IT Managers Still Believe Outsourcing Poses Security Risk

Outsourcing is a fact of life now in corporate business, so much so that a recent YouGov survey found that 89 percent of IT managers in large UK companies have outsourced at least one IT system.

However, the same research commissioned by NCC Group, also found that 20 percent of IT managers believe that outsourced systems are less secure than those based in-house, “indicating a lack of confidence in outsourcing.” This is despite a separate PA consulting report that said that 31 percent of companies plan to outsource more over the next year, “suggesting that company bosses are more concerned with cutting costs.”

Meanwhile only 64 percent of the IT managers at medium-sized businesses surveyed expect their companies’ suppliers to have formal security procedures and policies in place, compared to 78 percent at large companies.

The NCC Group said that the outsourcing providers should be able to prove their IT security credentials.

“The security industry and IT managers are calling for suppliers to prove they are secure, yet companies choosing to outsource business critical systems simply aren’t asking the right questions, and are putting business critical functions at risk as a result,” said John Redeyoff, head of 365 assured at NCC Group.

“Businesses that fail to check their suppliers’ credentials, choosing cost and convenience over security, are investing in false economy.”

Meanwhile one analyst believes that there is no reason why outsourced systems should be any less secure than their inhouse brethren. “Obviously, there is always going to be a doubt about the benefits of outsourcing from internal IT teams, as in many cases outsourcing often results in reduced headcount,” said Nick Mayes, senior analyst at PAC Consulting.

“In reality, good security management practise should apply to both externally and internally managed systems,” Mayes added. “There is no reason why outsourced systems should be less secure than inside systems. Indeed, many outsourcers often have more rigorous security polices and processes, and in many cases they can improve the level of security that is provided.”

“Of course, when you take examples of security breaches, both internally and externally, if the security breech is external, it will always be a higher profile than an internal breech,” he added. “When you use an external partner it is easier to point the finger at them and say they didn’t do their job.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

3 hours ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

3 hours ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

4 hours ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

4 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

5 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

5 hours ago