Steps to Safeguard Your Agency When Outsourcing Cyber Support
Government should ask security vendors to demonstrate they know how to adhere to federal requirements, understand the National Institute of Standards and Technology Risk Management Framework, and have authorization to operate. Reliable providers have strong, referenceable track records of past performance.
As a further safeguard, cyber outsourcing partnerships should have demonstrable service-level agreements to ensure accountability.
Cost-benefit analyses help build the business case for third-party cyber support. Given the sensitivities around funding lines, it’s important to document who will use this support and how it will benefit both the mission and the bottom-line budget.
Assuming an agency takes all of these steps and comes to a place where leadership recognizes the overarching benefits of outsourcing, the next priority is figuring out what to outsource. Which parts of the vast cyber apparatus can and should be managed by a third party?
DISCOVER: Buy secure software according to these principles.
Start with ICAM and Patch and Change Management
For many agencies, identity, credential and access management will be low-hanging fruit, and indeed many already have vendors for capabilities such as mobile device management. To close the labor gap, they many want to hire contractors to work inside their facilities performing the risk management that supports effective use of those tools.
From there, agencies might look at outsourcing patch and change management, the necessary nuts and bolts of cyber that also prove time-consuming and labor-intensive.
Of course, outsourcing isn’t the only way to close the skills gap. Another helpful practice is to diversify security providers because, as the global outage proved, there’s risk in placing all your eggs in one basket.
With an experienced, tech-agnostic partner such as CDW, agencies can vary their security tools and minimize risk, freeing up IT talent to perform more advanced tasks.
