Choosing An Outsourcer
It is difficult to choose an outsourcer because it's hard to tell the difference between good and bad computer security. By the same token, it's hard to tell the difference between good and bad medical care. Because most of us aren't healthcare experts, we can sometimes be led astray by bad doctors who appear to be good. So how do we choose a doctor or a hospital? I choose one by asking around, getting recommendations, and going with the best I can find. Medical care involves trust; I need to be able to trust my doctor.
Security outsourcing is no different; companies should choose an outsourcer they trust. Talking with others and asking industry analysts will reveal the best security service providers. Go with the industry leader. In both security and medical care, you don't want a little-known maverick. Companies buying security services should also avoid outsourcers that have conflicts of interest. Some outsourcers offer security management and monitoring. This worries me. If the outsourcer finds a security problem with my network, will the company tell me or try to fix it quietly?
Companies that both sell and manage security products have the same conflict of interest. Consulting companies that offer periodic vulnerability scans, or network monitoring, have a different conflict of interest: they see the managed services as a way to sell consulting services. (There's a reason companies hire outside auditors: it keeps everyone honest.) Outsourcers offering combined management and monitoring services will be among the next to disappear, I believe. If a company outsources security device management, it is essential that it outsource its monitoring to a different company.
In any outsourcing decision requiring an ongoing relationship, the financial health of the outsourcer is critical. The last thing anyone wants is to embark on a long-term medical treatment plan only to have the hospital go out of business midstream. Similarly, organizations that entrusted their security management to Salinas and Pilot were left stranded when those companies went out of business.
Modern society is built around specialization; more tasks are outsourced today then ever before. We outsource fire and police services, government (that's what a representative democracy is), and food preparation. Businesses commonly outsource tax preparation, payroll, and cleaning services. Companies also outsource security: all buildings hire another company to put guards in their lobbies, and every bank hires another company to drive its money around town.
In general, we outsource things that have one of three characteristics: they're complex, important, or distasteful. Computer security is all three. Its distastefulness comes from the difficulty, the drudgery, and the 3 a.m. alarms. Its complexity comes out of the intricacies of modern networks, the rate at which threats change and attacks improve, and ever-evolving network services. Its importance comes from this fact of today's business world: companies have no choice but to open their networks to the Internet.
Doctors and hospitals are the only way to get adequate medical care. Similarly, offshore outsourcing is the only way to get adequate security for today's networks.
About the Author: For further information on offshore outsourcing and offshore software development, please visit http://www.a1technology.com .