MAN 5901 Assignment: IT Security, Outsourcing, and Strategy

Verified

Added on 2022/12/16

AI Summary

This report addresses several key IT challenges in management, fulfilling the requirements of a MAN 5901 assignment. It begins by comparing the IT security policies of Amazon, Apple, and Google, evaluating their strengths and weaknesses. The report then delves into the concept of outsourcing, discussing its benefits and the issues management must consider, particularly concerning control, compatibility, and potential loss of productivity. The report also examines the use of Porter's five forces model and SWOT analysis for IS strategic planning and competitive analysis. Furthermore, it explores the purpose of enterprise systems and their value to organizations, providing case examples to support the discussion. Ethical issues in crowdsourcing are also examined.

Running head: IT CHALLENGES IN MANAGEMENT
IT challenges in management
Name of Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IT CHALLENGES IN MANAGEMENT
Response to question 1.
To discuss the IT security policies, the three companies taken into consideration are
Amazon, Apple and Google.
Amazon IT security policies: Amazon provides various services in the market. Amazon
which is widely known for its online store has also diversified into TV and entertainment.
Amazon’s web service is a scalable platform, which is highly dependable and available and
provides necessary tools for customers to use and run numerous applications. The security
policy aids in gaining customer trust and support, integrity and protect confidentiality (Narula
& Jain 2015, February). The Amazon Web Services is a cloud computing platform. Security
in cloud computing is different from general security at data centers. Amazon web services
hold responsibility of securing underlying infrastructure which provides support to the cloud
(AWS, 2019). The user is responsible for uploads they do on the cloud. This shared security
reduces operational burden and enhances the security postures. Amazon web services does
not provide configuration for user accounts, SSL/TLS data transfer and credentials, it is
completely on the user (AWS, 2019). The AWS holds the huge responsibility for ensuring
protection of the global infrastructure which runs every single application and services
offered by the company. The AWS is accountable for security configuration of the products
the company sells and manages. The services include Amazon RDS, Amazon WorkSpaces,
Amazon DynaamoDB and Amazon Redshift to name a few. AWS for the services provides
security tasks such as guest OS (operating system), firewall configuration, database patching
and disaster recovery (Wittig & Wittig, 2015). AWS allows provisions for virtual servers and
databases in less amount of time. AWS provides flexible management services like AWS
Key Management Service (KMS) which gives the customers the allowance to chose from self

2IT CHALLENGES IN MANAGEMENT
control of the keys or let encryption keys be managed by AWS. The global infrastructure
model provides provision for numerous computing resources like storage and processing
(Amazon, 2019). The facilities included are network, hardware and the operational software.
The model is designed with the advance models and compliance standards. The security
policy enables the customer to completely understand robust controls to secure data in cloud.
The governance concentrated audit compatible services aid the customers to easily operate
and establish in AWS ambience (Jakimoski, 2016). The company does not disclose
information about customers and if it is need, legally it is done. The security assurance
scheme developed by the company helps the users to operate securely in the AWS. These are
the major strengths of the policy. The policies are constantly updated and reviewed (Amazon,
2019). The weakness being that Amazon needs to enhance their network security to preserve
and protect customer’s right. The model can be improvised to improve the protection of
sensible data and customer information.
Google IT policy: Google technologies use various cloud computing arenas like Gmail,
Google Docs, Google Calendar, Google Cloud Storage to name a few, provides easy and
familiar use of the products for business (Google, 2019). Google provides security services at
multiple levels of storage, transfer and access of data. Google maintains their server
worldwide and personal information of users are processed. Google provides similar
protection and security of data irrespective of the country it is in (Chen, Oshiba & Chiong
2016). Data is encrypted and information is not shared without consent of the user. Google
provides two step verification processes for all its services to ensure tight security and
security breaches. Google’s policy is to log administrative access to every Google production
system and data. These logs are reviewable by Google Security staff on an as-needed basis
periodically. Google’s security policy does not apply to third-party sites if they have their
own different privacy and security policies. This is a weakness in the IT security policy of

3IT CHALLENGES IN MANAGEMENT
Google. Google has a security team that works constantly on network security, global
security which is in sync with Google’s hardware model. Google monitors any suspicious
activities over the network channels and it follows response process to analyze, recognize and
remediate information on security threats. Google has controls and practices to protect the
security of customer information. Google applications run in a multi-tenant, distributed
environment so rather than segregating each customer’s data onto a single machine or set of
machines, Google consumer and business customer data is distributed among a shared
infrastructure composed of Google’s many homogeneous machines (Google, 2019). The
security policies of Google cover a wide range of security related topics that ranges from
general policies that every employee should comply with like account, data, physical
security, along with additional specialized policies covering internal applications and systems
that employees are asked and are required to follow (Andersson & Pettersson 2015). The
security policies are periodically reviewed and updated. Employees receive regular security
training on security topics like on safe use of the Internet, working from remote places safely,
and how to handle sensitive data. Additional training is periodically provided on policy topics
of interest, which includes areas of upcoming technologies, such as the shielded and
protected use of social and mobile technologies. Google has Global Compliance function in
the policy. The function is responsible for regulatory and legal compliances. Another
function the Global Internal Audit function of the Google holds responsibility of reviewing
and auditing as per the said compliance requirements (Google, 2019). Weakness lies in the
privacy policy as the company takes consent before drawing user information like location of
the user, photos and videos to make search easier, but the process is morally unethical. Other
than that Google has a strong policy for IT services and security.
Apple IT security policy: Apple collects private information about users to better its service.
Apple may share the collected information with its affiliates and makes sure that it does not

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IT CHALLENGES IN MANAGEMENT
breach the security and privacy policy. The information collected are sometimes combined
with additional information to improve products, services and content (Apple, 2019). The
user has the right to decide whether he or she wants to provide personal information. When
the user shares apple product or content with other members of the family, the information
provided about them is stored to fulfill requests and provide relevant services. Apple also
asks for government issued ID proofs to set up features in limited situations. Apple provides
its users to opt out of their services anytime they please. The policy dictates to limit the
usage of data for any kind of anti-fraud situation to cases that are strictly needed and within
the company’s legitimate interest to protect their services and customers (Apple, 2019). This
is strong policy as it helps it to cater to its customer and also provides the user to decide on
the data they want to produce. Few of apple services use cookies, web beacons and pixels.
These are used by apple to understand its users in a better way. IP addresses are considered as
personal information by Apple. Apple platform enables users to choose the ads they want to
see and disable when required. Apple sometime provides personal information to third party
to improve their services and products (Apple, 2019). Apple does not share personal
information to third parties for marketing purposes. Apple uses Transport Layer Security to
encrypt data. Apple does not use profiling which can affect customers. To provide location
based services, may use GPS and IP Address, crowd sourced Wifi, cell tower locations to
determine the location. Consent is taken before the action is performed. To ensure security of
personal information, the privacy and security guidelines are communicated to the employees
of the company to strictly enforce safeguards in the organization. Software and hardware of
the system is so designed to secure core components of iOS device. The architecture is
central to iOS security and never ever gets in the path of device usability. Apple uses Data
Protection to provide protection of data in the flash memory of the device. Apple allows
secure payment by Secure Enclave which gives permission for payment only after it receives

5IT CHALLENGES IN MANAGEMENT
authorization from Secure Enclave. Apple internet security has a two factor authentication
process to provide extra layer of security. This gives the account owner to solely access the
account even if someone knows the password. These are strong aspects of the security policy
of the company. The weakness lies in the third party access of data from the devices and its
affiliates.
Response to Question 2:
Outsourcing involves a third party activity to serve a job function. Outsourcing of system
service involves preventive failure maintenance and monitoring key infrastructure working
such as web services, data recovery, information security and network services, disaster
recovery and also QA testing. Organizations outsource onshore, near shore or offshore ( to a
distant country). Offshore outsourcing has been mostly pursued to save company costs.
Outsourcing has numerous benefits yet there are issues the management needs to consider
when outsourcing services or IT services (Clemons & Banattar 2018, January). Major
benefits of outsourcing services are low labor costs, high productivity and efficiency at work,
variable capacity, flexibility to easily meet business changes and lower investment in intrinsic
infrastructure (Montaseb, 2018). Information technology outsourcing is a part of Business
process outsourcing (BPO).
The issues to be considered by management before outsourcing are mainly,- turnaround time
maybe slow, difference in time zone, cultural and language barriers and losing managerial
and operational control to mention a few. Outsourcing can lead to loss of productivity. In
case of system failure or server crashes, there can a huge loss in the productivity. It is seen

6IT CHALLENGES IN MANAGEMENT
that sometimes it takes days to get the problem resolved by an IT service person. This can
greatly impact enterprise by costing hundred thousands of dollars in revenue loss. Time and
material is another issue of outsourcing services (Jain Palvia & Palvia, 2017).
The prominent major issue faced by the management in outsourcing services and outsourcing
IT services is the lack of control (Wasilewski, 2019, April). Once the control moves to a
different hand, the top management loses control of the company offshore. The management
need to trusts third party and rely on the expertise of the third party, the resources available
and services provided by them. Though the management can provide directions and guidance
regarding the goals and the direction the company is moving but certain controls are
compromised. The reason for this is that contractors are hired instead of employees. Since
work happens off site it becomes hard for the management to control every aspect of the
organization. The major issue here is that if the company is not satisfied with the working of
the third party, the management needs to start all over again from ground work (Khan &
Khan 2017). The management needs coordination with the third party vendor or any other
vendor. The management loses control over operational activities and deliverables that the
company outsources. The company also needs to make adjustments in accordance to the law
of the country the company is setting its operational unit. There can be mismanagement is the
company offshore and the company finds it difficult to resolve such conflicts as it can also
cause damage to business and production. The management also suffers from poor quality of
work if the provider provides inexperienced workers or inappropriate processes to conduct
business. Compatibility issues also arise if the organization keeps certain IT services on
shore and outsources a portion of the overall IT pie (Thatcher, & Evia, 2017). Managing the
fragmented It services becomes difficult and sometimes the off shore services and devices
may not be compatible with the onshore services and devices.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IT CHALLENGES IN MANAGEMENT
There can also be concerns in goals of the business and IT goals. The third party vendors do
not have the understanding of the day-to-day working of the organization’s business. There
can be a sheer lack of coordination when the business goals and IT goals are concerned. The
vendor understands the IT part of the work and the general business model, but the vendors
do not work directly with the customers, which causes deficiency in coordination (Gantman,
2017).
Security is another major challenge in case of outsourcing services or IT services. The
management runs the risk of suffering from loss of sensitive data and confidentiality issues
(Murthy, Karim, & Ahmadi, 2015). In recent times most companies use cloud computing to
get the business done. Services of cloud computing mostly involve sharing and exchange of
data on the cloud with the third party vendors. Sharing and exchanging data over the cloud
recues company cost and makes the job scalable (Dhillon, Syed & de Sá-Soares, 2017).
Using the cloud does not mean the third vendor may use the same cloud service as the other;
it can use another device or a service. This entire process creates security issues and concerns
that needs addressing when the company has stringent security and privacy policies. Data
leakage is also a concern for the management, as the confidentiality of data can be lost or
there might be a leakage (Murthy, Karim, & Ahmadi, 2015).
Communication issue is a minor issue but still needs consideration as it can cause ,major
potential drawbacks. Time zone becomes a problem. The company may set up their business
in a different time zone and the working hours do not match of the organizations. Then this
becomes a problem (Schniederjans, Schniederjans & Schniederjans, 2015). There are
solutions to the problem yet is of concern to the management. 24 x 7 availability is an issue
with companies in a different time zone. Success gets limited if the services are not available
at the required time. This problem is mostly noticed in companies that provide educational

8IT CHALLENGES IN MANAGEMENT
services like personal tutoring and homework or assignment services. The tutor and the
student may be in two completely different time zones and the service cannot be coordinated.
This raises major problems. Considering the case of SolutionInn. a company that provides
educational services was facing 24 x7 availability issues. It was becoming hard for them to
assign a tutor on immediate requirement so they arranged for tutors across all time zones.
This minimized the issue and they could allocate tutors on a immediate need basis
(SolutionInn., 2019).
Another issue or a challenge so to speak is how outsourcing impacts company culture
(Gurung & Prater 2017). Positive work culture leads to high efficiency and strong
productivity. This cannot be put into danger as it will affect the company greatly. The
employees can be upset about being replaced or being shifted to a completely new location.
There is a chance to come across confused employees who do not understand the reason
behind outsourcing of services. Additional challenges in daily work and might be a chance in
the reduction of work flow. There is also disparity in working culture and language barrier
(White, & James 2017). When a company outsources services disparity is seen in complete
comprehension of the project process and requirement. Another issue can be that the
company brand might suffer. The brand of a company is very sensitive in its development
and growth. If outsourcing plan fails there is chance that the brand of the might get stained
which can lead to reduction in revenues. These are the most prominent challenges the
management faces while outsourcing services or IT services.
.

9IT CHALLENGES IN MANAGEMENT
References
Amazon. (2019). Data Privacy - Amazon Web Services (AWS). Retrieved from
https://aws.amazon.com/compliance/data-privacy-faq/
Andersson, S. M., & Pettersson, M. G. (2015). U.S. Patent No. 9,191,822. Washington, DC:
U.S. Patent and Trademark Office.
Apple. (2019). Legal - Privacy Policy - Apple. Retrieved from
https://www.apple.com/in/legal/privacy/en-ww/
AWS. (2019). Cloud Security – Amazon Web Services (AWS). Retrieved from
https://aws.amazon.com/security/
Chen, L., Oshiba, D., & Chiong, J. (2016). U.S. Patent No. 9,270,705. Washington, DC: U.S.
Patent and Trademark Office.
Clemons, E. K., & Banattar, J. (2018, January). Regulating Online Privacy: Some Policy
Guidelines, Including Guidelines for International Harmonization. In Proceedings of
the 51st Hawaii International Conference on System Sciences.
Dhillon, G., Syed, R., & de Sá-Soares, F. (2017). Information security concerns in IT
outsourcing: Identifying (in) congruence between clients and vendors. Information &
Management, 54(4), 452-464.
Dhillon, G., Syed, R., & de Sá-Soares, F. (2017). Information security concerns in IT
outsourcing: Identifying (in) congruence between clients and vendors. Information &
Management, 54(4), 452-464.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10IT CHALLENGES IN MANAGEMENT
Gantman, S. (2017). IT outsourcing in the public sector: A literature analysis. In Global
Sourcing Of Services: Strategies, Issues And Challenges (pp. 83-134).
Google. (2019). Retrieved from https://policies.google.com/privacy?hl=en
Gurung, A., & Prater, E. (2017). A research framework for the impact of cultural differences
on IT outsourcing. In Global sourcing of services: strategies, issues and
challenges (pp. 49-82).
Jain Palvia, S. C., & Palvia, P. (2017). Critical issues facing IT outsourcing vendors in India.
In Global Sourcing Of Services: Strategies, Issues And Challenges (pp. 261-300).
Jakimoski, K. (2016). Security techniques for data protection in cloud
computing. International Journal of Grid and Distributed Computing, 9(1), 49-56.
Khan, S. U., & Khan, A. W. (2017). Critical challenges in managing offshore software
development outsourcing contract from vendors' perspectives. IET Software, 11(1), 1-
11.
Montaseb, M. M., Ragheb, M. A., Ragab, A. A., & Elsamadicy, A. M. (2018). The Factors
Affecting of SMEs’ Outsourcing Decision Making.
Murthy, D. N. P., Karim, M. R., & Ahmadi, A. (2015). Data management in maintenance
outsourcing. Reliability Engineering & System Safety, 142, 100-110.

11IT CHALLENGES IN MANAGEMENT
Narula, S., & Jain, A. (2015, February). Cloud computing security: Amazon web service.
In 2015 Fifth International Conference on Advanced Computing & Communication
Technologies (pp. 501-505). IEEE.
Park, Y. J., & Skoric, M. (2017). Personalized ad in your Google Glass? Wearable
technology, hands-off data collection, and new policy imperative. Journal of business
ethics, 142(1), 71-82.
Schniederjans, M. J., Schniederjans, A. M., & Schniederjans, D. G. (2015). Outsourcing and
insourcing in an international context. Routledge.
SolutionInn. (2019). SolutionInn - Online Tutoring | Get Study Help and Textbook Solutions.
Retrieved from https://www.solutioninn.com/
Thatcher, B., & Evia, C. (2017). Outsourcing Technical Communication: Issues, Policies and
Practices. Routledge.
Wasilewski, A. (2019, April). Integration Challenges for Outsourcing of Logistics Processes
in E-Commerce. In Asian Conference on Intelligent Information and Database
Systems(pp. 363-372). Springer, Cham.
White, R., & James, B. (2017). The outsourcing manual. Routledge.
Wittig, A., & Wittig, M. (2015). Amazon web services in action. Manning Publications Co..