manage Third-Party Service Security Outsourcing – Executive Brief
  • Manage Third-Party Service Security Outsourcing – Phases 1-3

1. What to outsource

Identify different responsibilities/functions in your organization and determine which ones can be outsourced. Complete a cost analysis.

  • Manage Third-Party Service Security Outsourcing – Phase 1: What to Outsource
  • Insourcing vs. Outsourcing Costing Tool

2. How to outsource

Identify a list of features for your third-party provider and analyze.

  • Manage Third-Party Service Security Outsourcing – Phase 2: How to Outsource
  • MSSP Selection Tool
  • Checklist for Third-Party Providers

3. Manage your third-party provider

Understand how to align third-party providers to your organization.

  • Manage Third-Party Service Security Outsourcing – Phase 3: Manage Your Third-Party Provider
  • Security Operations Policy for Third-Party Outsourcing
  • Third-Party Security Policy Charter Template

All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.