When signing outsourcing agreements, security should be considered before signing on the dotted line.
Components of security can be delivered effectively by outsource partners, but it takes more than hoping for the best. Outsourcing security components, like any other business decision, should consider the whole impact. One needs to complete due diligence, the risks need to be managed, mitigations implemented and of course assurance controls built in. While it is easy to blame security firms for the distressing state of most companies, the reality is the blame lies a lot closer. Individuals need to demand security from suppliers and take responsibility for delivering it in the areas they control.
Simon Burson is an information security consultant. He has delivered policies, operating models, architectures and solutions in both internal and customer facing security roles. Email him at firstname.lastname@example.org
Sign up for Computerworld eNewsletters.