Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud

Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud

by Frank Siepmann

Hardcover

$72.95
Eligible for FREE SHIPPING
  • Want it by Wednesday, October 24?   Order by 12:00 PM Eastern and choose Expedited Shipping at checkout.

Overview

Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud by Frank Siepmann

With cloud computing quickly becoming a standard in today's IT environments, many security experts are raising concerns regarding security and privacy in outsourced cloud environments-requiring a change in how we evaluate risk and protect information, processes, and people.

Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud explains how to address the security risks that can arise from outsourcing or adopting cloud technology. Providing you with an understanding of the fundamentals, it supplies authoritative guidance and examples on how to tailor the right risk approach for your organization.

Covering onshore, offshore, and cloud services, it provides concrete examples and illustrative case studies that describe the specifics of what to do and what not to do across a variety of implementation scenarios. This book will be especially helpful to managers challenged with an outsourcing situation-whether preparing for it, living it day to day, or being tasked to safely bring back information systems to the organization.

Many factors can play into the success or failure of an outsourcing initiative. This book not only provides the technical background required, but also the practical information about outsourcing and its mechanics.

By describing and analyzing outsourcing industry processes and technologies, along with their security and privacy impacts, this book provides the fundamental understanding and guidance you need to keep your information, processes, and people secure when IT services are outsourced.

Product Details

ISBN-13: 9781439879092
Publisher: Taylor & Francis
Publication date: 12/11/2013
Pages: 244
Product dimensions: 6.90(w) x 9.40(h) x 0.80(d)

About the Author

Frank Siepmann is a Security Executive with over 29 years of IT experience. In 1996 he started focusing on IT Security. Mr. Siepmann has been leading security organizations and programs with globally dispersed teams and has been known to challenge the status quo by creating new value propositions. He has spent over 7 years of his career at leading Big-4 consulting companies in executive or senior management roles. During this time and after it he had the opportunity to work with many Fortune 100 companies.

Some of Mr. Siepmann's roles have included Director of Information Security for a $4B business unit, Security Executive (CISO) for the largest outsourcing deal of a Big-4 consulting company and Security Architect for the cloud initiative of a Fortune 10 financial institution. In 2008 he established his own security consulting company, 1SSA, with a focus on providing services to U.S. government entities and commercial companies globally. He has presented at International Security Conferences and has published throughout his whole career.

Table of Contents

Outsourcing
History of Outsourcing
The Early Days of Outsourcing
Current State
Delivery Models
Onshoring
Nearshoring
Offshoring
Outsourcing Types
Technology Outsourcing
Business Transformation Outsourcing
Business Process Outsourcing
Knowledge Process Outsourcing
The Internals of Outsourcing
The Phases
Typical Financial Outsourcing Model
Geographical Regions
The Top Outsourcing Countries
India
Indonesia
Estonia
Singapore
China
Bulgaria
Philippines
Thailand
Lithuania
Malaysia
Outsourcing Personnel
Consulting Personnel
Former Employees of Clients
Internal Resources
Third-Party Personnel
Hired Personnel
Teams
Salaries
Growth Strategies

The Cloud
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Private Cloud
Community Cloud
Public Cloud
Hybrid Clouds
What the Cloud Is and Is Not
Beyond the Cloud
Virtual Private Cloud
Standardization between CSPs
Compliance in the Cloud
Security and Privacy Issues with Cloud Computing
Scalability versus Elasticity
On-Demand Self-Service
Rapid Elasticity
Resource Pooling
Outages
Denial of Service
Virtualization Security
Metering
Hypervisor Security
Virtual Networks
Memory Allocation/Wiping
Cloud Network Configuration
Firewalls in the Cloud
Self-Service
Malicious Insiders
Availability and Service Level Agreements
Authentication, Authorization, Accounting
Tenant Credibility
Address the Cloud Security/Privacy Dilemma
SAS-70, SOC 1, and SOC 2 Audits
Cryptography and the Cloud
Encryption Keys and the Cloud
Third-Party Cloud Security Providers
FedRAMP and the Federal Cloud
How to Securely Move to the Cloud

Before You Decide to Outsource
Security and Privacy Impacts
Secure Communication
Telephone
e-Mail
Mobile/Cell Phones
Smartphone
BlackBerry
Instant Messenger
Letter and Parcels
Organizational Impacts
Legal Aspects
Personnel Issues
Technical Challenges
Network Address Translation (NAT) Issues
Single Sign-On and Federation (SAML/XACML)
Backup Technologies
Remote Desktop Support
Trouble Ticket Systems
Business Continuity

Ready to Outsource
The Perfect Outsourcing Company
Doing Your Homework
Understand What Is Offered
Audit Reports
Is BTO the Right Choice?
Ask the Right Questions
Dedicated Resources or Not?
Talking with Existing Clients
What Matters for the Outsourcing Company?
Challenges Outsourcing Companies Face
Which Security Controls—Ours or Theirs?
Staff Augmentation
Complete Outsourced Operation
Cost Savings
Security Controls
Next Step—Clean House
Maturity Level
Alignment of IT and Security Strategy
Gap Analysis
Outsourcing Preparation
Information Security Policy
Organization of Information Security
External Parties’ Security
Information Classification Security
Prior to Employment Security
During Employment Security
Termination or Change-of-Employment Security
Outsourcing Security Readiness Assessment
Tactical Goals—Now or Later?
Strategic Objectives—When?

Day One and Beyond
Enabling the Outsourcer
Access to Required Information
Documentation
Personnel
Transition Phase
The Stable Years
Security Incidents
Outsourcing Personnel Turnover
Regular Activities
Reporting

When We Part
How to Prepare
The Contract
Analysis of What Needs to Be Done
The Exit Plan
When the Day Comes
Taking Control

Outsourcing Anecdotes
British Health Records
Transportation Strike in Bangalore
Submarine Cable Cuts
Cloud Outages
T-Mobile: Sidekick in Danger of the Microsoft Cloud
Outages at Amazon Are Sometimes Due to "Gossip"
Google Services Impacted by Cloud Outages
Microsoft’s Azure and Hotmail
Salesforce.com’s Cloud Goes Down
CloudFlare DDoS
Background Investigation Lacking
Privacy Laws—Not Here
Can You Hear Me Now? CDMA Limitations
Overlooked
Transformation Successful—Patient Dead
Public Instant Messenger—Share the Joy

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews