Reuters outsources security monitoring

Reuters says that it has improved its IT security controls by outsourcing the monitoring of critical network intrusion detection sensors and firewalls to NetSec in a six-figure deal.

NetSec will be take the raw feed from the intrusion detection sensors and firewall logs, analyse the data and then go back to Reuters with custom reports and details of any unusual events or alarms that need attention.

Malcolm Kelly, global IT security director at Reuters, told silicon.com the move was partly driven by the knock-on effect of new financial and compliance regulations on Reuters' customers.

"We are under increasing pressure from customers and clients - especially the banks - who want to know what our security controls are. A lot of that is because of regulation requirements. Customers expect it of us," he said.

The other major factor was running such a function in-house and deploying IT security staff on work that is considered low-level and mundane.

"It is much more expensive to set up a dedicated function ourselves. We've never had a dedicated sensor monitoring function because of the difficulty retaining the skills in-house," he said.

Reuters has so far limited the use of outsourcing and managed services for IT security to the monitoring of new threats and vulnerabilities, some internet-facing systems and penetration testing.

But despite the growing interest in managed security services, Kelly said he would not consider handing over control of core security functions to a third party.

"I'd only outsource the more routine monitoring, low-level stuff where we'd never keep people interested in the work," he said.

For the lowdown on managed security services check out the silicon.com Cheat Sheet on the subject.