Gartner’s latest forecast predicts the worldwide IT services market will exceed $980 billion in 2015. With information technology outsourcing (ITO) contributing to more than half of that market growth, the industry is poised to reach $1.1 trillion by 2018.
A booming offshoring market has bolstered the trend, with domestic leaders like HP starting to lose market share to India-based outsourcers and cloud-based service providers. Overall, Forrester Research predicts 542,000 IT jobs will move overseas by 2015, and that number is widely seen as conservative. Clearly, outsourcing is here to stay.
The IT skills shortage, as well as pressure CIOs feel to executive new digital demands within the limitations of tight budgets, has solidified outsourcing’s role. These days, it’s rare for businesses not to outsource at least one aspect of their IT organisation.
>See also: Hot source: the rise of outsourcing
With the new digital technology growing on a global scale, no one person can be a master of all trades, making outsourcing unavoidable. But growing cyber security concerns demand a second, more detailed inspection of the cost associated with risk. After all, in theory, you are opening your network to a partner who works independently of your organisation.
When CFOs and CIOs strictly look at salaries, outsourcing IT can seem very enticing. But how many of those executives have looked at the hidden costs of subcontracting? What are the costs, in terms of additional security and risk, to sending these jobs outside the enterprise? Gartner research conducted in 2014 found that all nine countries it studied in the popular Asia Pacific region were rated either ‘poor’ or ‘fair’ on the data/IP security and privacy criterion.
Until an organisation assesses its entire application infrastructure, these savings may be part of a false economy; something that saves money at first, but costs more over time. It’s time to evaluate remote logins, remote and virtual desktop programs, integrated security applications and the risk associated with each enterprise application.
How much are these cost-saving measures really costing?
Finding the real price tag
If outsourcing work is the status quo, it’s time to reevaluate the norm, starting with the risk and liabilities presented when contracted employees access your network from outside its parameter.
Respondents to PwC’s 2015 Global Information Security Survey reported the total number of detected security incidents in 2014 exceeded 42.8 million, a 48% increase over 2013. Moreover, the survey found security breach-related financial losses to be 34% higher than the year prior.
So ask yourself: when you open your organisation’s perimeter to let outsourced employees in, what’s been done internally to protect the information? Is your partnering organisation holding itself to the same standards of security? Furthermore, does your organisation have the capacity and capabilities to make the evaluation, or is the first step finding a partner to complete the security assessment?
In the end, it’s vital to understand the enterprise’s entire application portfolio, sprawling between internal functionality and external access, and then aligning that with risk and security metrics.
Once an enterprise creates a comprehensive map of its IT assets, specifically the ones outsourced employees can access, consider the asset’s cost and maintenance, risk and cost to secure the IT asset, cost associated with a potential breach, and function and potential redundancies with existing assets.
Evaluating these components together shows the true cost associated with doing business with an outsourcer or overseas organisation.
>See also: Rise of the outsourced CIO
The most poignant and overlooked step in this equation is the evaluation of a potential data breach from opening the network. According to the PwC report, other than current and former employees, there is no higher cyber security threat than service providers, consultants and contractors.
And the cost of an incident is increasing. Globally, the average financial loss associated with cyber security incidents in 2014 was $2.7 million, a 34% increase over 2013.
Do the math, and find the real price tag of outsourcing. And ask the tough questions: would you buy beef from a butcher that refuses to eat his own meat? Would you still outsource IT work after finding just a few hundred dollars in savings, taking risk and security into consideration? Probably not.
Sourced from Karl Fruecht, KillerIT and Jason Ausburn, SOS Security