When it comes to cloud computing specifically and outsourcing in general, there are obviously a lot of concerns about security.
But by and large, the security expertise of IT services providers tends to be greater than that of the internal IT department, so chances are good that security might be better handled by them. Of course, they have to offer to actually manage your security. For instance, Amazon pretty much tells customers that they are on their own when it comes to managing the security of the application workloads running on its clouds.
But before you decide to outsource your IT operations, Rob White, director of IT security services for Fujitsu, says there are 10 questions you should be asking about security. The goal, says White, is not to come up with an argument against outsourcing, but to create a scenario where the cost of security for the outsourced environment is actually less than it would have been to run it in-house.
White says that in the bad old recent days, the best most customers could expect from outsourcing was "their mess for less." In other words, the service provider would essentially replicate their internal security systems either on a hosting service or manage it remotely at less cost.
But today customers can demand operational excellence. In the case of Fujitsu, that comes in the form of managed security services for both on-premise and hosted cloud computing environments built mostly around security software from Check Point. While Fujitsu will deliver security services around any security software a customer wants, White says Fujitsu prefers Check Point because it's the only security vendor that offers a complete security portfolio from the data center to the end point. As White notes, if you really want to reduce the cost of security, one of the best places to start is by reducing the number of vendors involved.
So while customers can still get their mess for less, White says the new goal should really be to get industry best practices for less than it costs to manage your own current mess.
That might seem like a radical idea. But given the overwhelming interest in reducing the cost of IT these days, it's little wonder that there is a phenomenal amount of interest in lowering the cost of security. After all, it's difficult to prove that there is a return on security investment, so from the perspective of the business, security is a cost of doing business. And like all costs it needs to not only be managed down, but the quality of the service needs to improve as well.