I worked for a small business that started doing crap like that. The lead programmer brought in his own laptop to work on, instead of the crappy machines the boss had laying around. Then *I* brought in my own laptop to work on (which, while orders of magnitude crappier than the lead programmer's laptop, was orders of magnitude better than the crappy desktop the boss had allocated for me). My productivity immediately doubled (larger screen, faster processor, and more RAM help immensely when you spend your day mangling delimited data files).

Fast forward to several months later. Of the six employees in the company (including the boss), three of us were bringing in our own laptops. The boss, the lead programmer, and myself. Out of nowhere, we get an e-mail from the boss saying: "Due to a client's security concerns, employees are no longer allowed to bring in personal laptops. Except [the lead programmer], because he needs it." (He also banned iPods, a policy which only affected the other peon employee.) Never mind that we were still allowed to connect remotely from home with full access to the entire network.

That's fine and all, if a client really did request it... but I asked the lead programmer about it, because he was in the meeting during which this policy was supposedly decided upon. He claimed it was never discussed, and he had no idea where it had come from.

I sent an e-mail to the boss about it, telling him that because switching to my personal laptop had increased my productivity dramatically, prohibiting me from using it would result in a corresponding decrease in productivity that would be quite beyond my control. He didn't seem to care. I never did figure out why he enacted that policy.

Does it cost less than the loss of the IP, in case the outsourced staff is crooked?

Another case of ignoring "risk" when assessing cost.

Seriously? You're saying: "I'm quite happy with whatever you decide" on something core to the business?! So whoever they hire (and let's not forget the idea is to get this as cheaply as possible) is perfectly "OK"?

I worry about this nonsense. I'd want to meet the person, get to know them, make sure they were treated fairly. Before anyone thinks this is a race issue, it isn't - I'm don't care about the colour of their skin, their gender or what what they believe in. I just want someone who seems trustworthy, and someone I know can talk to me if they have a problem. So yes, I want them to come into my office. I want them to be happy. No I don't want to stand behind them watching their every move - I want to trust them.

Whether it's an "insider" who works for your agency or an outside contractor, it doesn't matter: either way you have to trust somebody.

The only solution that makes sense is an audit trail that records file transfers and can't itself be modified - which is a real bitchkitty to implement. Does anybody know of any decent products that cover both servers and workstations?

I wouldn't worry about it. I have this and I work for IBM :)

For example, a recent server we bought internally went up the chain for approval, fell at the last hurdle, back down a different chain to someone else, back across to our team, then back up the approval chain again.

When we got the hardware, no-one had factored in software licenses, so we went through the whole process again while the hardware gathered dust.

We now have an 8 core, 32GB RAM machine simply doling out compile jobs, rather than the original task it was intended for.

Gotta love IBM.

Yes, because they are regulated industries and professions, they are well understood (we've been doing banks and pharmacies for many decades), we've worked most of the kinks out. IT/computers/etc. on the other hand is still in it's infancy (and may always remain so due to the rate of change). We're making it up as we go.

Knife crimes are reported sensationally in England but it's false that knife crimes are increasing dramatically -- see here [guardian.co.uk] for example. Knife crime has remained relatively stable over the past decade, most recently actually dropping by 15.7%. Maybe you're confusing knives with umbrellas?

The reason that I don't steal from my employer is not that I could be punished.

It's because I don't steal. Or, rather, because theft is dishonest and wrong.

You don't outsource to a random idiot -- that's step one. Welcome to referrals. Ask a friend, or a competitor, whom they've used. At least that way, if the IT guy screws you over, he loses more than just you.

Second, hopefully you have NDAs with your clients. Those NDAs undoubtedly say that you have to have an equivalent NDA with your contractors. So make your IT guy sign an NDA.

Third, "stand behind and watch him"? Are you nuts? Not only are you not going to actually do that, but if you did, are you going to read every command? Are you going to understand them? You can watch a magician, or other slight-of-hand artist as much as you want -- most of them depend on your trying to pay attention.

You sir, are a diamond in the many roughs.
Outsourcing is expensive and highly over-rated, I have seen it many times, once you sign the service agreement you are generally lucky to hear from your provider on a regular basis unless you hound them. They never make the extra effort and are not accountable for their actions.
$250k average for a years service agreement for two sites and they only work for you on average 10 hours a week when they need to fix something that generally they broke by sending out 'the new guy'. For these costs you could hire a top level admin for $120 and a decent 50k helpdesk member at each site to work a total of 120 hours for you non-stop.
Outsourcing is a rediculous practice that should be avoided at all costs

Really? If you could steal with absolutely no chance of ever being caught, and no-one being hurt by your actions, you wouldn't do it because of your moral stance?

I never did figure out why he enacted that policy.

He enacted that policy because it probably dawned on him that he had no way to enforce whatever the company has in its Acceptable Use Policy (assuming there was one) because they don't own it.

I'm dealing with this issue where I work: Some of our engineers have decided that they can't live without their Macs, so they use the ones they own at work, bootlegging copies of Windows XP, Office, etc. to run under Parallels. Their managers turn a blind eye to it, because it "saves the company money", but it creates a potential liability for the company: We can't enforce the company's AUP, which states in part that we do not condone copyright infringement in the workplace, because it's not our hardware.

I had one remote engineer complain to me about his laptop crashing... and then he mentioned that he'd wiped the hard drive and installed Windows 7 RC. WTF?!? Who uses a beta OS for production use? Fucking idiot.

I don't care anymore - everyone shits on MIS, especially the technical employees, who all secretly (or sometimes not so secretly) think that they can do it better... except that they're too busy, of course. And these same people are the ones that act as though the company's Internet access exists for their personal entertainment, and whose computers end up infected with all the latest malware because they absolutely *have* to be local Administrator equivalent full-time on "their" laptop (something that none of us in MIS here do anymore, by the way, and haven't for years), and disable or uninstall the corporate antivirus software... and a few of them have asked for Domain Administrator rights... no fucking way. And they won't backup even their work data, despite the fact that they've been given the means to do so easily, and if they want, we'll issue them an external USB hard drive so that they can do it at their convenience.

One lawyer decided that he didn't want to wait for the automatic data sync that takes place for laptop users after logging in when connected at the office, and unbeknownst to us, took it upon himself to move his documents folder... hard drive died, and the backups on the network were over 6 months old. The backups of all of his current work documents relating to pending litigation, etc., which represents literally millions of dollars to the company? All more than 6 months old, and useless. Why, the backup must have stopped working, he said... Bullshit - that's why God made logs, and why we keep them. I cheerfully pulled them for the past 6 months, and proved that the backup was working, but that no current documents were getting backed up because there were none to back up... and after we got the USB hard drive with his recovered data back from the data recovery company (and almost $3K later)? There was his data folder, right where he'd made it, off the root of the drive - imagine that. Vindicated, I gathered up all of the evidence, emailed it to my boss, and let him handle it.

And I guess the end of this little rant is this: You know, you might well be smarter than me, better than me, etc., etc., ad nauseum. Good for you! But, I'm damned good at my job, and take pride in doing it to the best of my ability, even after 20+ years, and knowing that so many of you think that I'm incompetent, stupid, ignorant or all three, and believe that you're special and don't have to abide by the company's rules.

And if that sounds more than a little bitter and antagonistic - well, it is: At my company we run MIS as a service to the users and the company, and do our best to keep everything working well and available to everyone, working long, unpaid hours sometimes to do so, responding to pages 24/7, because we know how important the network is to everyone, and that it's our job to keep it running and available. We keep "hot spare" computers, at least one for each model in use, so that we can minimize downtime if someone's breaks, handling the repair after getting them back up

Outsourcing isn't always in India. The true and proper term for that is generally off-shoring. Outsourcing simply means outside the company and I am guessing that this outsourcing isn't the kind that goes to India, based on the scale of the outsourcing and the way it was presented in the summary.

-----

I think that outsourcing should be fine because even if you hire your own people they can probably steal the information just as easily and then you don't even have a company to sue, only a person(with far less ability to pay any judgment). Also, I doubt that a network engineer in a firm offering these services has the time to look through all of your shit, find important stuff to steal and find a willing buyer.

If you have some sort of secret formula that can be copied and pasted and is then instantly useful then I would change my statements. Generally its hard to steal something and start a directly competing business unless your business if founded on some sort of extremely simple proprietary knowledge.

Seriously - if you're really concerned about the integrity of one company, hire a second as an auditor. They could both share access to the system, keep their own logs/records, etc, and you can be sure they'll look for bad things the other guys have done. Or you could give them complementary responsibilities: let one run the servers, another runs the network (with logging functions.) Checks and balances.

Am I being facetious? Partly. Obviously this is greater expense and reduced efficiency. But if you need to hire someone outside to begin with, what makes you think you can audit someone based on internal talent? And if you cost out this solution and show it to people, they will quickly and quantitatively understand the cost of distrust, and will be able to make a quick decision.

there is only one real flaw in the slashdot filter by score. it is that this clown is still visible as a -1. I am going to just throw a random comment about adding keyword screening and leave it at that.

Do you trust your accountant to not embezzle from you? Do you trust the rest of your staff to not slack off every time you turn your back?

Here's the thing. If I own a company, I trust my accountant not to embezzle from me and the rest of my staff not to slack off every time I turn my back because I sign their paycheck. I'm paying them good money to act in my company's best interest. Does it work 100% of the time? Obviously, no, because sometimes accountants do embezzle from companies.

However, if I outsource such functions, suddenly, I'm trusting someone who is ethically and financially beholden to someone else with the keys to my kingdom. Ideally, my company's interest and my outsource partner's interest are aligned, and everyone is happy. Many times, this is the case. However, if there ever is a conflict in interest, it is altogether reasonable to expect the employee to not act in your interest, but the person's who signs his paycheck. That's what I would expect from my own employees, and it's what I expect of outsourced employees.

Here's a concrete example. My company has already outsourced all of its first-level and second-level support to a help desk service provider. It worked well enough that now, it is considering outsourcing all of our third-level server support (i.e. the guys with the root passwords to all of the systems) and possibly even our architecture and engineering teams. Personally, I think that this is asking for trouble.

Why? Because with us on my company's payroll, it is in our employer's best interest to have the environment in peak working order. We respond to issues as quickly as possible, and we do extra work to make sure everything is in tip-top shape. If we get outsourced, however, suddenly the equation changes. Now, it is is our employer's (the outsource company's) best interest to have the environment working only just well enough to not lose the contract. If we have all problems solved within, say, 50% of our contractual service level agreement, that's a pretty good clue that our staff can be cut by 50% and still meet our service level agreements. It's in our best interest to solve every problem right at the last second. If the company we're working at doesn't like it, well, they'll have to negotiate faster service level agreements, and of course, that's something my employer can charge a lot of extra money for.

Extra work to make sure everything is working great? Hah! If anything, we should be working to make sure everything isn't working so great, but again, just barely come under our contractual agreement. The worse the company we're supporting is hurting (while we're still meeting our legal obligations), the more they'll have to spend on additional services and support.

Laughably, our server environment is a mixed-vendor environment, and the company they're probably going to outsource to is one of the two main hardware vendors we use. Of course, they're negotiating supporting both hardware platforms. Now let's say that the service level agreement to have a down server is four hours. If it's hardware vendor A's server (and I'm working for hardware vendor A as a contractor), I'll jump right on it. If it's hardware vendor B's server, even if it's just a minor little configuration tweak, I'm going to wait until three hours and fifty-nine minutes to get it back up and running. Six months later, when the higher-ups are talking to each other, hardware vendor A (who I'm working for) goes in and tells my former employer how much better vendor A's servers are to support than vendor B's, and how my former employer needs to dump vendor B's server and use vendor A as their exclusive hardware provider, even though in reality, it's entirely possible that vendor B clearly has the better hardware.

I could go on, but hopefully I've made my point. I honestly think our management either hasn't thought of these types of issues, or they just don't care, and they're hoping to

Well said.

You're a pharma startup. $big_global_pharma_corp steals your research.

Good luck suing. By the time you might get close to getting a positive verdict, your company has been in chapter 7 for long enough that it doesn't exist anymore.

This is the difficulty with large companies. Everyone is treated as a "resource" where their availability and work load is fully quantified and estimated several months out. If someone looks under-utilized, they are either assigned secondary responsibilities or made redundant and let go or shifted elsewhere.

So every project has an estimate. Every estimate is padded so that we are sure to meet our goal of being correct within +/- 15%. That is, no one cares how long it takes but if you take longer than you SAID, you're costing the company money. Then they look at the worksheets (undoubtedly the one management type who knows a little about Excel made a template for you to put numbers in). Juggle a bit, rearrange, justify, have some new numbers, and provide an estimate to the client.

Now, instead of using "agile" methods and getting something done as soon as possible or for as little cost as possible, you have all of the planning and overhead that it takes to get an estimate, and engineers sitting around waiting for approvals and also sitting around waiting to announce completion in order to be close to their estimate. Then you're slightly under due to some other team, so next time you estimate higher. You could do it in under 4 hours, but you know you'll have to wait for security clearance (1 week), maybe for the servers to be built (one week), time to get something officially reviewed by some gate (1 week), lots of other things. Bill time for everyone involved and suddenly the costs are through the roof.

If a company quantifies everything about its operations, it's spending too much time in overhead and not enough time actually working. I'm seeing it right now at a fortune 50 company - we fire all of the people who do work, double up work on the remaining people, and the overhead gets more burdonsome because everyone wants to have good numbers. So I have to track everything I do, every minute of every day, regardless of whether my activity is internal or client-billable.

Large companies intent on outsourcing are quite possibly the worst idea ever. Small companies dedicated to a single operation are a much better idea, because people are on the same page as far as what is expected and how long things should take and what the policies are. And there are fewer levels of management to request charts and graphs and such. I actually worked for several years thinking Dilbert was exaggerating things a bit, but I recently saw the light. Go with a small, dedicated company - not a behemoth jack-of-all-trades master-of-none.