IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« Apied knowledge [No more puns or else - ed] | Main | Ready, set, patch »

You get what you pay for

There's an old saying – pay peanuts, get monkeys.

While the accountants can applaud outsourcing staff jobs to India from a security standpoint it's a really bad idea. They may be able to halve staffing costs but that's going to be little help if staff are far easier to corrupt.

In a country where salaries are low it not only takes very little to pay them a living wage but it's also cheaper to bribe them. Already call centre staff are being bribed for peanuts, reaping big profits for crooks.

There's another point. If you can see your own staff you can tell if someone's behaving funnily, if they look suspicious. It's unlikely that an outsourcer will have this kind of close relationship with his staff, and even if he does why should he investigate security. As long as the invoices keep coming he's happy and to rock the boat for security's sake makes non sense.

October 11, 2005 | Permalink


TrackBack URL for this entry:

Listed below are links to weblogs that reference You get what you pay for:


Just to address your second point, any company that need to survive in long term has to develop and maintain its brand. So, this argument is that they would not invest in security seems to be very foolish.

Posted by: Shekhar Jha | 11 Oct 2005 18:47:20

Post a comment