« Achieving unified control, visibility, and compliance for SaaS applications | Main | Open Group Enterprise Security Architecture »


Marcus Ranum

Gunnar: "the threat to deal with is not external, its internal ignorance"

Exactly. This problem manifests itself when you take your car to a mechanic, if you know nothing about cars. Usually, you'll get an honest mechanic who'll fix your car. Occasionally, you'll get something expensive replaced. Rarely (but significantly) you'll get a new framisticator for your haydiddlediddle. When talking outsourcing, I hear talk of these things called "service level agreements" but the problem is if you don't know what the service is, how can you verify if it's reaching the appropriate level. And, if you do know, why not do it yourself?

The moral is that you actually have to understand your IT problems at least as well as your outsourcer or cloud provider, in order to reasonably assess whether the service you're getting is worth what you're paying for it.

The comments to this entry are closed.