Manage Third-Party Service Security Outsourcing

Make informed decisions about your outsourcing options.
 Subscribe now

If you're already a member, click here to log in.

Major Business Pain Points

  • A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.
  • It is unclear what processes could or should be outsourced versus what functions should remain in-house.
  • It is not feasible to have 24/7/365 monitoring in-house for most firms.
Manage Third-Party Service Security Outsourcing-Pain Points

Recommendations

Key Points

  • You are outsourcing support, not accountability, unless you preface that with your customer.
  • For most of you, you won’t have a choice – you will have to outsource high-end security skills to meet future needs.
  • Third-party service providers may be able to remediate threats more effectively because of their large, disparate customer base and wider scope.

Approach

Manage Third-Party Service Security Outsourcing-Recommendations
  • Documented obligations and processes. This will allow you to determine which solution (outsourcing vs. insourcing) allows for the best use of resources and maintains your brand reputation.
  • A list of variables and features to rank potential third-party providers vs. internal delivery to find which solution provides the best fit for your organization.
  • Current limitations of your environment and the limitations of third parties identified for the environments you are looking to mature.
  • Security responsibilities determined that can be outsourced, and which should be outsourced to gain resource allocation and effectiveness, and to improve your overall security posture.
  • The limitations or restrictions for third-party usage understood.
 Subscribe to Premium

Methodology and Tools

Executive Brief

Read the concise Executive Brief to understand how to avoid common mistakes when it comes to outsourcing security and review the methodology.

  • Manage Third-Party Service Security Outsourcing – Executive Brief
  • Manage Third-Party Service Security Outsourcing – Phases 1-3

1. What to outsource

Identify different responsibilities/functions in your organization and determine which ones can be outsourced. Complete a cost analysis.

  • Manage Third-Party Service Security Outsourcing – Phase 1: What to Outsource
  • Insourcing vs. Outsourcing Costing Tool

2. How to outsource

Identify a list of features for your third-party provider and analyze.

  • Manage Third-Party Service Security Outsourcing – Phase 2: How to Outsource
  • MSSP Selection Tool
  • Checklist for Third-Party Providers

3. Manage your third-party provider

Understand how to align third-party providers to your organization.

  • Manage Third-Party Service Security Outsourcing – Phase 3: Manage Your Third-Party Provider
  • Security Operations Policy for Third-Party Outsourcing
  • Third-Party Security Policy Charter Template

All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.