A global survey (CIO Investment and Outsourcing Priorities Have Shifted Post-Recession) by the independent technology analyst has found that organizations are contemplating reducing the outsourcing of security and other IT management applications.
Of more than 500 CIOs surveyed by Ovum, only 7 per cent said they were considering outsourcing IT security over the next two years, down from 18 per cent currently.
Rhonda Ascierto, senior analyst at Ovum, described the planned reduction in IT security outsourcing as one of the most striking trends revealed by the survey.
She said: The main reason for this shift away from IT security outsourcing is most likely a lack of confidence. Organisations are now more subject to compliance considerations in the form of both formal external and internal policy-driven requirements, particularly in the wake of the US banking controversies and other financial scandals.
Some may find it difficult to obtain a measurable security metric from an outsourced provider because security is often reported only after negative security occurrences. If security is not breached then there is nothing to report.
The reversal of outsourcing security is also likely to be due to some organizations grappling for more control over their IT operations, of which security is a central aspect, Ascierto adds.
Additionally, contractual clauses from outsourcers often do not give the quantitative assurance that organisations need or desire. This may be viewed as a problem with IT outsourcing in general, rather than IT security specifically, since any failings impact the whole business while the contract is limited to the aspects of the IT operation that are outsourced.
Ovum believes this may have contributed to growing unease about the security of outsourced IT in general, with IT security outsourcing simply being the first part of the spectrum to feel this change of mood.
Sign up for MIS Asia eNewsletters.