Financial services institutions should consider outsourcing as IT security concerns increase
Company-wide information security used to reside primarily in the realm of arcane technologies and technical staff. Today, enterprise security is an everyday concern from the corner office to the boardroom — and financial services institutions are finding it increasingly difficult to manage security in-house.
Information security is often viewed as being too important to trust to an outsourcing arrangement. Financial institutions have reasoned that responsibility for security risks to and accountability of an institution, its board, and its management team cannot be placed in the hands of third parties. Yet with the information technology aspect of security growing in complexity and changing at an ever-increasing rate, new research from TowerGroup asserts that now is the time for financial institutions to consider outsourcing the IT portions of security. TowerGroup finds that managed security service providers (MSSPs) can often offer security best practices and maintain the high quality technological and human resources that many financial institutions simply cannot sustain internally.
With a synergistic approach to state-of-the-art security protocols, MSSPs working with financial institutions can establish a powerful and effective framework – rooting leadership for enterprise security programs within the institution while the actual security technology is managed by the MSSP. However for outsourcing to be effective, TowerGroup believes that the service provider and the institution must establish the right contractual expectations as well as a collaborative governance structure.
Managed security services (MSSs) can and should be incorporated into a financial institution’s enterprise-wide, integrated risk management and regulatory regimen to maximize operational leverage.