Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Best and Worst Security Functions to Outsource
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/14/2017 | 3:04:33 AM
Re: Outsource?
> When the CEO criticizes the leadership openly in end of the year meetings, the end is near.

Bad leadership begets bad leadership, sounds like to me.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/13/2017 | 3:23:57 PM
Re: Outsource?
Glassdoor review of IT at Abbott Laboratories --- 10 year veteran of the trench wrote this and it is ruthless to the extreme but I agree with it fully.

 

Core IT is a disaster. The old, tired women leading the BTS are overwhelmed and under qualified. They outsourced large portions of the business and have never had experience in this type of environment. They yell a lot but give little direction. Layoffs all the time (more today). No job is safe and hours are long. It's a total mess. Ask any one of the hundreds they've erased in the last 12 months. Advice to Management Dump the current IT leadership and get someone with experience. Preferably someone who can control their weight and their behavior. When the CEO criticizes the leadership openly in end of the year meetings, the end is near.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/13/2017 | 3:20:19 PM
Re: Outsource?
@REISEN: Wipro is a particularly apt example for you to bring up, given how workers there allegedly scammed TalkTalk customers, as reported here and elsewhere: bbc.com/news/technology-39177981
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/13/2017 | 3:16:45 PM
Re: Outsource IT Projects
Moreover, @REISEN, I'm not even speaking of American outsourcing to dirt-cheap Asian vendors. Even intranational outsourcing can be deleterious if you're talking about a large country with a vendor in a totally different and far away part of the country compared to the customer.

I saw this relatively recently with an east-coast customer and a west-coast vendor (albeit outside of the security context, but I believe the point may hold true all the same). West-coast vendor had no clue and was making all kinds of screwups that wouldn't even occur to a local or even semi-local vendor. Simply because they didn't know the area. (And, conversely, I imagine the same could be true vice versa.)
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/13/2017 | 8:29:57 AM
Re: Outsource IT Projects
Vendor location is important but how many American firms have huge footprints for their offices in India?  Wipro, Tata, Infosys and now IBM of all things.  That implies time issues and also knowledge content.  There ARE a few smart folk in every outsource firm - they are rare.  Outsource to American management means lower salary expense, lower benefit expense and cheap labor PERIOD. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/11/2017 | 4:53:57 PM
Re: Outsource?
To be fair, Equifax's data-protection issues are clearly so great that it doesn't matter WHO the vendor is or even the fact of the existence of a vendor.

Echoing earlier comment, vendors can be fine if you choose wisely, work with them, and don't just hire them to forget about things so they can clean everything up with no input from you as the client. I suspect that Equifax took a set-it-and-forget-it attitude with security.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/11/2017 | 4:50:29 PM
Re: Outsource IT Projects
@REISEN: Obviously, it depends on the context, but yes, that's why it pays to be careful about outsourcing.

One friend of mine recent took a new job. Since taking it last year, she's spent that time insourcing almost everything within her purview because of the inadequacies and problems of the vendors and how the company dealt with its vendors. Now, things are much more streamlined, and the vendors that she has kept (albeit for much less) have been able to deliver better because of how she has improved communications and workflow with the vendors.

The worst vendor relationships/productivity tend to come from the idea of just hiring a vendor so as to forget about something entirely or near entirely. Hiring a vendor means that vendor is now a part of your team to manage. And the vendors who market themselves as "just hire us and forget it" tend to be the worst to work with.

Moreover, localization is important. In my experience, it's often beneficial to stick with a vendor that has a meaningful geographical presence in or near the area.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/11/2017 | 3:06:51 PM
Re: Outsource IT Projects
DISAGREE - Came out of an outsourced office locally.  It took 9 days for Wipro to route one ticket from ONE end of the office to me.  if 3 calls were made to users to resolve and not picked up, then the issue was closed.  Helpdesk knew nothing.    All the outsource firm cares for is GETTING PAID on time.  
Synergy360
50%
50%
Synergy360,
User Rank: Apprentice
10/11/2017 | 3:42:19 AM
Outsource IT Projects
It is good to have your projects outsource to a third party. The benefit will be unbiased decisions, skilled and knowledgeable people handling your project. For any sort of IT and 

Business Consulting Solutions, Contact Synergy 360 Consulting. Visit https://synergy360.com.au/services/ to know our services.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/3/2017 | 2:02:52 PM
Re: Outsource?
Agree - i was part of an outsource effort at Aon (140 staffers fired for Computer Science Corp) and THAT was a train wreck (ongoing this day) ---and just left a Wipro outsourced shop in Georgia.  There, a small office of 45 people ---- nice people too --- and it took the Help Deslk NINE DAYS to route a ticket from one user to me.  If the helpdesk called a user 3 times and did not connect, they consided the issue CLOSED out.  It gets worse of course.

OUTSOURCE FIRMS are interested ONLY in being paid and having CHEAP LABOR
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4020
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...
CVE-2021-43776
PUBLISHED: 2021-11-26
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other se...
CVE-2021-41243
PUBLISHED: 2021-11-26
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be add...