Information security is often viewed as being too important to trust to an outsourcing arrangement. Financial institutions have reasoned that responsibility for security risks to and accountability of an institution, its board, and its management team cannot be placed in the hands of third parties. Yet with the information technology aspect of security growing in complexity and changing at an ever-increasing rate, new research from TowerGroup asserts that now is the time for financial institutions to consider outsourcing the IT portions of security. TowerGroup finds that managed security service providers (MSSPs) can often offer security best practices and maintain the high quality technological and human resources that many financial institutions simply cannot sustain internally.
With a synergistic approach to state-of-the-art security protocols, MSSPs working with financial institutions can establish a powerful and effective framework - rooting leadership for enterprise security programs within the institution while the actual security technology is managed by the MSSP. However for outsourcing to be effective, TowerGroup believes that the service provider and the institution must establish the right contractual expectations as well as a collaborative governance structure.
Managed security services (MSSs) can and should be incorporated into a financial institution's enterprise-wide, integrated risk management and regulatory regimen to maximize operational leverage.
The TowerGroup report titled, "IT Security: Too Important to Outsource or Too Important Not To?," by Rodney Nelsestuen, senior analyst in the Cross Industry practice at TowerGroup, outlines why financial institutions should investigate outsourcing the IT portions of security.