Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Best and Worst Security Functions to Outsource
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
10/14/2017 | 3:04:33 AM
Re: Outsource?
> When the CEO criticizes the leadership openly in end of the year meetings, the end is near.

Bad leadership begets bad leadership, sounds like to me.
REISEN1955
REISEN1955,
 User Rank: Ninja
10/13/2017 | 3:23:57 PM
Re: Outsource?
Glassdoor review of IT at Abbott Laboratories --- 10 year veteran of the trench wrote this and it is ruthless to the extreme but I agree with it fully.

 

Core IT is a disaster. The old, tired women leading the BTS are overwhelmed and under qualified. They outsourced large portions of the business and have never had experience in this type of environment. They yell a lot but give little direction. Layoffs all the time (more today). No job is safe and hours are long. It's a total mess. Ask any one of the hundreds they've erased in the last 12 months. Advice to Management Dump the current IT leadership and get someone with experience. Preferably someone who can control their weight and their behavior. When the CEO criticizes the leadership openly in end of the year meetings, the end is near.
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
10/13/2017 | 3:20:19 PM
Re: Outsource?
@REISEN: Wipro is a particularly apt example for you to bring up, given how workers there allegedly scammed TalkTalk customers, as reported here and elsewhere: bbc.com/news/technology-39177981
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
10/13/2017 | 3:16:45 PM
Re: Outsource IT Projects
Moreover, @REISEN, I'm not even speaking of American outsourcing to dirt-cheap Asian vendors. Even intranational outsourcing can be deleterious if you're talking about a large country with a vendor in a totally different and far away part of the country compared to the customer.

I saw this relatively recently with an east-coast customer and a west-coast vendor (albeit outside of the security context, but I believe the point may hold true all the same). West-coast vendor had no clue and was making all kinds of screwups that wouldn't even occur to a local or even semi-local vendor. Simply because they didn't know the area. (And, conversely, I imagine the same could be true vice versa.)
REISEN1955
REISEN1955,
 User Rank: Ninja
10/13/2017 | 8:29:57 AM
Re: Outsource IT Projects
Vendor location is important but how many American firms have huge footprints for their offices in India?  Wipro, Tata, Infosys and now IBM of all things.  That implies time issues and also knowledge content.  There ARE a few smart folk in every outsource firm - they are rare.  Outsource to American management means lower salary expense, lower benefit expense and cheap labor PERIOD. 
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
10/11/2017 | 4:53:57 PM
Re: Outsource?
To be fair, Equifax's data-protection issues are clearly so great that it doesn't matter WHO the vendor is or even the fact of the existence of a vendor.

Echoing earlier comment, vendors can be fine if you choose wisely, work with them, and don't just hire them to forget about things so they can clean everything up with no input from you as the client. I suspect that Equifax took a set-it-and-forget-it attitude with security.
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
10/11/2017 | 4:50:29 PM
Re: Outsource IT Projects
@REISEN: Obviously, it depends on the context, but yes, that's why it pays to be careful about outsourcing.

One friend of mine recent took a new job. Since taking it last year, she's spent that time insourcing almost everything within her purview because of the inadequacies and problems of the vendors and how the company dealt with its vendors. Now, things are much more streamlined, and the vendors that she has kept (albeit for much less) have been able to deliver better because of how she has improved communications and workflow with the vendors.

The worst vendor relationships/productivity tend to come from the idea of just hiring a vendor so as to forget about something entirely or near entirely. Hiring a vendor means that vendor is now a part of your team to manage. And the vendors who market themselves as "just hire us and forget it" tend to be the worst to work with.

Moreover, localization is important. In my experience, it's often beneficial to stick with a vendor that has a meaningful geographical presence in or near the area.
REISEN1955
REISEN1955,
 User Rank: Ninja
10/11/2017 | 3:06:51 PM
Re: Outsource IT Projects
DISAGREE - Came out of an outsourced office locally.  It took 9 days for Wipro to route one ticket from ONE end of the office to me.  if 3 calls were made to users to resolve and not picked up, then the issue was closed.  Helpdesk knew nothing.    All the outsource firm cares for is GETTING PAID on time.  
Synergy360
Synergy360,
 User Rank: Apprentice
10/11/2017 | 3:42:19 AM
Outsource IT Projects
It is good to have your projects outsource to a third party. The benefit will be unbiased decisions, skilled and knowledgeable people handling your project. For any sort of IT and 

Business Consulting Solutions, Contact Synergy 360 Consulting. Visit https://synergy360.com.au/services/ to know our services.
REISEN1955
REISEN1955,
 User Rank: Ninja
10/3/2017 | 2:02:52 PM
Re: Outsource?
Agree - i was part of an outsource effort at Aon (140 staffers fired for Computer Science Corp) and THAT was a train wreck (ongoing this day) ---and just left a Wipro outsourced shop in Georgia.  There, a small office of 45 people ---- nice people too --- and it took the Help Deslk NINE DAYS to route a ticket from one user to me.  If the helpdesk called a user 3 times and did not connect, they consided the issue CLOSED out.  It gets worse of course.

OUTSOURCE FIRMS are interested ONLY in being paid and having CHEAP LABOR
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.