How to handle the risks of outsourcing your IT

January 21, 2019
| Work Smarter

Outsourcing your organisation’s IT function (in full or in part) has many benefits. But these benefits often go hand in hand with risks.

Here we share 5 of the most common IT outsourcing risks and how to handle them:

5 IT outsourcing risks to avoid or resolve

#1: Loss of control

IT outsourcing by definition means that you’ll be handing over some of the managerial control of your IT function to an IT services provider. In most cases this is a benefit, it frees your team up to focus on other activities. However, ‘out of sight, out of mind’ is not the desired outcome; instead your provider and their team should really be an extension of your internal team, where you have transparency and visibility over everything that relates to your organisation.

How to avoid losing control? – Make sure all parties understand the parameters of the project; ensure that the services provided are aligned with business and operational goals, and that there is a clear protocol for changing deliverables; have a clear reporting systems and identify exactly what information you need from the provider; promote collaboration between each team.

#2: Loss of skills and knowledge

If you’re considering outsourcing your IT service desk or other operational functions to a IT outsourcing provider, you may be concerned that you’ll lose internal skills and knowledge. This could potentially make it difficult to bring a function back in-house or move to a different IT services provider.

Access to skills is actually a motivating factor for outsourcing IT, when your organisation has a skills gap, but it’s an understandable concern when weighing up whether to recruit or outsource.

How to keep skills and knowledge in-house? Identify the most important skills required in-house and ensure you’re investing in training and CPD to keep your IT team up-to-date; investigate whether a hybrid outsourcing model may be appropriate, for example outsourcing 1^st line tickets but retaining 2^nd and 3^rd in-house; consider also whether it would be beneficial for the service provider to work directly with your internal team, helping to upskill individuals and retain skills; ensure the IT service provider continually updates documentation and your organisation’s IT knowledge bank.

How much does outsourcing your Service Desk cost? Get a high level quote here >

#3: Geolocation

In theory IT outsourcing providers could be located anywhere in the world. Many of them are. The offshore outsourcing model is used by many organisations. However, for some organisations there is a risk when the provider is located on the other side of the globe. Time zones, language barriers and the ability to make on-site visits are obvious hurdles that might need to be overcome. Other considerations are the economic and political climate in the region the provider is located, as well as industry and local.

Is geolocation an issue? Be clear about what services you require and how location may affect service levels, and what compromises your organisation is prepared to make. Offshore providers can often be cheaper than onshore companies, but may not deliver the service your organisation requires. Factor in regulatory compliance, including the impact on your organisation’s clients and their governance. Think about the future and whether the provider is able to scale with your business and support development and growth.

#4: Security and compliance

Giving a 3^rd party provider, and their employees or contractors, access to your IT systems and infrastructure is not without security risks. However, as well as functions such as IT support, many organisations are outsourcing cyber security and data protection to external providers: who can often do it much better than they can.

Is security a risk? The first step is to address any compliance issues and how working with a 3^rd party provider impacts regulations. Then understand exactly what data and systems a provider will have access to, for example if an analyst offers desktop support they’ll potentially have access to corporate data stored on local drives and maybe network shares. Find out what data the provider needs, what they do with that data, how it is used and stored and how they protect it. Do background checks and get confidentiality agreements in place. Check for ISO 27001.

#5: Not aligned with business operations and objectives

Finally, an IT outsourcing risk can be a lack of alignment between the organisation’s day-to-day operations and strategic direction. Some providers are guilty of selling in their services without fully understanding the business and this can result in an organisation not getting value and positive ROI.

How to avoid this risk? Alarm bells should sound if the provider attempts to sell a one-size-fits-all service without first taking the time to understand your requirements, operations and business objectives. Put your IT requirement out to tender with a Request for Proposal to help shortlist providers and identify those that want to develop a strategic partnership with your organisation.

If you would like to discuss IT outsourcing in more detail please get in touch for an informal chat with our team.

08456 808538 hello@cloudbusiness.com

Cookie	Duration	Description
__cfruid	session	This cookie is set by the provider Cloudflare. This cookie is used for load balancing and for identifying trusted web traffic.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
__RequestVerificationToken	session	This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
MS0	30 minutes	No description available.
MSFPC	1 year	No description available.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
__lotl	5 months 27 days	This cookie is set by the provider Lucky Orange. This cookie is used to identify the traffic source URL of the visitor's orginal referrer, if there is any.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_lo_uid	2 years	This cookie is set by the provider Lucky Orange. This cookie shows the unique identifier for the visitor.
_lo_v	1 year	This cookie is set by the provider Lucky Orange. This cookie is used to show the total number of visitor's visits.
_lorid	10 minutes	This cookie is set by the provider Lucky Orange. This cookie is used to identify the ID of the visitors current recording.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
ANONCHK	10 minutes	This cookie is used for storing the session ID for a user. This cookie ensures that clicks from advertisement on the Bing search engine are verified and it is used for reporting purposes and for personalization.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
MUID	1 year 24 days	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
_gd1624628211813	session	No description
AADNonce.forms	session	No description available.
CONSENT	16 years 6 months 6 days 10 hours 23 minutes	No description
DcLcid	3 months	No description available.
GetLocalTimeZone	session	No description
lfuuid	9 years 7 months 6 days 10 hours 24 minutes	No description available.
MC1	1 year	No description available.
SM	session	No description available.
SRM_B	1 year 24 days	No description available.
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

How to handle the risks of outsourcing your IT