Outsourcing

Would you outsource the security of your data center?


The debate continues as to the impact outsourcing has on our economy. With thousands of IT jobs moving offshore, a new frontier is approaching: the outsourcing of security in your data center.

Yes, I said it and I am concerned about it. Do you feel safe turning over the keys to your front door? I certainly do not.

There are reasons why it may appear to make sense to turn to an outside vendor to secure your network. Examples include having a MVP staff of security specialists at your fingertips 24 hours a day, 7 days a week. This all-star squad comes cheaper than keeping a security specialist on staff which could require you to pay a salary of $110,000 plus. “So what,” you wonder, “are the drawbacks?”

Well, if you decide to outsource security, a typical network configuration allows the security firm VPN access to your network. From this point, they can monitor the security of all of your systems from their operations center.

But do you know who is monitoring your systems? Have you done your due diligence?

If you choose to outsource your security, how sure can you be that the people monitoring the security of your infrastructure have the proper credentials and are trustworthy? There are far too many risks involved in my opinion to take this chance.

As an IT decision maker, I would rest easier at night knowing I personally hired my security staff, and they are in-house and trained to the specifications of my company (not a security company in India or China).

I want to be able to call Bob at 11:30 p.m. without the concern of time zones or talking to someone I have never had a face-to-face with. Face-time is important when it comes to the security of your network.

Interestingly, though, we are beginning to see that the outsourcing of jobs to India was just a starting point. Now that IT workers in India are getting more established, there has been a 15-to-18 percent jump in the salary of the average IT employee in India. I even heard in recent news that Indian employers are organizing against employees to keep costs down, and some Indian software companies have even chosen to outsource their jobs to China. They are doing this because it is one of the strings they can pull in a global economy.

Case in point: Imagine you hire a security firm to monitor your firewalls, put in place intrusion detections systems, and the whole nine yards; and you come to find out months later that the company you hired really isn't doing the work. They have outsourced it to another country or firm.

This could get ugly. But more importantly, it could get to the point where you really don't know who has access to your data. Is that risk worth it?

Your network security and your data are the most important assets your company owns. You can outsource support all day long but I would never outsource the security of my network nor my database administrator (DBA). Keep these people in house. Pay them well and rest easy.

4 comments
HAL 9000
HAL 9000

Security is far too important to Out Source under any circumstances. Once you loose control of your Data you loose the company. As for India Workers they are now too expensive so the companies are outsourcing their work to lower paid countries so that they can maintain the price advantage. Unfortunately Security in a case like this isn't considered as Important when the Bottom Line is taking a hit. Every time that this happens Security is lessened and there is no possibility of improving the situation. In the end the companies end up spending more to get cheaper monitoring and everything falls to bits. You also need to look at any Local Laws that you need to comply with before even broaching this subject. Col

Tig2
Tig2

No way in the world and this is one of the few places where I would say, "There ought to be a law". Considering the fact that we already don't do a hot job with security in the US (TJX, anyone? How about the VA?) I think that it is critical that that stay on shore. Steve, you are absolutely correct- when you need to see your Chief of Security, you need to see him/her. Take a message just don't cut it. Edit- typo

Scott Lowe
Scott Lowe

There's a lot of reading out there about trade imbalances with foreign powers, about foreign powers looking for weakenesses in American cybersecurity and a lot more. If an organization makes the decision that data center security absolutely has to be outsourced, hopefully said organizations have strict clauses in contracts forbidding the oursourced organization from, in turn, outsourcing the work.

ManiacMan
ManiacMan

specifically among those that favor outsourcing and those than strongly oppose it. Of all things to not outsource, security is one of them. It's bad enough many large accounting firms are outsourcing people's private data overseas for things like income tax returns, but Data Center Security is way over the lineif you ask me.

Editor's Picks