Would you entrust your hard-earned money to someone you barely know or just met? The classic answer to this question is of course a “No”. No, simply because of the lack of bond and trust with the other person. And another reason could be that, you can already keep and protect your money on your own.
But with today’s environment and business landscape, a “Yes” as an option is not bad at all. Yes, I will entrust my money to that someone/something provided he or she or it has the expertise and tools to safeguard my money at all cost or even make my money grow. I also believe that this is one motivation why we make use of banks.
We deposit our hard earned money in banks for security and the additional benefit in the form of interests earned. Banks, in my opinion can be compared to that third party known as outsourcing company – a company that provides services that could be provided by company employees, as according to George W. Reynolds (2010), as in this case, we ourselves.
IT security in a company can be compared to our hard-earned money. As much as we want to just keep our money to ourselves, there are times the company needs an extra push to see to it that all integral data, information and information systems and processes are secured which most of the time, the company alone cannot do or is more costly and skills intensive when a company does it.
However, just as our hard-earned money when put in a bank is exposed to various risks such as interest/market risks and the like, various issues are also involved when IT security is outsourced. The following, I believe, are the primary questions the management should ask themselves and should be answered by a “YES” when outsourcing IT security is taken into account:
- Don’t we have the expertise and facility to do it on our own?
- Is this strategy cost efficient?
- Do we know a reputable and trusted company to do this for us?
- Can we ensure that information technology security is not compromised?
When IT security is outsourced, the answer to question no. 4 is very vital. Just like in banks, confidential information are safeguarded by policies and protocols indicated in documents signed by the depositors/clients. In question no. 4, yes, we can ensure that information security is not compromised. How? By creating stipulations in our service level agreement that warrants exploitation of systems and all company information. The SLA pertaining to this section should include clauses similar to the following:
- Right of the company to terminate the contract anytime when any of the following is leaked and and/or compromised and/or exploited:
- Company information such as strategies, processes, information systems, employee data and/or any other data or information deemed by the company as confidential
- Fine amounting to for example, the total contract price plus 50% of the total contract price
- Case to be filed by the company legal counsel when such situation arise
- The contract will not be allowed for subcontracting
- The project will be headed by the selected project manager of the company in partnership with the selected project manager of the outsourcing company
- The project team members will be composed of the top performing employees of good character and the like
When IT security is outsourced, vigilance of each of the employees and managers is also necessary. On the spot audits can also be done just to see to it that everything is in order. Just as what we do, we do balance inquiries of our bank accounts for our own internal control.
Yes our hard-earned money and IT security on the onset may seem very different but when you look at it closely, similarities do exist. One thing is for sure, they are the things we and the company don’t want to lose.