In-house security professionals do their best to provide robust protection against intrusions that could compromise company or customer data, but compared to the ‘bad guys’, they are laboring under a huge disadvantage. Hackers and malware authors can concentrate on one thing, taking their time to find and exploit vulnerabilities, gradually worming their way into a system as they pursue their aims much like an army fighting a war of attrition. Security systems analysts working in-house, on the other hand, frequently have multiple responsibilities and many of them come with deadlines attached.
In a way, the scenario is similar to the one that faces every copy-protection scheme that has ever been devised. A company will have only limited resources to devote to defending its anti-piracy system, but because of the Internet, there may be literally millions of hackers working to break that system. The law of averages dictates that sooner or later, one of the hackers will succeed.
The principle holds true for computer security as well. An in-house professional or even a team is not likely to be able to fend off thousands of malicious acts in the long term.
A better solution is a managed services approach. In this model, security and other services can be outsourced and remotely administered by a managed services provider. Because the provider specializes in this activity, the IT company can focus in a way in which the in-house team usually is unable. MSPs also represent greater resources of personnel and computing power than the typical small or medium sized business can provide for itself.