Managed security providers are enjoying a boom due to the hefty cost of acquiring skilled professionals, but also because organizations give more credibility to third parties than in-house advice.
It seems many companies see a report from a third-party organization as carrying more weight than a similar report released internally. Internal politics are also driving the use of external auditors in Australia.
Chy Chuawiwat, P7 Security managing director, said while most standards require external audits, many companies are using external vendors to check on their own internal IT department.
"Many companies will use external vendors to do a 'pre-audit' before the official audit, because the official audit report might go directly to the board, bypassing the IT department," Chuawiwat said.
"Some are also using external vendors to check on their outsourced vendors and others use external auditors because they have expertise in legal, policy and technical areas.
"Internal politics are also driving the use of external auditors and a message delivered by an external expert may have more impact than the same message delivered by an internal staff member."
Market analyst firm IDC states that worldwide, spending on outsourcing will rise to 33 per cent of the total IT budget by 2008.
However the clear distinction between the hassles of outsourcing core business tasks and a perceived lack of security in doing so has not escaped the managed services market.
Because managed security providers can deliver visibility and a dashboard of key information, Chuawiwat said IT executives can get what they need without engaging in an exercise of in-depth analysis.
IDC outsourcing analyst Aprajita Sharma said managed security fits the selective outsourcing model.
"Security is something you need competency in and there are certain regulatory and compliance issues," Sharma said.
"There is still a significant security component in every outsourcing contract but organizations are looking towards specialized security managed services, not as a whole of IT outsourced contract.
"The move to selective outsourcing is opening doors for niche players."