The Solution: Know when to delegate. Many day-to-day tasks can be outsourced to an MSSP (managed security service provider), provided you do your homework and ensure the MSSP can offer 24x7 management and monitoring. Installing and configuring firewalls and deploying VPNs, for example, are prime candidates for outsourcing. As long as you have a view into the provider's configuration to ensure changes are made properly, you can safely shed some of your workload.
By outsourcing you'll not only free up time to focus on more important security issues, you'll gain additional benefits. Unless you're Superman, you can't do it all, nor can you be an expert in everything. Reputable outsourcing firms that focus on security can bring to bear some of the best talent and technology in the industry. Furthermore, multinational MSSPs, such as Symantec Real Time Managed Security Services (formerly Riptech) and Internet Security Systems, can detect new attacks early because of their broad view of traffic.
Although technology advances are valuable, without a road map you'll be deploying security products higgledy-piggledy. Security documents, like standards and acceptable-use policies, serve several functions critical to the management of your business. We know many of you have developed security policies and we know many of those security policies are gathering dust. And while there has been an increase in spending, the percentage of security dollars in most IT budgets remains relatively small, largely because security is seen as a cost. To argue for an increase in your budget, you must make it known that security functions support the business plan. That means keeping your security policy current and showing how it will support all other facets of your company's strategy.
Take a Risk