On the Inside Looking Out

While the underlying pressure for outsourcing is budget-driven, the transfer of skills is a valuable long-term benefit

When he was appointed as the first chief information security officer (CISO) for the state of Colorado two years ago, Mark Weatherford had little authority and no budget. His first priority was to work the legislative process to create statutory authority over state agencies to direct security efforts and to enforce policy. He also had to figure out how to fund and staff his operation.

Because Colorado, like most states, operates on a modified annual budget, it would take at least 18 months to craft and gain approval for a staffing plan. "Without having any legislative authority to go out and hire state employees, I really needed to jump-start my program with contract support staff," he recalls. One of his first initiatives involved development of a response program for dealing with cyber-emergencies. Weatherford, after evaluating several vendors, decided to contract with Symantec Residency Services to bring in an advisory consultant to head that effort. With a budget carved out of Federal funds provided by the governor, "I was able to hire a candidate that I thought could step up and basically create the Incident Response Program for the state of Colorado," he says.

The Symantec Resident (consultant) is now the state's Director of Incident Response, with much of the authority of a full-time civil servant, and he works directly with the security officers at each of the state agencies to provide guidance on best practices to mitigate security incidents. An additional benefit to the state, says Weatherford, is the resident's ability to leverage Symantec resources on a regular basis to find information, advice, and technical assistance on specific issues that any Colorado agency might be facing. Both Weatherford and the Symantec Resident point out that the position is a product-agnostic role.

Going outside the bureaucracy

Weatherford did what many government agencies in the U.S. and around the world now routinely do when they lack legislative authority to create new positions or are racing to acquire technical skills that don't yet exist within the bureaucracy. Market research firm INPUT states that state and local government agencies in the U.S. will increase spending on outsourced services from $6.3 billion in 2007 to $11.4 billion in 2012. That's a compound annual growth rate of 12.6 percent, outpacing the larger Federal government spending on IT outsourcing projects, which is projected to grow at just under 6 percent annually, from $13.3 billion in FY 2006 to $17.7 billion by FY 2011.

There's no hesitation about outsourcing in the U.S. Federal government. Earlier this year, The Wall Street Journal posed the question, "Is U.S. Government 'Outsourcing Its Brain'?" Contract employees reportedly outnumber the civilian Federal workforce by 4-to-1, and security contractors employed in Iraq are said to equal in number the size of the military deployment. In particular, the Federal government lacks the staff and the expertise to oversee the many and often vast technology projects it has taken on.

INDUS Corporation, named one of the top 100 Federal prime contractors for 2006 by Washington Technology, claims a modest but growing piece of the U.S. Federal outsourcing pie, with revenue reportedly approaching $100 million and an average annual growth rate of 30 percent since it began full-time operations in 1993. The privately held, Vienna, Virginia-based company was one of 29 selected by the General Services Administration in Washington to participate in the first of two information technology services contracts under the Alliant program, which has a total contract ceiling of $50 billion and could span 10 years.

Culture change

"It's just as important to manage the culture change as it is to manage the change of the systems in the IT environment itself," says INDUS's VP of the Homeland Security and Citizen Services business unit. Mullen says the company prefers to take a phased approach with government clients so they can build a series of successes to gain buy-in from constituents and set the stage for outsourcing more projects that produce cost efficiencies.