cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer I

Have outsourcing activities left us incapable of reacting to security incidents?

The Australian core government has outsourced it's IT workforce to the tune of nearly 4,000 people; so what has happened here in New Zealand?

Over the last decade we have had a series of "restructure consultations" where the outcome is the same. A whole internal IT team is broken up into components where the lions share of the services are pushed out to a third party. The remainder are either just managing the third partys or doing something the third partys don't do.

In the past this has been services like service management being favorites to outsource, others like application development depend on who has the right skills to do it.

Irrespective this just leaves a few people in the business and most elsewhere.

This now means we can't fix anything ourselves and have to wait to the "leveraged" third party to get round to our job.

Security obviously is affected as our paramount need is to understand our risks, and be able to manage them.

Can we do this with just the few people left ??

https://www.itnews.com.au/news/canberras-biggest-agencies-reveal-size-of-outsourced-it-workforce-553...

3 Replies
Highlighted
Advocate I

Re: Have outsourcing activities left us incapable of reacting to security incidents?

It is a common problem where an organisation is hollowed out by outsourcing and there are insufficient people within the customer organisation with the right skill set or capacity to effectively manage the outsourced organisation.  

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Highlighted
Contributor I

Re: Have outsourcing activities left us incapable of reacting to security incidents?

@linzeeb wrote:

The Australian core government has outsourced it's IT workforce to the tune of nearly 4,000 people; so what has happened here in New Zealand?

Over the last decade we have had a series of "restructure consultations" where the outcome is the same. A whole internal IT team is broken up into components where the lions share of the services are pushed out to a third party. The remainder are either just managing the third partys or doing something the third partys don't do.

In the past this has been services like service management being favorites to outsource, others like application development depend on who has the right skills to do it.

Irrespective this just leaves a few people in the business and most elsewhere.

This now means we can't fix anything ourselves and have to wait to the "leveraged" third party to get round to our job.

Security obviously is affected as our paramount need is to understand our risks, and be able to manage them.

Can we do this with just the few people left ??


What's been your experience with having your company outsource IT services?

 

Mine has been fairly positive but there have been some draw backs. The main benefit has been allowing me more time out of the trenches. For example, I can focus on staff development, strategic planning, and projects more often. It allows me to be more of a generalist so to speak. Ticket completion times are longer but it was to be expected. 
   

Highlighted
Advocate I

Re: Have outsourcing activities left us incapable of reacting to security incidents?

The experience depends on the outsourcer and arrangements put in place to manage them.  I guess the general rule is don't outsource a mess.  You'll pay a high price and the outsourcer is likely to tie you to legacy arrangements which may not support your business of IT direction for a time.  Also don't outsource your crown jewels that you derive your competitive advantage from.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS