Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Best and Worst Security Functions to Outsource
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
10/14/2017 | 3:04:33 AM
Re: Outsource?
> When the CEO criticizes the leadership openly in end of the year meetings, the end is near.

Bad leadership begets bad leadership, sounds like to me.
REISEN1955
50%
50%
REISEN1955,
 User Rank: Ninja
10/13/2017 | 3:23:57 PM
Re: Outsource?
Glassdoor review of IT at Abbott Laboratories --- 10 year veteran of the trench wrote this and it is ruthless to the extreme but I agree with it fully.

 

Core IT is a disaster. The old, tired women leading the BTS are overwhelmed and under qualified. They outsourced large portions of the business and have never had experience in this type of environment. They yell a lot but give little direction. Layoffs all the time (more today). No job is safe and hours are long. It's a total mess. Ask any one of the hundreds they've erased in the last 12 months. Advice to Management Dump the current IT leadership and get someone with experience. Preferably someone who can control their weight and their behavior. When the CEO criticizes the leadership openly in end of the year meetings, the end is near.
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
10/13/2017 | 3:20:19 PM
Re: Outsource?
@REISEN: Wipro is a particularly apt example for you to bring up, given how workers there allegedly scammed TalkTalk customers, as reported here and elsewhere: bbc.com/news/technology-39177981
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
10/13/2017 | 3:16:45 PM
Re: Outsource IT Projects
Moreover, @REISEN, I'm not even speaking of American outsourcing to dirt-cheap Asian vendors. Even intranational outsourcing can be deleterious if you're talking about a large country with a vendor in a totally different and far away part of the country compared to the customer.

I saw this relatively recently with an east-coast customer and a west-coast vendor (albeit outside of the security context, but I believe the point may hold true all the same). West-coast vendor had no clue and was making all kinds of screwups that wouldn't even occur to a local or even semi-local vendor. Simply because they didn't know the area. (And, conversely, I imagine the same could be true vice versa.)
REISEN1955
50%
50%
REISEN1955,
 User Rank: Ninja
10/13/2017 | 8:29:57 AM
Re: Outsource IT Projects
Vendor location is important but how many American firms have huge footprints for their offices in India?  Wipro, Tata, Infosys and now IBM of all things.  That implies time issues and also knowledge content.  There ARE a few smart folk in every outsource firm - they are rare.  Outsource to American management means lower salary expense, lower benefit expense and cheap labor PERIOD. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
10/11/2017 | 4:53:57 PM
Re: Outsource?
To be fair, Equifax's data-protection issues are clearly so great that it doesn't matter WHO the vendor is or even the fact of the existence of a vendor.

Echoing earlier comment, vendors can be fine if you choose wisely, work with them, and don't just hire them to forget about things so they can clean everything up with no input from you as the client. I suspect that Equifax took a set-it-and-forget-it attitude with security.
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
10/11/2017 | 4:50:29 PM
Re: Outsource IT Projects
@REISEN: Obviously, it depends on the context, but yes, that's why it pays to be careful about outsourcing.

One friend of mine recent took a new job. Since taking it last year, she's spent that time insourcing almost everything within her purview because of the inadequacies and problems of the vendors and how the company dealt with its vendors. Now, things are much more streamlined, and the vendors that she has kept (albeit for much less) have been able to deliver better because of how she has improved communications and workflow with the vendors.

The worst vendor relationships/productivity tend to come from the idea of just hiring a vendor so as to forget about something entirely or near entirely. Hiring a vendor means that vendor is now a part of your team to manage. And the vendors who market themselves as "just hire us and forget it" tend to be the worst to work with.

Moreover, localization is important. In my experience, it's often beneficial to stick with a vendor that has a meaningful geographical presence in or near the area.
REISEN1955
50%
50%
REISEN1955,
 User Rank: Ninja
10/11/2017 | 3:06:51 PM
Re: Outsource IT Projects
DISAGREE - Came out of an outsourced office locally.  It took 9 days for Wipro to route one ticket from ONE end of the office to me.  if 3 calls were made to users to resolve and not picked up, then the issue was closed.  Helpdesk knew nothing.    All the outsource firm cares for is GETTING PAID on time.  
Synergy360
50%
50%
Synergy360,
 User Rank: Apprentice
10/11/2017 | 3:42:19 AM
Outsource IT Projects
It is good to have your projects outsource to a third party. The benefit will be unbiased decisions, skilled and knowledgeable people handling your project. For any sort of IT and 

Business Consulting Solutions, Contact Synergy 360 Consulting. Visit https://synergy360.com.au/services/ to know our services.
REISEN1955
50%
50%
REISEN1955,
 User Rank: Ninja
10/3/2017 | 2:02:52 PM
Re: Outsource?
Agree - i was part of an outsource effort at Aon (140 staffers fired for Computer Science Corp) and THAT was a train wreck (ongoing this day) ---and just left a Wipro outsourced shop in Georgia.  There, a small office of 45 people ---- nice people too --- and it took the Help Deslk NINE DAYS to route a ticket from one user to me.  If the helpdesk called a user 3 times and did not connect, they consided the issue CLOSED out.  It gets worse of course.

OUTSOURCE FIRMS are interested ONLY in being paid and having CHEAP LABOR
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-46204
PUBLISHED: 2022-01-19
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
CVE-2022-0274
PUBLISHED: 2022-01-19
Cross-site Scripting (XSS) - Stored in NPM cypress-orchardcore prior to 1.2.2.
CVE-2021-33912
PUBLISHED: 2022-01-19
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand...
CVE-2021-33913
PUBLISHED: 2022-01-19
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data dep...
CVE-2021-42810
PUBLISHED: 2022-01-19
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.