How do you know if your outsourced IT firm is delivering what you need? As an executive, you may not know enough about IT to be able to tell. And that’s ok. Ask them 3 questions.
Start by telling your IT company, if it is appropriate, that, “Your job / our agreement is solid and not at risk.” You aren’t about to fire them, but you might. Here was last week’s newsletter that talks about signs you may be about to fire your outsourced IT provider: Executives Give Clues Before Firing IT Firms
First, ask them, “Do you have or can you create a comprehensive list of all the applications that our team members need in order to get their work done (not 400 pages long listing all applications on every machine, just 2 pages long that lists all applications alphabetically, no matter where or how many times it is installed)?” Deciding what applications are necessary for business purposes is the first, and important, step to implementing application whitelisting. Application Whitelisting is slowly becoming mainstream and is so important. Learn more here: Stonewall, not Firewall: Use Application Whitelisting
Second, ask, “Knowing there are pros and cons to applying patches and updates, how many days go by before we apply critical security patches from Microsoft, Adobe, Java, etc.?” Sometimes their testing process is not thorough enough, so they compensate by delaying patch deployment. Please see: Recipe to Get Hacked: Keep Doing What You’ve Always Done
Third, “Do any users need to be local administrators on their own computers?” It is essential that no users are local administrators (we are not talking about domain administrators). They may say, “users have to be local administrators or our programs won’t work,” in which case you ask, “what compensating controls do you have in place instead?” For more info, please see IT May Have Your Users Misconfigured! and Adding Security Makes Systems Unusable!
Additionally, here are 3 Secrets about managing outsourced service providers: https://www.fosterinstitute.com/blog/managing-it-pros/
One of the best ways to receive the best value from outsourced IT providers is when you pay them per project: Stop Paying Outsourced IT by the Hour!
You may be the only one that pushes your service provider to such a high level, and that is embarrassing because those three areas are essential these days.
Please post your comments below…