Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Best and Worst Security Functions to Outsource
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/14/2017 | 3:04:33 AM
Re: Outsource?
> When the CEO criticizes the leadership openly in end of the year meetings, the end is near.

Bad leadership begets bad leadership, sounds like to me.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/13/2017 | 3:23:57 PM
Re: Outsource?
Glassdoor review of IT at Abbott Laboratories --- 10 year veteran of the trench wrote this and it is ruthless to the extreme but I agree with it fully.

 

Core IT is a disaster. The old, tired women leading the BTS are overwhelmed and under qualified. They outsourced large portions of the business and have never had experience in this type of environment. They yell a lot but give little direction. Layoffs all the time (more today). No job is safe and hours are long. It's a total mess. Ask any one of the hundreds they've erased in the last 12 months. Advice to Management Dump the current IT leadership and get someone with experience. Preferably someone who can control their weight and their behavior. When the CEO criticizes the leadership openly in end of the year meetings, the end is near.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/13/2017 | 3:20:19 PM
Re: Outsource?
@REISEN: Wipro is a particularly apt example for you to bring up, given how workers there allegedly scammed TalkTalk customers, as reported here and elsewhere: bbc.com/news/technology-39177981
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/13/2017 | 3:16:45 PM
Re: Outsource IT Projects
Moreover, @REISEN, I'm not even speaking of American outsourcing to dirt-cheap Asian vendors. Even intranational outsourcing can be deleterious if you're talking about a large country with a vendor in a totally different and far away part of the country compared to the customer.

I saw this relatively recently with an east-coast customer and a west-coast vendor (albeit outside of the security context, but I believe the point may hold true all the same). West-coast vendor had no clue and was making all kinds of screwups that wouldn't even occur to a local or even semi-local vendor. Simply because they didn't know the area. (And, conversely, I imagine the same could be true vice versa.)
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/13/2017 | 8:29:57 AM
Re: Outsource IT Projects
Vendor location is important but how many American firms have huge footprints for their offices in India?  Wipro, Tata, Infosys and now IBM of all things.  That implies time issues and also knowledge content.  There ARE a few smart folk in every outsource firm - they are rare.  Outsource to American management means lower salary expense, lower benefit expense and cheap labor PERIOD. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/11/2017 | 4:53:57 PM
Re: Outsource?
To be fair, Equifax's data-protection issues are clearly so great that it doesn't matter WHO the vendor is or even the fact of the existence of a vendor.

Echoing earlier comment, vendors can be fine if you choose wisely, work with them, and don't just hire them to forget about things so they can clean everything up with no input from you as the client. I suspect that Equifax took a set-it-and-forget-it attitude with security.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/11/2017 | 4:50:29 PM
Re: Outsource IT Projects
@REISEN: Obviously, it depends on the context, but yes, that's why it pays to be careful about outsourcing.

One friend of mine recent took a new job. Since taking it last year, she's spent that time insourcing almost everything within her purview because of the inadequacies and problems of the vendors and how the company dealt with its vendors. Now, things are much more streamlined, and the vendors that she has kept (albeit for much less) have been able to deliver better because of how she has improved communications and workflow with the vendors.

The worst vendor relationships/productivity tend to come from the idea of just hiring a vendor so as to forget about something entirely or near entirely. Hiring a vendor means that vendor is now a part of your team to manage. And the vendors who market themselves as "just hire us and forget it" tend to be the worst to work with.

Moreover, localization is important. In my experience, it's often beneficial to stick with a vendor that has a meaningful geographical presence in or near the area.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/11/2017 | 3:06:51 PM
Re: Outsource IT Projects
DISAGREE - Came out of an outsourced office locally.  It took 9 days for Wipro to route one ticket from ONE end of the office to me.  if 3 calls were made to users to resolve and not picked up, then the issue was closed.  Helpdesk knew nothing.    All the outsource firm cares for is GETTING PAID on time.  
Synergy360
50%
50%
Synergy360,
User Rank: Apprentice
10/11/2017 | 3:42:19 AM
Outsource IT Projects
It is good to have your projects outsource to a third party. The benefit will be unbiased decisions, skilled and knowledgeable people handling your project. For any sort of IT and 

Business Consulting Solutions, Contact Synergy 360 Consulting. Visit https://synergy360.com.au/services/ to know our services.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/3/2017 | 2:02:52 PM
Re: Outsource?
Agree - i was part of an outsource effort at Aon (140 staffers fired for Computer Science Corp) and THAT was a train wreck (ongoing this day) ---and just left a Wipro outsourced shop in Georgia.  There, a small office of 45 people ---- nice people too --- and it took the Help Deslk NINE DAYS to route a ticket from one user to me.  If the helpdesk called a user 3 times and did not connect, they consided the issue CLOSED out.  It gets worse of course.

OUTSOURCE FIRMS are interested ONLY in being paid and having CHEAP LABOR
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing Writer,  9/23/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25772
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25773
PUBLISHED: 2020-09-29
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.