Does IT Outsourcing Pose Security Risks?
Companies thinking about outsourcing IT jobs may want to take a close look at how that will impact security.
That is the message of a new report commissioned by VanDyke Software and carried out by Amplitude Research. In their annual survey of network administrators and IT professionals, researchers discovered that organizations that outsourced tech jobs were more likely to report network intrusions. Sixty-one percent of the 350 respondents whose organizations outsource IT jobs experienced an unauthorized intrusion in the last two years. That number compares with 35 percent of those whose companies don't outsource.
The findings apparently fit in with most of the respondents' attitudes, as 69 percent said they felt outsourcing had a negative impact on security. Of the others, just 9 percent said the impact was positive, while 22 percent said the impact was zero.
"The survey results indicate there is sentiment, as well as initial data, that suggests outsourcing tech jobs offshore is a matter that needs greater scrutiny in the area of network security," Jeff Van Dyke, president and founder of VanDyke Software, said in a statement Sept. 29.
Missing from the survey is any information about what could have caused the disparity in incidents between those that outsource and those that don't -- such as information about the specific intrusions or security practices of those organizations. But if the statistics are to be taken at face value, Van Dyke's point about companies needing to carefully consider the impact outsourcing has on their overall security posture is valid.
Here are some other interesting stats from the report:
- The proportion of organizations reporting unauthorized intrusions of their endpoints, servers or networks within the past two years stood at 42 percent. Among enterprises (companies with 5,000 or more employees) there was a drop in the percentage reporting intrusions compared to 2008 from 56 percent to 41 percent. Businesses of other sizes saw no significant change.
- Forty-nine percent of the respondents in 2009 devoted 25 percent or more of their average work week to monitoring, maintaining or updating their user machines, office network or servers. This compared to 58 percent of respondents in 2008.
- Ninety-five percent have anti-virus installed on their office network -- typically on both servers and user machines. The majority reported propagating virus definitions/signature files across the IT assets automatically.