Dec

4

When you and your company outsource part of your business to a third-party, one important issue you would be concerned with would be security.

Here are the personal thoughts of several industry experts and insiders, regarding the challenges a business could face regarding its internal IT security and what could be done about it, particularly through outsourcing.

You would want to note these down.

“It’s important that a business first understands why it is seeking to outsource a particular function. This allows an assessment of the business case, and an analysis of the objectives that the solution needs to be in line with.

One common issue is that of expertise. IT security is an increasingly complex field, and many businesses have realised that they simply don’t have the expertise in-house to deal with it. Most IT departments will see some kind of manpower saving if they outsource certain IT security functions, for example.”

- Player Pate, managed security services marketing manager, IBM Internet Security Systems

“Keeping up with the sheer throughput of online threats and email malware is a giant task, and encourages many to seek expert help. It’s definitely an area of increasing maturity though – email security is now easy, web filtering is now done, too, although a few years ago this wasn’t true.

I anticipate we’ll see firewalls go next, probably mid-to late next year, they’re beginning to become a commodity that just needs to be there, there’s not a massive amount of difference between the top players. IPS and IDS management will go the same way eventually, due to the sheer volume of false alerts that they generate.

In some cases we’ll also see two-factor ID management outsourced also – small law firms, for example, that need the technology but don’t have the in-house expertise or time to manage this themselves.

- Graham Jones, UK MD, Integralis

“It is important to evaluate whether the partners bring to the table transformational experience and capability and not just operations skills. This is because the security agenda for most customers is still incomplete and the domain itself is still evolving. Just because a business needs one skillset now, doesn’t mean that another won’t be needed in the future.

Additionally, although offerings are frequently very modular, such as AV, IPS, IDS, most businesses will be seeking to solve an issue – such as PCI compliance – that combines many of these technologies.”

- Anand Kumar, practice head enterprise security services, Wipro

“A growing problem is that companies send security briefs that are unbelievable, with amazingly punitive service level agreements (SLAs) and extremely punitive timescales to solve any issue that may arise.

The trouble is that these contracts have been drafted by lawyers, not security professionals. For the business seeking an outsourcing partner, if you know your contract is impossible to fulfil, and the provider doesn’t push it back immediately with a detailed explanation of why, then assume they are not a good fit.”

Another key problem with the outsourcing industry is that most companies don’t know what to ask for in their security contact. Some are just impossible; some so easy they are a joke. A lot of the time I think good security officers are not being tough enough – they should not be afraid to ask for more – don’t be afraid to base your contract on ISO 27000.

If your provider is competent then he’ll be familiar with these provisions and will already have the process in place. If he doesn’t, then you know you’re in trouble.”

- Gerhart Knecht, global security director and chief security officer, Unisys

Outsourcing Solutions, Inc. – your outsourcing partner!

Reference :

Mayne, Mark. “Outsourcing made easy.” 3 December 2008. SC Magazine UK. Accessed 4 December 2008. Link here


Comments

You must be logged in to post a comment.

Recommended Providers

Recommended Articles

Ask the Expert


Please click here or send an email to jeff@outsourcing.ph with your questions about outsourcing.