The risk of offshoring security

Kim Crawley, security researcher for InfoSec Institute

Over the past twenty years or more, corporations in nearly all industries have been outsourcing and offshoring at hyperdrive.

Venture capitalist firms, public shareholders, various types of financial firms, and corporate executives are driven by the temptation of reducing labor expenses, so they're delegating accountability and responsibility to foreign parties. Often the money saved by offshoring simply goes back into the pocketbooks of executives. They also often get bonuses, sometimes in seven or eight figures, to reduce as much domestic labor as possible.

But the costs of this trend are insurmountable.

First of all, with more and more Americans, Canadians, and other people in developed countries out of work, our economies are being destroyed. That doesn't reflect in the stock market -- not yet, anyway. But it will, probably within the next decade. Often the millions of chronically unemployed or underemployed (such as working at McDonald's or Walmart) have BAs, MAs, or even PhDs. Many more have significant licenses and certifications in various trades.

A large percentage of those people are in their thirties, forties and fifties. They have years of experience in their areas of expertise, but they cannot find work in their fields, so they collect welfare, and work as Walmart cashiers.

Keep in mind that in the United States, a large percentage of workers at Walmart, McDonald's, and other low wage employers still have to collect welfare and use food stamps in order to survive. When more and more people lack the spending money to buy consumer goods and services, the whole economy suffers. That change started to become noticeable in 2008, and it's only getting worse.

But, our economies and our ordinary citizens aren't the only areas being hurt by outsourcing, offshoring, and hiring "temporary foreign workers".

In the 21st century, we're totally dependent on computer technology. Even your grandma, who may not use a PC, smartphone or tablet, still goes to the bank, and goes to stores to shop. And her medical and governmental records are all managed with computer technology, as are her bank and her favorite shops.

What's most alarming is that IT security is being offshored.

Those who encourage the practice claim that offshoring IT security frees their in-house IT departments from having to do mundane work, so their labor can be allocated more efficiently. And look at all the money our company can save!

What somewhat comforts me is a Computer Security Institute study from several years ago, which surveyed 479 security executives from various corporations and organizations in the United States. 61% of them said they've outsourced none of their security functions. 22% said they've outsourced up to 20% of their security. 8% said they've outsourced 21% to 40%. 10% said they outsourced 41% or more of their security.

1  2  3  4  Next Page