Former White House security adviser Howard Schmidt told a room of Australian security experts today that he believed companies should outsource their IT security.
At the Australian Information Security Association conference in Sydney today, Schmidt said outsourcing IT security allowed outsourcers to see the “bigger picture” of the organisation’s IT set-up.
Schmidt said that 10 years ago IT security was a company’s “domain”.
“We protected it, we guarded it so jealously and we built this moat around it,” he said.
But this mindset wasn't relevant in today's world.
“It’s becoming more of a challenge to keep your full-time staff fully engaged, fully trained and fully updated without creating an environment where you have two times the amount of people you need,” Schmidt told iTnews after his presentation.
He said organisations should have a "concentrated" outsource partner that was managing their IT security so that the company could focus on larger problems.
“They get a much bigger picture of what’s going on, which then gives you the benefit of having more resources directed against a bigger swab of problems than just what your little problems might be,” Schmidt said.
But he warned that processes had to be in place to ensure the outsourcer was accountable.
“The service level agreements [SLAs] have to be rock solid,” Schmidt said, referring to contracts that dictate what a contractor will provide.
“You need to have penalties for them not delivering under the SLAs; not just something where they get to walk away and that’s the end of it.”