IT Outsourcing: Make It Work for Your Business

IT outsourcing, or buying IT-related functions as a service from a third-party instead of performing the functions in-house, is one way organizations can reduce the time and money spent on infrastructure and operations and dedicate more resources to strategic business initiatives.

The point of IT outsourcing is to get the best possible technology and service at the lowest possible cost.

Outsourcing may be the answer if your company:

  • Requires a highly skilled IT staff but can’t afford one
  • Doesn’t have money to allocate to IT in its yearly budget
  • Would benefit from the latest technology but doesn’t have the expertise to deploy it, or
  • Needs temporary help

Any company looking to offload costs and focus on its core competencies can benefit from IT outsourcing. The key is to outsource in a way that is aligned with the business’s overall goals.

What IT can be outsourced?

Computer or Internet-related work such as:

  • Software development
  • Help desk – on-site or remote via phone or web
  • Email
  • Virus, spam and other online threat protection
  • Website hosting
  • Managed server hosting or managed application hosting
  • Infrastructure — i.e., hardware, software and network installation and support
  • Disaster recovery
  • Data center functions like data processing and storage
  • Data back-up, recovery and transfers
  • Strategic planning and asset management

Types of IT outsourcing

These five types of IT outsourcing offer businesses a number of options when contemplating outsourcing some or all of their IT functions:

  1. Offshore outsourcing – sending IT-related work to a company in a foreign country that offers political stability, lower labor costs and tax savings; India, China and the Philippines are popular offshore outsourcing countries.
  2. Nearshore outsourcing – sending IT-related work to a company in a country that shares a border with your own; presumably, it is easier to travel between the two and for the company and the provider to communicate with one another.
  3. Onshore or domestic outsourcing – contracting with a third party located in the same country to provide IT-related work, off-site or in-house.
  4. Cloud Computing – contracting with a third party to provide IT-related functions over the Internet or a proprietary network. Examples include Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service.
  5. Managed Services – contracting with a third party to provide network management functions including IP telephony, messaging and call centers, virtual private networks (VPNs), firewalls, and the monitoring of and reporting on network activity. In this type of outsourcing arrangement, a special emphasis is placed on the integration and certification of Internet security.[i]

Advantages of IT outsourcing

The benefits of IT outsourcing listed below help companies free up internal resources and redirect them toward growth opportunities.

  • Access to specialists with expert-level knowledge and skills
  • Reduced costs resulting from fewer capital investments and staffing requirements, less overhead, volume price breaks, and leasing options
  • On-demand access to the latest technology
  • Higher level of service as defined in the contract
  • Predictable expenses from flat fees and subscription-based pricing models, and
  • Faster product launches due to increased focus and accessibility of technology needed to bring products to market.

Disadvantages of IT outsourcing

While the cost savings and other potential benefits of outsourcing can be a great temptation, it’s wise to be cautious. Rushing into an agreement may mean trouble down the line. Here are some pitfalls to be aware of:

  • High turnover on project teams
  • Possibility of rushing in unprepared when lured by the prospect of saving money
  • Loss of institutional knowledge
  • Loss of direct control over project management
  • Exposure of sensitive data
  • Increased liability for and difficulty establishing regulatory compliance
  • Possible delays caused by the physical distance between client and service provider, and
  • Verbal and written communication barriers if outsourcing to a foreign company.

Understanding the pros and cons of IT outsourcing and the ramifications of sending a job outside the organization are both vitally important. Before making the final decision, consider whether outsourcing critical IT functions will actually resolve any issues the company may be having, and investigate the risks associated with outsourcing these functions.

IT outsourcing trends

While IT outsourcing is a business strategy that has been around for years, increasingly businesses are multi-sourcing, or contracting with more than one company to provide IT-related functions. A multi-vendor approach helps them get the most value for their money and the highest level of service possible.

Additionally, the popularity of cloud computing has grown rapidly in recent years. It is yet another type of outsourcing made possible by advancements in technology – namely virtualization. It is particularly advantageous for software companies – who can access development tools without shelling out a lot of cash – and for companies with massive data storage requirements and large mobile workforces that need to access that data while off-site.

Service Level Agreements

A Service Level Agreement (SLA) is the name given to the contract between the client and the service provider. It spells out the costs involved, what services the vendor will provide, and things like response times, completion dates, etc. It also lays out the penalties if the terms of the SLA are not met.

Ask the vendors on your short list the following five questions to identify the best service provider for the job – before you sign on the dotted line:

Questions to ask IT outsourcing vendors

  1. What access control and encryption methods do they use?
  2. Are their employees subject to background checks?
  3. What are their disaster recovery policies and procedures?
  4. How has the company responded to failure in the past, i.e., missed deadlines, missed requirements, etc., and what do they do to make sure it doesn’t happen again?
  5. To what extent are their processes visible to their clients?

Governance: How to maintain control

Shifting important business activity outside the confines of your own network and security systems is risky. If you don’t pay attention to the rules of governance, your organization could wind up in hot water.

In its broadest sense, governance is “the controls, tools, competencies and communication processes necessary for proficient supplier management and a healthy relationship with your service provider.”[ii] Essentially, “governance” is another way of saying “control.”

Computerworld.com outlines eight principles of good outsourcing governance:

  1. Actively balance the needs of various user groups, re-prioritizing when necessary to keep internal employees from using workarounds when their needs aren’t met.
  2. Get everyone on board by sharing information freely.
  3. Identify and build on the strengths of both corporate cultures to work well together.
  4. Demand accountability to make sure people do what they say they will.
  5. Work at effective communication to avoid misunderstandings.
  6. Consider enlisting the help of an independent third party to help manage the outsourcing relationship.
  7. Meet in the middle and align the goals and objectives of both the client company and the service provider to develop trust.
  8. While SLAs are important, the principles outlined above are meant to ensure that the expectations stipulated in the contract are met to the customer’s satisfaction.

More specifically, governance is the set of processes, policies and tools used to ensure the privacy, security and integrity of the outsourced systems, applications and data.

Governance is of particular concern to companies outsourcing to a cloud computing provider. It is important for businesses to understand that while the service provider is responsible for the security of the underlying infrastructure, the client is responsible for the security of the operating system, applications and data that reside on the provider’s virtual machines.

According to InformationWeek.com, companies should go with a cloud computing provider with governance tools that apply “the right security levels and access policies” automatically; relying on a person to administer security is impractical in dynamic cloud environments. The site also recommends that companies leverage internal IT policies and directory services to “orchestrate fine-grained access controls” and maintain a comprehensive view of “access rights and policies across both internal and external systems.”[iii]

In short, robust governance programs are a part of every successful IT outsourcing strategy.

10 tips for successful IT outsourcing

The time and effort put into understanding the ins and outs of IT outsourcing and what it means to the company looking to outsource makes or breaks an outsourcing arrangement. To ensure IT outsourcing works for your business, keep in mind these 10 tips:

  • The company’s leadership should state what it hopes to accomplish by outsourcing before the process of vetting vendors begins.
  • Don’t treat outsourcing as a cost-saving measure only. Make it a core business function and appoint a dedicated team whose job it is to align the company’s outsourcing activities with its business development strategy.
  • IT outsourcing is not an all-or-nothing proposition; companies should evaluate which IT functions are cheaper in-house, and when it’s more cost-effective to outsource.
  • Define what success means for both parties at the outset and tie payments and incentives to outcomes. Use metrics to track the vendor’s performance and customer satisfaction.
  • Make sure the delivery model of the service provider suits the business’s operational and financial goals.
  • See what the company can do with the standard offerings of service providers; customization is expensive.
  • Don’t forget to ask about the vendor’s security policies and procedures. Make sure the company’s data will be well-protected with adequate access control, network security measures and physical security precautions.
  • Understand that outsourcing is not a once and done thing; a successful outsourcing arrangement requires active management and monitoring. Both parties need to have a clear idea of who is responsible for what.
  • Be prepared to negotiate the best possible terms to any contract or SLA, and to renegotiate after a couple of years, as the business’s priorities may change.
  • Prepare for the possibility of having to switch vendors down the road. Come up with a plan to deal with financial penalties for early contract termination, difficulties in transferring data, potential downtime and bringing the operation back in-house if necessary.