Outsourcing IT Security Expensive Headache or Painful Heartache ? Andrew McTaggart Senior Manager -...
-
Upload
darcy-rogers -
Category
Documents
-
view
215 -
download
0
Transcript of Outsourcing IT Security Expensive Headache or Painful Heartache ? Andrew McTaggart Senior Manager -...
Outsourcing IT SecurityOutsourcing IT SecurityExpensive Headache or Painful Heartache ?Expensive Headache or Painful Heartache ?
Andrew McTaggartAndrew McTaggartSenior Manager - IT Security & Change ControlSenior Manager - IT Security & Change Control
What is the EBRD?What is the EBRD?
0
2
4
6
8
10
12
14
94 95 96 97 98 99
• International financial institution est. 1991,
owned by 60 national and supranational shareholders
• Promotes market-based economies in 27 countries in central & eastern Europe and the former Soviet Union
• Committed €16.5 bn for 708 projects to date
• Capital base of €20 billion
What are the EBRD’s objectives?What are the EBRD’s objectives?
To promote:To promote:
Transition to free, market-based economies by supporting private and entrepreneurial initiative
A better investment climate
Good corporate governance at project, corporate and country levels
Environmentally sound and sustainable development
Operational prioritiesOperational priorities Continue to support the creation of sound financial sectors
Develop small and medium-sized enterprises
Promote infrastructure development
Demonstrate ways of restructuring large enterprises
Take an active approach to equity investment
Promote a sound investment climate and stronger institutions
Bank ResourcesBank Resources
Available Headcount
– 750 Permanent Staff of which 36 are in IT
– 450 Consultants, Contractors and Temps
Singular Resource - Me
Current Activities
– IT Security
– Business Continuity
– Change Control Management
So where do we goSo where do we go
Recruit staffRecruit staff
– Available Headcount
Do nothing - is this realisticDo nothing - is this realistic
– IT Security is the management and negation of risk within the IT environment
Outsource - Outsource -
– Tap into external expertise
– Consultancy or Service Provision
So why OutsourceSo why Outsource
• Delivery of service within available headcount
• Access to new technology
• Access to best practise
• Quantifiable cost of IT
• Reliable service
• Flexible service
• Manage risk exposure
How do we OutsourceHow do we Outsource
Tender - strong pressure to be cost driven upon value (up to 80% in some circumstances)
Selection against a defined set of criteria which can, and probably will, change due to the length of the process
Procurement
– The rules that apply to desks and chairs are not applicable for complex IT solutions
– We are not buying “Tin”
Need to become transparent
What’s been achieved regarding IT SecurityWhat’s been achieved regarding IT Security
• Firewall administration, support and maintenance
• Wide Area Network support
• Local Area Network support
• Server and Desktop support
Experiences - Headache or HeartacheExperiences - Headache or Heartache
Internal
• Security Policy remains Bank’s property
• The Bank retains control of all changes
• Change Control – 1 hour ‘impact statement’
• Secure Sign off process
• Bank’s IT staff can focus on core application/business issues
Experiences - Headache or HeartacheExperiences - Headache or Heartache
External
Monthly reporting on service delivery and network utilization
Technical Account Manager – Customer/Support liaison
Firewall monitoring and support provided 24 x 7
End to end VPN service support
Review process every 6 months
What would I changeWhat would I change
In an Ideal World
• Flexibility with the delivery of service
• Standardisation onto a global
At the EBRD
As the IT Director says
“Life at the EBRD is never dull” and this especially applies within IT