Clouding the Outsourcing Issue, part 2

by

Don't bother trying to reach me the next few weekends; it’s playoff time in the NFL!

I promised my wife way back when we started dating that she need not be a "football widow" every Sunday during the season. However, our relationship has spanned roughly the same time period as the unmitigated success of my New England Patriots and during that period she has come to know that my availability and attention during weekends from early January through the Super Bowl in early February are going to be dependent upon the NFL's playoff schedule...especially when the Patriots are involved.

Fortunately, not only does she not get angry, but also she supports it, even though she dislikes sports. We've hosted Super Bowl parties and in preparation I happily do the "grunt work" and "food prep", but I yield the responsibility for organizing all the other elements of the party to her. Why?

Because much like organizations making a decision to outsource work, she knows what she's doing better than I do.

The Blind Side

Back in September in "Clouding the Outsourcing Issue, part 1," I likened the decision to outsource to a "Hail Mary" pass in football because much like this desperation pass, companies often view the relinquishment of control over a project when outsourcing as a "hope and a prayer" type of approach. But sometimes there's no other option. In-house teams can’t keep up with the latest developments in hardware, software, network architecture and the like; meanwhile outsourced teams are more focused on making money than on providing solutions and service.

This already confusing argument is now being further convoluted by a new option: cloud computing.

Charlie Babcock, in a recent InformationWeek article calls cloud vs. outsourcing, “The Next Battleground.” Naysayers will claim that cloud technology isn’t mature enough to enter this debate, but I believe with the use of powerful automated analysis and measurement solutions, the visibility IT teams gain provides the control necessary to manage a cloud-based network effectively. It's just this kind of control that companies fear they lack when they outsource a project, so perhaps the cloud would provide them with the kind of "close to home" comfort level they seek.

A November 2011 PricewaterhouseCoopers survey of 489 IT executives, cited by Babcock, reports 77 percent of surveyed companies have started or have plans for some form of cloud computing and 64 percent said the cloud will be the “best way” to manage infrastructure three years from now.

Babcock adds that IBM, HP and others, who have deep connections with companies based on longstanding outsourcing relationships, do not necessarily have a leg up on Amazon, Rackspace and other cloud infrastructure providers. Outsourcers that add cloud services may keep the customer, but they will lose some of their profits, since racks of commodity services will replace the highly-specialized IT services they previously provided.

There’s lots more bad news for traditional outsourcers: 55 percent of those surveyed believe private cloud service providers will be best equipped to provide cloud infrastructure three years from now, versus 39 percent who believe traditional outsourcing companies will be. And, even among companies currently working with traditional outsourcers, 52 percent said providers with a cloud focus will be the best infrastructure partners in the future.

Respondents believe cloud-only service providers will be able to combine the managed infrastructure of an outsourcer, with customers becoming responsible for managing workloads. In this scenario, if the customer instructs the service provider to run a series of applications at a given day and time, they can be certain it will happen, barring some type of service interruption.

Babcock writes that private cloud services are available both on-premises or over the public cloud.  When offered through the public cloud, the services typically include hardware isolation from other customers’ content, encrypted communications over a VLAN or secure line, and secure data handling procedures.

The Longest Yard

John Chapas II, an attorney with Reed Smith LLP, offers some related opinions in a Boardmember.com article earlier this year.  He comments that both outsourcing and cloud computing strategies come with potential security issues around sensitive information.

When maintained in-house, IT teams are able to easily determine if data is protected at a level required by the company and the company has control over modifying data security and completing upgrades. This level of control is especially important where there are legal requirements surrounding data security and breach disclosure. These legal requirements focus on sensitive information, such as nonpublic personal information (e.g., Social Security numbers and credit card numbers). He adds that many states now have legally required remedies for data security breaches, such as written notifications to affected individuals. For an extensive breach, these notifications are not only time-consuming, they are also terribly expensive.

When a company outsources or employs a cloud infrastructure, the company no longer maintains control of security. This loss of control can be problematic since the company is still responsible for protecting the data and the same remedies apply if there is a breach.

Company IT and legal teams should require either the outsourcing or cloud service provider to possess and maintain security measures that meet the company’s legal and fiduciary responsibilities. This can include all requirements for data security such as encryption, vulnerability testing, audits, passwords, firewalls, et al.

Whether it’s cloud or outsourcing, company managers often rely on the vendor’s reputation, when they should be scrutinizing the contract to ensure the vendor meets data security requirements.  With appropriate verbiage in the agreement, the vendor might initially meet the company’s date security requirements at the outset, but then make changes to security policies that would put the company out of compliance.

All the Right Moves

It’s pretty clear the moving infrastructure to the cloud (IaaS) is here to stay and will be an increasingly viable option for company IT teams.  Regardless of whether data is maintained in house, outsourced or managed in the cloud, an automated solution to analyze and measure software quality should be an essential part of the solution.

When company IT teams are considering either outsourcing or cloud-based strategies, they should require vendors to include ongoing software analysis and measurement as part of the offering, and this requirement should be written into the contract.  Structural analysis and measurement solutions are as important to business continuity as firewalls,  antivirus software and robust storage solutions.

Well, time for me to get on my "game face" and decide which team I want to see the Patriots beat on January 14. Meanwhile IT teams should be getting on their own game faces because when it comes to managing and protecting their company’s critical information assets effectively, whether it's done in-house or via an outsourced or cloud solution, every day is the playoffs.

Filed in: IT Leadership
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|