Mention outsourcing to a group of CIOs or IT managers and you risk opening yourself up to more opinions and allegiances than you'd find in a Glasgow pub during an Old Firm derby. For some IT managers, outsourcing of non-essential tasks to a third party supplier makes simple business sense; for others, the idea of handing over responsibility for any element of their department is a mark of failure.
For nearly a decade, those in favour of outsourcing have appeared to have the upper hand. Most large enterprises have outsourced part of their IT infrastructure to a third party supplier. Several recent, high profile cancellations of IT outsourcing agreements have prompted some quarters to herald the end of the industry, but the prospects for managed services still seem positive. Outsourcing has grown consistently over the past four years and the latest figures from the DTI indicate that 60 percent of large enterprises outsourced IT services to third party suppliers in 2006.
Yankee Group has stated that enterprises will outsource 90 percent of their security management by 2010. Even now, many companies claim to be unable to keep up with the latest threats and countermeasures without the support of a third party. But should firms be outsourcing IT security, given the important role it plays in protecting companies from downtime and theft of intellectual property‾
IT as a cost centre
As large enterprises press on with cutting costs and increasing efficiencies throughout the business, IT departments are increasingly finding themselves under enormous pressure to show their worth, rather than their cost.
A recent survey of CIOs and IT executives, conducted by CapGemini, revealed that an average of 60 percent of the total IT budget is currently spent on operations, maintenance and support, with just five percent devoted to strategy and planning. Consequently, though security remains a high priority for enterprises, the cost and complexity of managing the multiple facets of security is becoming an increasingly persuasive argument for outsourcing.
Take monitoring for example. Hackers and virus writers don't tend to work on normal business hours, so staff must monitor the network 24/7. From a strategic point of view, employing a dedicated team of highly trained professionals to conduct routine tasks can seem about as sensible as having a fire engine in the basement, just in case there's a fire.
Given that activities such as firewall monitoring and administering an intrusion detection system (IDS) require a high level of support, it is not unusual for a company to want to outsource such activities: they are not core functions of most organisations.