In outsourcers we trust

22.08.2006
I'm an attorney, but at every firm I've ever worked, I've always ended up as the unofficial IT guy. It's not that I don't have enough to do, but since I seem to know more about IT than many of the people who are paid to provide it, I find it hard to sit by while my colleagues struggle with problems I know how to solve.

For instance, my current firm outsources its IT support to a company that has promised to keep all the systems up and running. But after working there for several months, I noticed that every time I tried to get information out of our SQL database, my workstation would turn into an egg timer. Sometimes I'd have to restart my computer to make that hourglass go away. I decided to investigate.

The network wasn't complicated -- it served only a total of seven workstations -- and when I checked, I discovered that every one of them was running a different operating system. Those client computers did have two things in common, though: the same log-in name and the same password (the default settings for the administrator account). Oh, there was a third thing: Not one was running current anti-virus or anti-spyware software. Naturally, many workstations were infected with viruses, spyware, and worms that were happily working their way up toward the servers.

We had three servers, all running Win 2K without any updates or anti-virus software. The server room was hot as a jungle, and overgrown with a dense tangle of cables. Once I traced a few, I discovered that while a bunch of peripheral equipment was attached to the server and generating plenty of heat, none of it was doing anything. A CD-ROM jukebox (with not one CD loaded) was permanently powered up. Several ancient external modems were hot, but not one was connected to a phone line. Three UPS units were at work "protecting" the servers, but only one of them had a working battery.

The worst part was that we were paying for IT support! What those guys did to earn their money baffled me no end. On the few occasions I observed them at work, I saw poorly trained technicians taking inordinate amounts of time to do basic repairs. I brought it up in meetings, but the partners insisted that they trusted these guys.

Many of our emergencies revolved around a few employees downloading files from sites where spyware and viruses infested their computers. Instead of installing current malware protection and showing the users how it worked, the techs simply cleaned the computers and returned them to use. There was never any discussion of instituting Internet restrictions or any other security measures.