More

    Top 10 Security Questions to Ask Before Outsourcing Any IT

    With IT organizations looking everywhere to cut costs, one area that gets a lot of attention is outsourcing. But just as there are security concerns with internal IT, so too are there security issues with external IT service providers. Here are 10 tough questions that IT organizations should be asking about their IT service providers.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 1

    Click through for 10 questions you should ask before outsourcing any IT services.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 2

    Additionally, what compliance and security protections are enforced for those locations?  Does the data go to any other entity outside of the vendor? Does it ever leave the country?

    It is the customer's responsibility to dig deeper and demand the same level of intelligence about the security of their new virtual data as if they were doing it themselves.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 3

    If shared, how does the vendor maintain compliance between its customers? How does the vendor maintain isolation and privacy of my data?

    The customer should demand an understanding of the security controls in place protecting their “home away from home” data center and include tightly prescriptive controls around isolation and protection.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 4

    IDS/IPS has been a compliance requirement of PCI-DSS for some time now. Most vendors should be able to fill the check mark in the box for perimeter IDS/IPS technology.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 5

    While the vendor will be primarily concerned with demonstrating cost reduction, the client needs to incorporate and enforce security controls on those end points. Technologies like full-disk encryption, media encryption, device firewalls and anti-malware should no longer be optional.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 6

    Most providers will have SLAs defined, but one must check references, and make the vendor prove out that they deliver on their SLAs. They also should not price gouge if your change requests exceed your monthly quota.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 7

    One must have frequent updates to security policies and protections in order to stay ahead of threats, which is why security is a manageability challenge.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 8

    What is its incident response plan/process?

    No security vendor assumes the risk of a full security breach. They do, however, provide SLAs and other services to mitigate risk. Any outsourcing negotiation should include protocol and definition of who assumes risk in these situations.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 9

    Security response and business process is equally important as the ability to effectively manage security policies.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 10

    An outsourcing vendor should demonstrate that it is plugged in to the broader community and has multiple data feeds for new threats, viruses and other malicious code.

    Top 10 Security Questions to Ask Before Outsourcing Any IT - slide 11

    Vendors naturally try to lock clients in to long-term, five-year-plus engagements. Until that vendor has demonstrated that it treats your data security and protecting your business as mission critical, long-term contracts are higher risk.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles