India IT Outsourcing=Hacker's Paradise?

[Ed P]

Maybe I’m completely wrong with my topic title, but every recent major hacking scandal seems to have been perpetrated on a company who have outsourced their IT to India. BA is the latest such company and Dixons Carphones massive hack was on their HCL IT processing centre in Bangalaru.

I wish there was a list of companies who have outsourced to the questionable security of an India Outsource. so I could avoid them!

[Dave Rice]

Having worked both in house and then being outsourced your pride in the job is taken away from you. If it’s seen as chargeable, what was routine maintenance is left to moulder. Things like being proactive about disk space running out. Security will usually still be the responsibility of the retained IT but deployed by the outsourcer.

Third parties are brought in to do things like cabling and those third parties will often sub contract, may be many times, until the engineers who turn up don’t give a sh1t about taking things out in working hours etc.

It all becomes about meeting SLAs with fewer and fewer people, because people = cost and costs have to be taken out. It’s often written into the contract that x% of “efficiencies” are to be made cumulatively each year over the life of the contract. Winning bids are usually at less than cost price in the hope of making up the short fall with “project work” i.e. what’s not in the contract.

Bonuses for good work are taken away (except for Senior Management) and  / or the goal posts moved so high or the appraisal process made so onerous that they cannot be achieved. Things like the bottom 10% will be at risk of dismissal are brought in (an American trick which didn’t last long in Europe in the face of tribunals). Pension schemes are cut to the bare minimum. Training course are non existent, apart from D-I-Y online ones. In short they don’t give a fig for employee satisfaction.

I loved my job at the Post Office, it was hard work and involved much travelling but was very satisfying. Working for CSC was soul destroying (although my time on the Aircraft Carrier Project was very enjoyable as I was seconded, not outsourced).

[Richard]

Dave, I can only agree though I was never outsourced as such I can recognise those symptoms of an outfit in terminal decline/forced destruction. In the end I only kept going in because it was so much per year on the pension for every day I was ‘working’. I knew I was close enough to retirement that redundancy would buy most of the time I lost when the chopper fell. Combined with the time and saving in travel costs I felt I was looking at a better bargain.

In the case of BA, it is still not at all clear quite where the problems happened, though the radio reports at lunch time were pretty clear. Rather belatedly they knew all was not well after the problem had existed for a fortnight. The indications were that they knew what software had been used to manage the extraction, its location and possibly its entry route. Outsourcing may well not have been the prime root of their difficulty, hints were dropped that a supplier or other associate might have some hard questions to answer.

I am no fan of dodgy outsourcing, the outsourcer who became very involved with parts of the outfit for whom I worked went bust indicating how well they knew their business. In one case I realised the documentation for some of their kit, (they were a once large scale hardware builder) was plain out wrong, so my area avoided the problems they had ‘supporting’ another business. For some reason I did not explain the error to them, one bit of job satisfaction was briefly retrieved.

[Richard]

Ed, you were very nearly right. According to The Register the problem came about because of some rather dim witted web site design that all owed code to be sucked in from Feedify to satisfy a desire for statistics on an area of the site that should have been secure. No need to guess where Feedify are said to come from. Apparently many other sites have also been jiggered by the same problem that the hosting site have been unable to stamp out, perhaps their customers should become ex-customers with all haste. Only secure applications code should deal with security requiring transactions, external code from outside parties does not appear to cut the 2018 mustard.

[Wheels-Of-Fire]

It makes you wonder what there is left of a “Company” these days. If the actual work is subbed out and the management direction is decided by consultants then you end up with little more than a brand name. There will still be a CEO but by their own admission they don’t think they need to know anything about a company in order to run it.

[Ed P]

Lloyds Banking Group another outsourcer — no comment! link

[Author]

Posts