Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The dark side of outsourcing

Jane Grafton | March 1, 2011
Many CISOs are caught by this logical paradox as, encouraged by the greed of their CEOs to cut costs, the increase in IT outsourcing starts to reveal its dark side.

Tarquin eventually stops laughing as he becomes totally absorbed watching his download of Money Never Sleeps for the eighth time that day.

Tarquin has Dave in a head-lock and both parties know it. Let's look at what Dave needs to ask, what Tarquin will say, and what Tarquin really means.

Dave:    I've failed the audit - why?

Tarquin:    Passing an audit isn't part of the contract.

Means:    Here we go again! This is the call I've been waiting for - Operation Contract Negotiation in T minus 20 seconds.

Dave:    Well, we have to fix this. What are we going to do?

Tarquin:    We'll have to renegotiate the contract. Tell me what you want us to do.

Means:    Get in!!!!!

Dave:    I want you to make sure we pass the next IT audit.

Tarquin:    Any good auditor will tell you it's not about pass or fail, it's about the amount of risk you're exposed to. From that, you'll need to make an informed decision. So, what do you want to do?

Means:    You haven't got a clue have you. You're talking about privileged identities, so you can't just leave things to chance because the risk is too great. You've got a hole that needs plugging and I'm just the man for the job - but I don't come cheap. The real question is, how much can I fleece you for?

Dave:    I can't tell you how to mitigate this risk - isn't that your job?

Tarquin:    We'll have to set up a temporary contract, at an hourly rate, to evaluate how to fix the problem.

Means:    That means working out all the various permissions and how they're being used and with the size of UK PLC that's no small feat - if we're even able to do it. We're talking mega-bucks. It's about time the shareholders spread the wealth and sent a little my way.

Dave:    Surely this is covered by the contract?

Tarquin:    Unfortunately not. When we originally scoped everything out and agreed to take on the tools you were using, privileged identity management wasn't part of the scope of work. So, if you change our remit, or add new tools, then that changes our relationship and the contract.

Means:    Of course it's not - only an idiot would make solving problems part of the contract. You really should have put more thought into SLAs. Instead, I was able to reel you in with an irresistible monthly fee. I knew the day would come that I'd be able to renegotiate and screw you for every penny.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.