Five Golden Rules for a Secure Cloud Migration - Page 2
4. Know Their Financial Status, Compliance Standards, History, and Audit Points
What is your future security partner’s financial state? For publicly traded companies, Gartner estimates that annual run rates of more than $40 million per year in managed security services contracts indicate a sufficient base of revenue to support growth and enhancement of services.
For the biggest outsourcers management experience should include defense, government, and a range of industrial sectors. This is an important consideration because it indicates an outsourcer’s ability to meet wide security management needs, including the monitoring of all industry standard security products.
An outsourcer should be able to provide documented standards and policies for handling typical and atypical operations and threats.
They must be able to show that they employ security specialists with certified expertise across a broad range of security products from a variety of vendors. This allows a company the freedom to select best-of-breed solutions.
The outsourcer must also have facilities, processes and procedures in place that are validated and certified by a third-party auditor. Compliance can be a side effect of good security, or a gigantic make-work scheme for the outsourcer. Put yourself in the outsourcer’s position - why fix the problem on thousands of machines in an hour using a security management tool, when they could bill for months reimaging systems? The organization should take ownership of its own security and not outsource its direction. Pick the best of breed security solutions, do not use checkboxes to select solutions nor should you allow purchasing to select your security solutions. You don't pick a doctor by the lowest price; you’re far better off finding the one with most expertise and history of success. You should do the same for your security - don’t allow critical processes to be controlled solely by your contractor or low level employees.
5. Find Experts in the Areas You Need
In the role of subject matter expert and experienced implementer of systems, the right outsourcer can be a godsend if you can find them. The key is to know how much specialised value your outsourcer can add to your organization and how quickly they can do it.
So those are our five golden rules. But remember - our position is that outsourcing as a means solely to reduce costs is a fraud since these cost reductions are achieved by gutting the organization of its talent and providing its customers with the poorest possible support at the lowest cost.
Ultimately outsourcing for cost savings alone leaves a company weak and ill prepared to respond to emerging threats and opportunities. On the other hand, outsourcing to provide unique talent that is otherwise unavailable or impossible to train can provide your company with distinct competitive advantages. Outsource when there’s expertise to be gained (through contracting of specialists), not lost (through abandonment of loyal staff).
Happy outsourcing!
