Many enterprises are shifting towards outsourcing their IT security mainly due to the skill shortage that currently exists in the IT sector, which, according to Dimension Data Australia security general manager Alastair MacGibbon, is a "chronic problem" in IT employment.
"We're seeing a shift towards managed services. Even in very large organisations -- where traditionally would typically have a large IT security staff and can afford to pay pretty good wages -- are having difficulties filling those positions," he said.
MacGibbon explained that dealing with IT security internally can often be a difficult task, which requires people to have both technical and business skills.
"Roles in IT security can't just be technical; they need to be able to talk to the business, and it takes a different type of person to talk technical and business, because they're usually the translator between how you define this problem technically, and then articulate that to a business to justify the ROI or the risk," he said.
As a reflection of this shift, MacGibbon said Dimension Data's fastest-growing business is currently its managed security business.
"Businesses are fast realising that it takes multiple bits of technology to run IT security, and often, it doesn't always work out, so you need people to manage that for you while you respond to the threats," he said.
Kurt Hansen, Check Point ANZ managing director, said New Zealand enterprises are leading the way in adopting a managed service approach to IT security.
"We are selling far more to the managed service providers around which firewall do you use, which architecture do you use, than we are to the end-user customer," he said. "I think because of the smaller scale of the market, they might have shifted there quicker."
MacGibbon, however, cautioned that enterprises do not have to outsource their IT security completely, but said he sees many adopting a hybrid approach.
"The way to do it is to scale and use people across more than one business. But that doesn't mean you outsource all of your security functions. It doesn't mean you have no IT security staff. It means, frankly, you have those people, those really smart business people who can help identify the risk in the business, articulate it, and then purchase those skills in," he said.