Google’s in the press again, and this time about information security, and a host of other “specializations” that can be, and maybe should be outsourced.
In “Out Souring the Grunge Work,” I talked about taking all the day-to-day activities that could be rolled up and outsourcing them. Those included functions like daily system administration, AD administration, security administration and hive them off to a company that specializes in this field.
Today Google agreed with me, and you can make a safe bet that many other companies are thinking the same way. If you want to innovate, and you want to hire innovative people, you cannot have those same people doing day-to-day grunge work. Creative people are hard enough to find, you cannot afford to allow them to get bored along the way.
Google vice president Girouard said was:
“The way Google built what is on the order of a $10 billion business in eight years was through some pretty amazing innovation,” said Girouard, who is also a vice president at Google. “CIOs in particular are really in a difficult situation, and innovation isn’t something they can spend the majority of their waking hours talking about. The information technology business as it pertains to large businesses has become a lot of maintenance.” Girouard promoted the software-as-a-service model, saying companies should join this growing trend of outsourcing IT tasks, even if it means trusting third parties with sensitive information.” (Network World)
Many times, we have wrapped our ways around the concepts of outsourcing, and why it is both good and bad. Finding an outsource company you can trust, one that will accept your policies for operations, ones that have good talented people, and otherwise is part of the game.
You should not buy technology because of what someone says, you should buy technology because it is the best of breed, has a wide consumer base, and an excellent record of accomplishment of responding to clients needs.
You should not buy an outsource company based on lowest bid possible, you should buy support from an outsource company because they excel at what you are outsourcing, have deep roots and smart people in that kind of work, and have an excellent track record of responding to client needs. As well as enough insurance to cover liability, the ability to segregate data so that companies data does not intermingle, as well a host of other “shop smart” processes that will take the “worry” out of outsourcing.
Outsourcing may not be popular, but think about it, if you have an outsource company that specializes in information security, and they have the best and brightest, they are going to innovate in the field of information security, and innovate in ways that no other company can in the realm of information security. In the longer run, everyone ends up with a better product, at reduced costs, with the outsource company doing good things, and the company who out sources doing good things. As long as the passion, the skills, and the desire to innovate is there, everyone wins.
Shop smart though, not everyone is equally competent, do the homework, make sure that what the outsource company wants to give you is exactly what you need. Make sure they meet HIPAA, GLB, SOX, HB1386, SAS 70, and the host of other laws compliance. Talk to their customers, write the best legally binding contract available, and move forward, innovate and grow.
Add to 
Bookmark Murdok:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
