This page contains a Flash digital edition of a book.
FEATURE SECURITY


How to Outsource with Minimum Pain Out-Sorcery By Philip Lieberman, President and CEO, Lieberman Software


Outsourcing works well for some companies, but it can also lead to business-damaging disasters. The problem is that if outsourcers fail, you’re left holding the baby without the resources to care for it. There is little margin for error in choosing an outsourcer, as Lieberman Software found in a recent survey at InfoSecurity 2011. 77% of IT professionals surveyed said that their outsourcers had made up work to earn extra money.


In the pioneering days of Information Technology, the development of in-house systems was a key differentiator amongst companies. For some organisations, the blind pursuit of the bottom line has destroyed their ability to innovate, leaving them unable to respond to security threats both


internally and externally. Make a transition plan


IT outsourcing will disrupt your entire organisation in ways that you may not expect. Your plan should include a change management module, a detailed case to your staff that outlines how you intend to make a smooth transition, and a well- documented process to let your customers know that you have the outsourcing process well under control.


Put it in writing


As the founder and president of expansion consultancy High Street Partners, Larry Harding has heard many outsourcing horror stories. From corrupt general managers to projects torn apart by huge turnover rates. “You end up with project teams that are hugely inconsistent,” Larry explains. “You might have a good team in place, but a month later, three- quarters of the team has ‘transitioned’ to another project.” You need to see the outsourcer’s plan in writing, especially their crisis management plan. In the written report, make sure you add capital asset budgets for the acquisition of software to improve operational efficiency and provide better coverage of security. Make sure that there are disincentives for contractors to avoid using or impairing the usage of software tools to improve things even if they reduce billable hours. Also make sure you allow for the embrace of better tools for labour saving. Do not allow the fox to guard the henhouse.


30 NETCOMMS europe Volume II, Issue 1 2011 Security practices


Outsourcing is not for the faint of heart. When things go wrong, they tend to do so rather dramatically. There are two common qualities amongst companies that have suffered through outsourcing horrors: poor preparation going into a new relationship, and a lack of communication once the project is under way. You will have to place special


emphasis on choosing an outsourcer that has a proven track record of delivering quality security services to a similar range of industry sectors over a long period of time. They will need the ability to


accurately correlate, analyse and interpret large volumes of network security inputs in real time, in addition to separating legitimate threats from a mass of false starts. An outsourcer should have multiple security operations centres running all day, every day. Having two or more data centres allows for redundancy, and may ensure constant compliance with security standards. Your outsourcer should have security experts in place to monitor and analyse data from customers on a


“77% of IT professionals said that outsourcers had made up work to earn extra money.”


global basis. This level of intelligence will help your outsourcer issue real-time alerts and recommend fast reactions to unforeseen events.


Anticipate security breaches. You


will have to plan for emerging threats and the need to purchase both software and hardware to respond to threats as well to improve compliance and security. Don’t allow the outsourcer to select their own tools as they will pick those that maximize their revenue, not your security. You cannot predict the future. Provide some slack to adapt your contractor’s mission as business and the security landscape change.


History and finance


What is your future security partner’s financial status? For publicly traded companies, annual run rates of more than $40 million per year in managed security services contracts indicate a sufficient base of revenue to support growth and enhancement of services. For the biggest outsourcers,


management experience should include defence, government, and a range of industrial sectors. This is an important consideration because it indicates an outsourcer’s ability to meet wide security management needs, including the monitoring of all industry standard security products. An outsourcer should be able


to provide documented standards and policies for handling typical and atypical operations and threats. They must be able to show that they employ security specialists with


certified expertise across a broad range of security products from a variety of vendors. This allows a company the freedom to select best-of-breed solutions.


Philip’s five golden rules to keep your outsourcing lifeboat afloat:


• Make a transition plan and stick to it. • Get your outsourcing plan in writing. • Achieve transparency in security practices.


• Investigate their financial status, compliance standards, history and audit points.


• Find experts in the areas you need. www.netcommseurope.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60