eBook - ePub
Managing Risk and Security in Outsourcing IT Services
Onshore, Offshore and the Cloud
This is a test
- 244 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Book details
Book preview
Table of contents
Citations
About This Book
With cloud computing quickly becoming a standard in today's IT environments, many security experts are raising concerns regarding security and privacy in outsourced cloud environments-requiring a change in how we evaluate risk and protect information, processes, and people.Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and
Frequently asked questions
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Managing Risk and Security in Outsourcing IT Services by Frank Siepmann in PDF and/or ePUB format, as well as other popular books in Business & Management. We have over one million books available in our catalogue for you to explore.
Information
Contents
Foreword
Preface
Acknowledgment
Chapter 1 Outsourcing
History of Outsourcing
Early Days of Outsourcing
Current State
Delivery Models
Onshoring
Nearshoring
Offshoring
Outsourcing Types
Technology Outsourcing
Business Process Outsourcing
Business Transformation Outsourcing
Knowledge Process Outsourcing
The Internals of Outsourcing
The Phases
Typical Financial Outsourcing Model
Geographical Regions
Top Outsourcing Countries
India
Indonesia
Estonia
Singapore
China
Bulgaria
Philippines
Thailand
Lithuania
Malaysia
Outsourcing Personnel
Consulting Personnel
Former Employees of Clients
Internal Resources
Third-Party Personnel
Hired Personnel
Teams
Salaries
Growth Strategies
Chapter 2 The cloud
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Private Cloud
Community Cloud
Public Cloud
Hybrid Clouds
What the Cloud Is and Is Not
Beyond the Cloud
Virtual Private Cloud
Standardization between CSPs
Compliance in the Cloud
Security and Privacy Issues with Cloud Computing
Scalability versus Elasticity
On-Demand Self-Service
Rapid Elasticity
Resource Pooling
Outages
Denial of Service
Virtualization Security
Metering
Hypervisor Security
Virtual Networks
Memory Allocation/Wiping
Cloud Network Configuration
Firewalls in the Cloud
Self-Service
Malicious Insiders
Availability and Service Level Agreements
Authentication, Authorization, Accounting
Tenant Credibility
Address the Cloud Security/Privacy Dilemma
SAS-70, SOC 1, and SOC 2 Audits
Cryptography and the Cloud
Encryption Keys and the Cloud
Third-Party Cloud Security Providers
FedRAMP and the Federal Cloud
How to Securely Move to the Cloud
Chapter 3 Before You Decide to Outsource
Security and Privacy Impacts
Secure Communication
Telephones
e-Mail
Mobile/Cell Phones
Smartphones
BlackBerrys
Instant Messenger
Letters and Parcels
Organizational Impacts
Legal Aspects
Personnel Issues
Technical Challenges
Network Address Translation (NAT) Issues
Single Sign-On and Federation (S AML /X ACML)
Backup Technologies
Remote Desktop Support
Trouble Ticket Systems
Business Continuity
Chapter 4 Ready to Outsource
Perfect Outsourcing Company
Doing Your Homework
Understand What Is Offered
Audit Reports
Is Business Transformation Outsourcing the Right Choice?
Ask the Right Questions
Dedicated Resources or Not?
Talking with Existing Clients
What Matters for the Outsourcing Company?
Challenges Outsourcing Companies Face
Which Security ControlsâOurs or Theirs?
Staff Augmentation
Complete Outsourced Operation
Cost Savings
Security Controls
Next StepâClean House
Maturity Level
Alignment of Strategies
Transforming
Outsourcing Preparation
Information Security Policy
Organization of Information Security
External Partiesâ Security
Information Classification Security
Prior to Employment Security
During Employment Security
Termination or Change-of-Employment Security
Secure Areas Security
Equipment Security
Third-Party Service Delivery Management Security
System Planning and Acceptance Security
Protection against Malicious and Mobile Code Security
Information Backup Security
Network Security Management Security
Media-Handling Security
Exchange of Information Security
Electronic Commerce Services Security
Monitoring Security
Business Requirement for Access Control Security
User Access Management Security
User Responsibilities Security
Network Access Control Security
Operating System Access Control Security
Application and Information Access Control Security
Mobile Computing and Teleworking Security
Security Requirements of Information Systems
Correct Processing in Applications Security
Cryptographic Controls Security
Security of System Files
Security in Development and Support Services
Technical Vulnerability Management Security
Reporting Information Security Events and Weaknesses Security
Management of Information Security Incidents and Improvements Security
Information Security Aspects of Business Continuity Management
Compliance with Legal Requirements Security
Information Systems Audit Considerations Security
Outsourcing Security Readiness Assessment
Tactical GoalsâNow or Later?
Strategic ObjectivesâWhen?
Chapter 5 Day One and Beyond
Enabling the Outsourcing Company
Access to Required Information
Documentation
Personnel
Transition Phase
The Stable Years
Security Incidents
Outsourcing Personnel Turnover
Regular Activities
Reporting
Chapter 6 When We Part
How to Prepare
The Contract
Analysis of What Needs to Be Done
Exit Plan
When the Day Comes
Taking Control
Chapter 7 Outsourcing Anecdotes
British Health Records
Transportation Strike in Bangalore
Submarine Cable Cuts
Cloud Outages
T-Mobile: Sidekick in Danger of the Microsoft Cloud
Outages at Amazon Are Sometimes due to âGossipâ
Google Services Impacted by Cloud Outages
Microsoftâs Azure and Hotmail
Salesforce.comâs Cloud Goes Down
CloudFlare DDoS
Background Investigation Lacking
Privacy LawsâNot Here
Can You Hear Me Now? CDMA Limitations
Overlooked
Premature Transformation
Public Instant MessengerâShare the Joy
Index
Foreword
I think that Frank does a great job of discussing outsourcing and his insights for areas to watch out for. He is dead-on with many of his observations, having been working with outsourced environments myself for a number of years. I appreciate his frank observations (pardon the pun!) and direct style in approaching the issuesâin other words, he calls them as he sees them. The information on the different countries, albeit somewhat lengthy, provides a great perspective as to what is going on in the world and why it is so important to know who and what country you are dealing with. I also like the way that he moves into the cloud from outsourcing and shows the similarities. The latter section describing the controls, comments, and questions mapped to ISO27002-type requirements is very good as well. I also like the way that the book finished up with anecdotes to illustrate that these issues are real.
âTodd Fitzgerald
Global Information Security Director
Grant Thornton International, Ltd.
Global Information Security Director
Grant Thornton International, Ltd.
Preface
Since the early 1990s, outsourcing has had a large influence on various industries in the Western world. Outsourcing companies have attracted industry giants such as Ford, GE, and Siemens, just to name a few, with promises of better expertise and significant cost savings. Now approximately 20 years later, not all of those promises have been kept. Organizations have learned their lessonsâoutsourc- ing is not a silver bullet. Some political and economic dynamics have resulted in a shift in how outsourcing is perceived. One of the areas of concern with many outsourcing customers is the level of security and privacy of their data. Now with cloud computing becoming a standard in modern IT environments, the picture has become even fuzzier. Many security experts are raising the flag regarding security and privacy in outsourced cloud environments. This book was written with the intent to help the manager who is challenged with an outsourcing situation, whether preparing for it, living it day to day, or being tasked to safely bring back information systems to the organization. It provides guidance on how to ensure that security and privacy can be achieved during an outsourcing situation. I have worked in the consulting and outsourcing industry for more than 15 years, leading medium- to large-sized security organizations and teams. I learned over the years that many risks can be addressed when there is a much broader understanding of a situation than just the technical aspects.
Many factors can play into the success or failure of an outsourcing initiative. This book provides not only the technical background but also some broad information about outsourcing and its mechanics. Organizations sometimes try to resolve their issues of an expensive, fragmented IT infrastructure by looking into outsourcing. If this is truly a valid strategy, then it is heavily relying on circumstances and individual factors specific to that organization. Yet there are some common pitfalls that should be kept in mind before jumping to the conclusion that outsourcing will provide cost savings and a smootherrunning operation. One critical factor for a smooth-running IT operation is a governance framework, resulting in mature processes, an executable IT strategy, and an IT environment that is maintainable. Most organizations that lack mature processes have to support an IT environment that ranges from Windows to three different UNIX flavors. Those environments are usually not sustainable in the long run, outsourced or not. To ...
Table of contents
- Cover
- Halftitle Page
- Title Page
- Copyright
- Table of Contents