The Highs and Lows of IT Outsourcing
Last Thursday night I received the distinct and humbling opportunity to be a part of a panel on “The Highs and Lows of IT Outsourcing” through the local AITP chapter. The title of the panel was taken from an article I forwarded to the AITP president: http://bit.ly/2DywcE5. The panel consisted of three subject matter experts, Hunter Roark, VP of Technology and Services; Torry Crass, CISO at LEO Cyber Security, and Derek Iannelli-Smith, CEO, of Outsourced CIO, LLC. We were asked questions by our current president, Jamison Carey to an audience of 25-30.
As I mentioned previously, part of being a thought leader in bringing value, being open-minded, and solution-oriented is one of OCIO’s goals. On that note, here is how we at OCIO answered the panel questions.
- What is IT Outsourcing really mean? Essentially, anything that cannot be completed internally either because of capital expenditures (CapEx) or operational expenditures (OpEx). However, both CapEx and Opex can positively influence outsourcing as well. Gartner defines IT outsourcing; “IT outsourcing is the use of external service providers to effectively deliver IT-enabled business process, application service and infrastructure solutions for business outcomes. Outsourcing, which also includes utility services, software as a service and cloud-enabled outsourcing, helps clients to develop the right sourcing strategies and vision, select the right IT service providers, structure the best possible contracts, and govern deals for sustainable win-win relationships with external providers. Outsourcing can enable enterprises to reduce costs, accelerate time to market, and take advantage of external expertise, assets and/or intellectual property.“
- What things should I consider if I’m outsourcing IT? It is important to understand your capabilities and limitations. Outsourcing can be time-consuming if you do not have the expertise. For OCIO, we call this Vendor Management. Essentially all IT infrastructure vendors are under control and managed by a master service provider like OCIO. Having someone who can manage the relationship full-time is key. There should be checks-n-balances upfront as well. Some might call these goals/metrics. These are things like TCO (total cost of ownership), ROI (return on investment), cost savings, quality of support, and efficiency. It is also important to find the right partner. With OCIO we have vetted many partners many whom are national in reach/scope. They have proven themselves beyond the local business environment and in many cases have a national reputation as well. Said another way, this is not a “google search” and picking the first one. There is a vetting process. CIO magazine had a great article on this last year. It is also good to ask questions pertaining to who maintains control and ownership of the data. Sometimes companies will hold your data in bondage and this can cause havoc especially if trying to move to another vendor. Many years ago, for instance, large PSA (Professional Software Administration) companies like Autotask or ConnectWise attempted to do this and then Kaseya took that away when they publically announced their PSA Migrator and customers were no longer in bondage. By the way, both companies (Autotask and ConnectWise) now can migrate from any PSA without the previous problems when attempting to switch PSA’s that many small businesses dealt with in the early years. Finally, OCIO would recommend that you be vigilant about the security of your data and the outsourcer. Making sure to have NDA’s (non-disclosure agreements) and BAA (HIPAA Business Associate Agreement) for instance are contracts between the covered entity and the business associate can go a long way.
- What are the benefits of outsourcing? Saving money, controlling expenses, focus on core operations, more equitable playing field between small and large companies when it comes to assets and resources. Further, because many companies are inward facing, an outsourced service can bring the outward facing benefits that would divert away from critical assets. Today there is a need for broad and diverse knowledge across verticals, this is exactly what a company like OCIO does so that your company can remain competitive.
- What are the risks of outsourcing? Loss of personal touch, substandard security protocols, lack of project management experience and the like. Many companies today feel trapped by substandard vendors who do not have basic project management knowledge for instance, and a simple PMP standard Project Management Plan, Scope, Communication Plans are missing from part of the toolbox of outsourced tech vendors. The ball is so low in this area in the industry that it does not take much to outshine the rest, especially when you offer experience with Project Management for instance. Many agencies today addressing this risk, have preferred vendor portals, which vet vendors based on strict requirements and standards. For HIPAA for instance, two great portals on this are gov and HHS.gov sites. Another compliance standard many are familiar with is called PCI DSS and the PCI Security Standards Council is a great place to start for all things PCI DSS related.
- How long do your customers plan to outsource, is it a temporary fix until they can get their infrastructure up and running or is mostly permanent? This depends on what is being outsourced. They can be temporary (for instance setting up Office 365 through GoDaddy, after implementation, it can be managed in-house), short-term (this could be for just a single project) or long-term (like a website to a developer – so that they can update, add new content etc). Contracts for these services vary as well based on temporary, short-term or permanent as well. Some vendors charge per project, per application, per user and a myriad of other ways. Many call this subscription, especially when it comes to software. Another term for this is SaaS (Subscription As A Service), and OCIO would recommend and can provide services to regularly review and control expenses as well as look for new opportunities when it comes to these subscriptions through regular and consistent audits. OCIO also offers Needs Assessments regarding vCIO services, MSP services, and Security. Contact us today for an orientation consultation.