Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Cheapskate execs pay the price for outsourcing IT

Infoworld | June 10, 2013
Execs outsource company website duties but figure there's no need to hire maintenance staff. So guess who they call in a jam?

Why is it so hard for some executives to understand that systems require maintenance in order to run properly? No, the technology does not magically work day after day all by itself. In fact, employees on the back end toil around the clock to make it so. But as in this story, IT's arguments are often ignored — until, of course, something breaks.

One day, the people a bit higher up in the line of command at my company told us that we were going to outsource our website to save on upkeep and labor costs. Rather than have IT manage it in-house, they wanted to hire two third parties: a Web hosting service and a Web developer. The only part managed in-house would be the website's content, which would be updated by a marketing employee.

They said they wanted IT to be out of managing the website so that we could focus on more business-oriented initiatives. Less work for us and more involvement in the business side? That sounded good. Even so, we were reluctant to give up control and had many questions about security and maintenance. Our questions were waved away with, "Oh don't worry, it's all taken care of." Nor were the higher-ups definitely interested in hearing about possible disadvantages. This change made sense to them from a fiscal standpoint — end of story.

They proceeded to outsource our site to a Web hosting service that charged a very low monthly rate. They also contracted a Web developer to create and set up the new website on the Web host. We were told all this in passing, again with the ominous words of "it's all taken care of."

What could possibly go wrong?
This arrangement worked well for a couple of years, and the suits were quite proud of themselves. But one day we found out that our site had been blacklisted by Google and was now classified as an attack site. The marketing person who had been maintaining the content asked me to find out what was going on.

Based on quick investigation, it appeared that our site had been hacked. I thought the hack might be from an unpatched hole in the CMS software, because I noticed that the CMS was an old version that was no longer supported. But I wondered why the CMS hadn't been updated.

I asked the execs and found out they hadn't been in touch with the Web developer since he first created and set up the website. I tried to contact the developer, but no luck. I don't know if he was on vacation, moved, or whatever, but he was definitely not available.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.