Leading Energy Company: How to Strike an Effective Balance in Security Outsourcing

As the threat to employees, facilities and IT networks increases within the energy industry, the prevailing question is this: should energy firms support their security needs with an in-house staff or outsource security needs to an industry expert?
One leading energy firm has struck an effective balance by complementing its in-house security expertise with targeted support from CSC.

The security challenge

Since the terrorist attacks on September 11, 2001, the energy industry has placed renewed emphasis on securing its people, facilities and IT networks from threats and disruptions. The strategy is to anticipate a wide range of scenarios and develop preventative measures to mitigate them.

To add to the challenge, many federal, state and local government agencies are defining new security laws and regulations with which energy firms are required to comply. In preventing threats and complying with new regulations, however, companies within the energy industry face a unique challenge.

From an IT standpoint, energy companies have traditionally maintained separate networks that have operated independently. Security measures tended to be fragmented and localized, not enterprise-wide.

Further, deregulation has lead to a number of mergers and acquisitions. Many energy firms are left with disparate IT systems and fragmented security strategies to prevent attacks and protect employees, facilities and IT systems.

Security outsourcing strategy

To meet this wide range of security demands, many companies within the energy industry are torn on whether to staff internal security departments or outsource sensitive security activities to proven service consultants and providers. At one large energy firm, CSC flexibility has allowed the company to tailor a security strategy that taps into the best of both worlds.

As a leading IT services and security provider with broad experience implementing and maintaining security solutions for government and commercial clients, CSC brings a wide range of security consulting, design, implementation and maintenance expertise to bear.

CSC’s client is able to “turn up” or “turn down” any of these services on an as-needed basis and tap into the broad expertise of a leading IT services and security provider – without the on-going expense the company would incur by attempting to staff such broad expertise with full-time in-house employees.

The energy firm has turned to CSC for a wide range of security needs. CSC has:

• Conducted vulnerability assessments across the organization, reducing weaknesses throughout the operating infrastructure
  
• Brought in CSC specialists to lead forensics activities, tracking down the sources of sensitive security-related incidents to prevent against future occurrences
  
• Provided alerts to a wide range of security issues, enabling proactive mitigation and reducing risk to systems and operations
  
• Identified and tracked unauthorized equipment via modem sweeps
  
• Managed intrusion detection and prevention services resulting in an overall improved security posture, greater compliance with legislation and reduced liability
  
• And overseen many other specialized projects to successfully support and execute the energy firm’s broad security strategy.

The key to success

CSC’s client has demonstrated that the key to success in outsourcing security activities involves a strategy that is rooted in on-going collaboration and trust with a proven IT services provider.

Because CSC has worked closely with the company, CSC has developed an intimate knowledge of the business challenges it faces. By having a broad understanding of these challenges, CSC is able to be proactive in recommending security strategies that are best suited to the energy firm’s unique conditions, challenges and vulnerabilities.

As a result, the energy firm is armed with the knowledge and awareness it needs to make the best decisions in meeting its security goals.

Related Information

Learn more about CSC’s cybersecurity approach.

Contact us to learn more.