A framework for outsourcing IT security services in SMEs in Uganda
Abstract
One of the alternatives a small and medium enterprise (SME) can use to successfully manage its IT security needs is to outsource its IT security services (Bakari et al, 2006). The need to outsource IT security services by SMEs in Uganda is vividly becoming no longer a matter of choice but rather a necessity. However, the irony is that despite the benefits of outsourcing, it has been noted that there is limited adoption of IT security outsourcing in SMEs in Uganda.
This limited outsourcing is attributed to the fact that IT security services outsourcing is
expensive and the process is not straightforward. Therefore, this research has proposed a
framework that will guide SMEs in Uganda to outsource IT security services in a manner that will work for them. In this research some SMEs within and around Kampala city were
purposefully selected for the study. The methodology used in data collection was largely
through use of questionnaires, interviews with IT staff in SMEs in Uganda and review of
related literature. After establishing the extent to which SMEs have adopted IT security
services outsourcing and the challenges associated, the study has ascertained the key IT
security requirements for IT security outsourcing. Unlike the case with traditional IT
services, IT security services outsourcing is more complex and therefore this study
recommends that before an SME engages or selects an outsourcer, it should exercise due
diligence on the outsource and its staff. Furthermore, this study recommends that regardless whether the outsource has indisputable reputation or not, continuous monitoring and evaluation of outsources‟s activities should be considered as one of the salient critical success factors for IT security services outsourcing.