Keywords
Citation
Currall, J. (2011), "Managing Security in Outsourced and Offshored Environments: How to Safeguard Intellectual Assets in a Virtual Business World", Records Management Journal, Vol. 21 No. 1, pp. 78-79. https://doi.org/10.1108/09565691111125134
Publisher
:Emerald Group Publishing Limited
Copyright © 2011, Emerald Group Publishing Limited
There are many good things about BSI “How To” handbooks, in that they are well designed and structured, written with clarity and precision and short, but they have a tendency to be a little dry. This volume written by David Lacey, who is extremely knowledgeable about information technology (IT) and information security, fits that picture exactly. The 11 sections take the reader from a consideration of why one might consider outsourcing some IT‐related activities, and the implications that might have for information security, through a series of logical steps up to the tricky issues surrounding termination of such arrangements and clean exit strategies.
As David indicates, like most things, there is a lifecycle to outsourcing and offshoring and there are a very large range of issues to be considered, that require very careful preparation, negotiation and management. However before any of that takes place clarity in the business benefits and risks is essential and in most cases the arguments will be fairly finely balanced.
So why is all this of great importance currently? The answer is that more and more services in both the personal and business domains are available in “The Cloud”, an environment that releases organizations from the need for so much up‐front investment in hardware, software and specialised IT staff. In the present economic climate you can readily imagine the gleam in the finance director's eyes, at the thought of getting IT on a pay‐as‐you‐go basis, rather than shelling out large amounts of cash up front. After all why not use Gmail or Hotmail, GoogleDocs and myriad other nifty web‐based tools and save money.
If this vision sounds compelling, an hour or two in the company of David Lacey exploring the many issues related to information security under such circumstances will at least put you in mind of the sort of questions that you and your organization should be addressing before you say goodbye to in‐house systems and staff. While most of this slim volume is concerned with a variety of flavours of outsourcing and offshoring (if you do not know the difference you soon will), the final chapter focuses on the security implications of “The Cloud” specifically, and is a very balanced treatment.
This is a volume full of lists and bullets and sound advice but you will need to get your lighter reading elsewhere.