Interesting ideas floating around today, the basic premise is that people are earning a lot of money to build and tear down ACL’s, manage routers, switches, firewalls, and other general day to day maintenance.
As well as pushing patches, building and tearing down boxes, and a host of other day to day, and fairly dull work. The concept is to outsource the grunge work, saving expensive staff for projects, architecture, and other high value high visibility projects, reduce the staff hours spent doing grunge work, and over all improve the quality of the work environment.
This is probably one of the better ideas, both from the social aspect, as well as from the business aspect. And here is why.
From the business aspect:
The average security employee here in Seattle costs 85,000 dollars a year, +10% taxes, plus on average 25% in perks, benefits, medical and dental. This brings up the average cost of an employee to a little under 117,000 dollars. This is a rough rule of thumb, the same holds true for network admin and system admin. Outsourcing day to day simple tasks, or about 5 people in a medium sized company, can save somewhere on the order of 600,000K in employee costs. If you can outsource these kinds of tasks, those issues are dropped off to someone else, and you can usually negotiate a contract for that in the 400,000 to 450,000 range, with an instant savings that is show able to management.
Quality of Service metrics are easily maintained using ticketing systems, those can form the core of QOS metrics that can determine how well the outsource company is doing in performing those day to day tasks.
Technology like VPN systems, RSA authentication and others can go a long way in making sure that only those authorized can actually access the systems.
You only need one manager in company to keep an eye on and track the outsource company. That one manager should have the authorization and authority to authorize changes to ACL’s, firewalls, and other systems if they are needed. One point of contact for both companies can help communications and keep the operation moving smoothly.
You have staff available then for the high priority, high value, high visibility projects, that are fun, exciting, new, and otherwise can give folks a high quality of work environment where they can go build something, be innovative and entrepreneurial.
From the Work Social Aspects
You now have people who can run with those new systems, high value projects, and other projects that have been sitting on the back burner because of lack of resources.
You can work on building out the innovative environment when the day to day management of the thousands of small tasks is no longer your issue.
People can build out more diverse teams and work with different segments of the company on a more regular basis because they are not nose down into technical mundaneness of IT overall.
Something to think about, while doing your home work, and finding organizations that have been SAS 70, ISO or other standards signed off on will be interesting. They are out there, and can really free employees to go off to do the fun stuff, while the day to day grunge work is pushed onto someone else.
Add to 
Bookmark Murdok:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
