Cheapskate execs pay the price for outsourcing IT

Execs outsource company website duties but figure there's no need to hire maintenance staff. So guess who they call in a jam?

Why is it so hard for some executives to understand that systems require maintenance in order to run properly? No, the technology does not magically work day after day all by itself. In fact, employees on the back end toil around the clock to make it so. But as in this story, IT's arguments are often ignored -- until, of course, something breaks.

One day, the people a bit higher up in the line of command at my company told us that we were going to outsource our website to save on upkeep and labor costs. Rather than have IT manage it in-house, they wanted to hire two third parties: a Web hosting service and a Web developer. The only part managed in-house would be the website's content, which would be updated by a marketing employee.

[ More about the IT job on InfoWorld: "11 signs your IT project is doomed." | Get your weekly dose of workplace shenanigans by following Off the Record on Twitter and subscribing to the Off the Record newsletter. ]

They said they wanted IT to be out of managing the website so that we could focus on more business-oriented initiatives. Less work for us and more involvement in the business side? That sounded good. Even so, we were reluctant to give up control and had many questions about security and maintenance. Our questions were waved away with, "Oh don't worry, it's all taken care of." Nor were the higher-ups definitely interested in hearing about possible disadvantages. This change made sense to them from a fiscal standpoint -- end of story.

They proceeded to outsource our site to a Web hosting service that charged a very low monthly rate. They also contracted a Web developer to create and set up the new website on the Web host. We were told all this in passing, again with the ominous words of "it's all taken care of."

What could possibly go wrong?

This arrangement worked well for a couple of years, and the suits were quite proud of themselves. But one day we found out that our site had been blacklisted by Google and was now classified as an attack site. The marketing person who had been maintaining the content asked me to find out what was going on.

Based on quick investigation, it appeared that our site had been hacked. I thought the hack might be from an unpatched hole in the CMS software, because I noticed that the CMS was an old version that was no longer supported. But I wondered why the CMS hadn't been updated.

I asked the execs and found out they hadn't been in touch with the Web developer since he first created and set up the website. I tried to contact the developer, but no luck. I don't know if he was on vacation, moved, or whatever, but he was definitely not available.

There was some good news: The developer had given the passwords to the marketing person, who even knew where they were and passed them on to me. At this point, the higher-ups were begging IT to rectify the issue, given that nobody could really access our site without getting infected with Trojans.

Upon logging in, I was horrified when I verified that even though the marketing person had kept the content current, the back end hadn't received even one update in two years!

1 2 Page 1
Page 1 of 2