RE: Outsourcing.

[James Vaughn <james () acuity com>]

I've not personally had any dealing with IT-outsourcing (not to including
software engineering / DBA-type contracting).  Our IT organisation is small
but full-service and, as a result, generally there's not the bandwidth of
manpower to efficiently get things done.  Based on this, I've considered
researching & looking into outsourcing for some of the more time-intensive
functions.  Unfortunately, most of these are the crisis-management
interruptions that occur unexpectedly throughout any given work period --
how do you outsource that?

Conversely, I /won't/ consider outsourcing any of the more critical aspects
of the infrastructure for reasons very similar to what you've mentioned;
what the upper echelon finance controllers are willing to spend is, quite
simply, not enough to guarantee the integrity and quality necessary for good
networking & security -- whether contractually outside the company or,
occasionally, even within.

I suppose this indicates - 'true' or not - the fear of cheap outsourcing
having a damaging effect is very real.  Not necessarily in terms of being
exploited, or network integrity, but with the additional consideration that:
For an organisation already having some form of an internal IT / MIS
department, the individuals within such a technical department must work
under / with the consequences of any outsourcing that takes place; often
being held responsible for the [potentially bad] work done via contracting.

For such companies that don't have their own internal IT staff?  I can only
imagine that, in many circumstances, they [will] get raked over the coals in
terms of quality, costs, and hassle.  I do trust in the existence of
trustworthy, honourable outsourcing IT organizations, but haven't met any
yet...  Maybe I should find some mates and start one.  *chuckle*

- Kensho


-----Original Message-----
From: Darren Reed [mailto:darrenr () reed wattle id au]
Sent: Sunday, April 18, 1999 9:56 PM
To: firewall-wizards () nfr net
Subject: Outsourcing.



There appears to be some sort of "outsourcing fad" progressing its way
through organisations, involving business units which are not deemed to
be "core" given to third parties to supply - one of these, of course is
IT (desktop, network, etc).  Whilst many of us may not be in a position
to do anything about it (or are a part of an organisation which is on
the receiving end), the mode of operation that these outsourcing companies
need to operate under for profit making to be a reality would seem to be
at odds with that required for good network integrity.  That is, they need
to economise in some way, such as managing several customers from one set
of "consoles".  This introduces an obvious risk: the agent can become an
interconnecting "ISP" between their clients, to each of whom they require
network connectivity for "proper network management".  Amongst the problems
with this is the resistance of the company providing the outsourcing to
spend any more money than they have to on silly things like firewalls
between them and their clients.  ("groan" I hear you say)

Have others here had dealings with outsourcing companies and managed to get
them to act responsibly with regard to protecting the integrity of their
clients' networks or have any stories about such a setup being exploited ?
(names need not be mentioned).

Cheers,
Darren