Playing With Fire

The debate continues as to the impact outsourcing has on our economy. With thousands of IT jobs moving offshore, a new frontier is approaching: the outsourcing of your security.

Yes, I said it and I am concerned about it. Do you feel safe turning over the keys to your front door? I certainly do not.

There are reasons why it may appear to make sense to turn to an outside vendor to secure your network. Examples include having a MVP staff of security specialists at your fingertips 24 hours a day, 7 days a week. This all-star squad comes cheaper than keeping a security specialist on staff which could require you to pay a salary of $110,000 plus. “So what,” you wonder, “are the drawbacks?”

Well, if you decide to outsource security, a typical network configuration allows the security firm VPN access to your network. From this point, they can monitor the security of all of your systems from their operations center.

But do you know who is monitoring your systems? Have you done your due diligence?

If you choose to outsource your security, how sure can you be that the people monitoring the security of your infrastructure have the proper credentials and are trustworthy? There are far too many risks involved in my opinion to take this chance.

As an IT decision maker, I would rest easier at night knowing I personally hired my security staff, and they are in-house and trained to the specifications of my company (not a security company in India or China).

I want to be able to call Bob at 11:30 p.m. without the concern of time zones or talking to someone I have never had a face-to-face with. Face-time is important when it comes to the security of your network.

Interestingly, though, we are beginning to see that the outsourcing of jobs to India was just a starting point. Now that IT workers in India are getting more established, there has been a 15-to-18 percent jump in the salary of the average IT employee in India. I even heard in recent news that Indian employers are organizing against employees to keep costs down, and some Indian software companies have even chosen to outsource their jobs to China. They are doing this because it is one of the strings they can pull in a global economy.

Case in point: Imagine you hire a security firm to monitor your firewalls, put in place intrusion detections systems, and the whole nine yards; and you come to find out months later that the company you hired really isn’t doing the work. They have outsourced it to another country or firm.

This could get ugly. But more importantly, it could get to the point where you really don’t know who has access to your data. Is that risk worth it?

Your network security and your data are the most important assets your company owns. You can outsource support all day long but I would never outsource the security of my network nor my database administrator (DBA). Keep these people in house. Pay them well and rest easy.

Steven Warren is an IT consultant for the Ultimate Software Group and a freelance technical writer who has been a regular contributor to TechRepublic, TechProGuild, CNET, ZDNET, and, now, CIO Update. He is the author of “The VMware Workstation 5.0 Handbook” and holds the following certifications: MCDBA, MCSE, MCSA, CCA, CIW-SA, CIW-MA, Network+, and i-Net+.