Outsourcing IT Security Expensive Headache or Painful Heartache ? Andrew McTaggart Senior Manager - IT Security & Change Control.
Download ReportTranscript Outsourcing IT Security Expensive Headache or Painful Heartache ? Andrew McTaggart Senior Manager - IT Security & Change Control.
Outsourcing IT Security
Expensive Headache or Painful Heartache ?
Andrew McTaggart Senior Manager - IT Security & Change Control
What is the EBRD?
14 12 10 0 2 4 6 8 94 95 96 97 98 99 • International financial institution est. 1991, owned by 60 national and supranational shareholders • Promotes market-based economies in 27 countries in central & eastern Europe and the former Soviet Union • Committed €16.5 bn for 708 projects to date • Capital base of €20 billion
What are the EBRD’s objectives?
To promote:
Transition to free, market-based economies by supporting private and entrepreneurial initiative A better investment climate Good corporate governance at project, corporate and country levels Environmentally sound and sustainable development
Operational priorities
Continue to support the creation of sound financial sectors Develop small and medium-sized enterprises Promote infrastructure development Demonstrate ways of restructuring large enterprises Take an active approach to equity investment Promote a sound investment climate and stronger institutions
Bank Resources
Available Headcount – 750 Permanent Staff of which 36 are in IT – 450 Consultants, Contractors and Temps Singular Resource - Me Current Activities – IT Security – Business Continuity – Change Control Management
So where do we go
Recruit staff – Available Headcount Do nothing - is this realistic – IT Security is the management and negation of risk within the IT environment Outsource – Tap into external expertise – Consultancy or Service Provision
So why Outsource
• Delivery of service within available headcount • Access to new technology • Access to best practise • Quantifiable cost of IT • Reliable service • Flexible service • Manage risk exposure
How do we Outsource
Tender - strong pressure to be cost driven upon value (up to 80% in some circumstances) Selection against a defined set of criteria which can, and probably will, change due to the length of the process Procurement – The rules that apply to desks and chairs are not applicable for complex IT solutions – We are not buying “Tin” Need to become transparent
What’s been achieved regarding IT Security
• Firewall administration, support and maintenance • Wide Area Network support • Local Area Network support • Server and Desktop support
Experiences - Headache or Heartache
Internal • Security Policy remains Bank’s property • The Bank retains control of all changes • Change Control – 1 hour ‘impact statement’ • Secure Sign off process • Bank’s IT staff can focus on core application/business issues
Experiences - Headache or Heartache
External Monthly reporting on service delivery and network utilization Technical Account Manager – Customer/Support liaison Firewall monitoring and support provided 24 x 7 End to end VPN service support Review process every 6 months
What would I change
In an Ideal World • Flexibility with the delivery of service • Standardisation onto a global At the EBRD As the IT Director says “Life at the EBRD is never dull” and this especially applies within IT
Questions
Contact details: e-mail: [email protected]
Phone: +44 20 7338 6704