Security Considerations in Integrating the Fragmented, Outsourced, ITSM Processes

The outsourcing of IT Service Management (ITSM) processes is now a common and established phenomenon. Traditional outsourcing models were centered on off-shoring. Greater shift towards strategic and transformational forms of outsourcing has led to emergence of global delivery models, shared service models, and multi vendor delivery models. While these models have great potential, the realization of these models on the ground is often suboptimal. Security issues and constraints have forced these systems to work in silos leading to fragmentation of ITSM processes and systems across the client and vendor environments. The need is to create an eco-system where the client systems can be integrated seamlessly with vendor systems to drive service improvements and enable better collaboration, decision making and overall governance of the outsourced services. Addressing security challenges is a key to implementation of these emerging service delivery models. The primary challenges are around data security and privacy, secure network isolation, secure integration of shared services, federated identity management, strong authentication and access control related challenges. In this paper we present the key challenges of integration in these emerging outsourcing models and present security considerations that need to be addressed to realize these models.