Outsourcing ICT Security to MSSP: Issues and Challenges for The Developing World

The overall use and development of ICT in developing countries has been faced with a wide range of constraints and challenges. These constraints may concern culture, infrastructure and education, and involve social, legal, political or economic issues. Numerous problems related to each of these issues have been observed. The problems may include, for example the absence of ICT policies, implementation procedures, a general lack of appropriate knowledge of ICT (among suppliers, managers, planners and users), too few trained /skilled ICT personnel or simply budget constraints. Among the critical issues that call for immediate attention and action are the security of information assets and processing systems. ICT security management poses a big challenge given the range of constraints mentioned and is critical for the trust and normal functioning of the various ICTs deployed. As is widely known, ICT security management process needs a holistic approach with experienced personnel, right policy and procedures, and the right technology. It also requires continuous monitoring and continuous threat intelligence in order to achieve and maintain sufficient security in an organisation. It follows then that achieving adequate ICT security management is a big challenge especially for organisations whose core services is not ICT. The idea behind outsourcing ICT security is based on the assumption that engaging a managed ICT security provider may be of great importance to such organisations, in that, like insurance, they will be relieved of their ICT security burden by transferring it to a third party. Given these presumptions many organisations worldwide may consider outsourcing their security services as a way forward in managing ICT security. However, the decision to outsource is never straightforward and is influenced by various constraints as mentioned above. Based on some empirical data, this paper describes typical characteristics of a developing country’s ICT environment from an ICT security management point of view and then discusses the suitability of the environment to benefit from outsourcing managed ICT security services. Use is made of the general merits of ICT security outsourcing as described in the numerous literature to discuss specific issues and challenges in this process that are believed to be necessary if the ICT security services outsourcing paradigm is to be adopted in developing countries with similar characteristics as those described in this paper.