April 29, 2009, 3:26 PM — In a sliding market, outsourcing looks increasingly attractive. In this era of drastic cost cutting and budget squeezing, many IT managers facing diminished budgets and frozen in-house resources are exploring ways of sending even more work off site to save money, or at least take capital costs of their immediate plate.
But with traditional outsourcing opportunities all but played out, many enterprises are asking, "Is there anything left to outsource?"
[ Sometimes, outsourcing can do more harm than good. Check out the worst cases in "Painful lessons from IT outsourcing gone bad." | InfoWorld's Ephraim Schwartz explains the slippery slope of outsourcing dependency. ]
Four critical IT tasks -- project management, e-discovery, regulatory compliance, and environmental activities -- are all ripe for outsourcing. But today, they are generally not outsourced because managers don't think they can send the work off site due to cost, security, and other concerns. It's time to rethink the anxieties in these four areas.
Outsourcing opportunity No. 1: Project management
Project management involves organizing and balancing three basic elements: people, time, and money. Many IT shops would like to unload the nuts and bolts of IT project management onto an outside provider, but worry that the task is simply too big, too complex, and perhaps even too important to outsource. Managers also fret about losing the precise control and oversight successful project management requires, as well as the ability to turn on a dime if circumstances demand a sudden change in tactics.
Beth Anderson, IT supervisor for Santa Fe Natural Tobacco Co., a specialty tobacco and cigarette manufacturer, overcame her reluctance to outsourcing project management after discussing her reservations with SMBology, a firm that handles project management. After some discussions, the partners decided on a staged approach. "We've given them some technical project management responsibility for a couple of major projects," she says. "So it is significant ... but it's not like we've outsourced all project management." A current project aims to add mobility functionality to a Microsoft Dynamics CRM platform.
Regardless of an outsourcing project's scale or scope, Anderson believes that it's vital for the provider to maintain a physical connection with its client. "[SMBology] is physically here to gather requirements and ... when we're doing user testing, so we've got real quick communications," she notes. "If the user sees something that's not working the way they want it to, then the people are here to fix it."
Justin Singer, SMBology's president, says that many IT shops are reluctant to embrace project management outsourcing because they were soured by previous on-site project management experiences. "They may not have experience with what a really good project can look like," he explains. "It's hard for them to really see what the benefits are going to be."
Anderson says outsourcing benefits have generally met her expectations. "You get elastic access to talent, and you get specialized skills that you don't have a need for 365 days a year on your own internal team," she says. "So you can ramp up and stretch the elastic when you need the resources, and then you can snap it back when you no longer need them."
Outsourcing opportunity No. 2: Electronic discovery
Over the years, e-discovery (sifting through data pertaining to criminal or civil legal cases) has grown into a burdensome task for IT shops working inside law firms or enterprises with corporate legal departments. It would be nice if some or all the responsibility for storing and managing theses important documents could be offloaded onto an outside service provider. Yet IT managers often feel that privacy and security issues, as well as user access limitations, make the effective outsourcing of e-discovery material difficult, if not impossible.
[ Find out the mistakes that can kill your electronic archiving efforts in Ephraim Schwartz's "The art of e-discovery." ]
But Seth Row, an associate at law firm Holland & Knight, sees it differently. "There are some things I wish we could do more of in-house, but given the current realities, it's not possible," he says. That's why, like a growing number of IT shops in a similar situation, Holland & Knight is outsourcing much of its e-discovery work. "It's good to have options," Row says. "You need to be prepared for lots of different contingencies, so developing relationships with vendors is very important -- it's important that they're there as a resource."
Row notes that a growing number of legal cases focus on e-mail evidence. "E-mail is usually the largest volume of electronic data that you're dealing with in a lawsuit, particularly in an employment-related lawsuit," Row observes. But Row notes that it's virtually impossible to search e-mail effectively in its native client environment. "That doesn't work very well, so it's got to be processed into a database before you can search it across the different fields," he explains. "It's got to get processed so that I can search all the e-mails and all the associated attachments that contain a particular word, or a particular concept."
Although an IT shop could tie up its servers running lengthy databases searches, and then organize and store vast amounts of e-mails and documents, it's often more cost effective to outsource e-discovery projects. Holland & Knight uses the eClaris e-discovery consultancy to handle much of its work. "eClaris has the capability of setting up the database for me, and I would then access it through the Internet," Row says. "So I go to a Web site -- it's password protected -- I log in, and then I can review [the data] through this Web-based system."
While the Web interface addresses IT managers' user access concerns, what about privacy and security issues? Education is the key to calming managers' fears, says Jacques Nack Ngue, eClaris' CEO. "One effort we do is engaging companies, and just providing as much information as possible about the e-discovery process," Nack Ngue says, such as "what the risks are, how to assess them, and how to handle and manage those risks."
Row agrees that once a manager begins working with an outsourcer and understands what needs to be done to maintain security and privacy, the risks suddenly appear much smaller. "It's a collaborative process," he says.
Outsourcing opportunity No. 3: Regulatory compliance
The financial scandals of the late 1990s and early 2000s led to several new federal compliance mandates, most notably the Sarbanes-Oxley law. These mandates, as well as an array of other state, local, and industry-based compliance measures such as California's privacy breach notification statute and the payment industry's PCI standard, created new record-keeping, document-tracking, and other demands on IT shops that tend to sap productivity and slow other critical work.
[ The financial meltdown will likely increase the regulation burden on IT, argues InfoWorld's Ephraim Schwartz. ]
Despite the added IT burden, many enterprises have been reluctant to outsource regulatory compliance tasks, believing that the work is too business-critical to place into the hands of an outsider. Many managers also worry about the security and legal implications of sending such work off-site.
Michael Rasmussen, president of the regulatory compliance advisory Corporate Integrity, says the key to successful outsourcing lies in finding the organization that knows the most about the relevant type of regulatory compliance needs. "There are FDA regulations, different elements of privacy regulations, and disaster recovery and continuity regulations, and each of these requires something different," he says.
Christine Applegate, CFO of East Coast Cable & Communications, a firm that provides installation services for area cable companies, got drawn into the regulatory tangle when Massachusetts enacted a customer privacy law. Not having anyone on staff with the skills or experience needed to ensure that the company was living up to its compliance obligations, she turned to East Coast's primary IT service provider -- Boston-based Vitale Caturano & Co. -- to develop a solution.
Applegate says her initial concerns about handing over regulatory compliance work to an outside entity turned out to be mostly unfounded. By working closely with Vitale Caturano, she could define a strategy that would allow East Coast to comply with the new regulations while safeguarding customer privacy. "We probably would follow the same path if starting over again," she says. "We did not understand the depth of our needs."
Outsourcing opportunity No. 4: Environmental activities
Even as budgets are slashed, many IT shops are feeling increasing pressure to pursue "green" business practices. Outsourcing is a potentially cost-saving way to offload ongoing eco-tasks -- such as environmental audits and hardware disposal -- that lie outside of an IT shop's core competency. Yet many managers are reluctant to pull the trigger on environmental outsourcing, believing that the concept is too amorphous to outsource or because they are skeptical of green issues in general.
Bob Brand has a different view, however. Vice president of corporate security at media giant Cox Enterprises, Brand sees one facet of green outsourcing -- hardware disposal -- as both a potential money-saver and as a way of enhancing IT security.
[ Learn how to green your technology in Ted Samson's Sustainable IT blog. ]
From Brand's viewpoint, routine hardware disposal risks exposing enterprise secrets to recyclers and other unknown parties. By handing the work over to an outside firm -- Redemtech, in his case -- Brand believes that Cox is relieving IT of a time-consuming task, deriving the maximum value out of its IT hardware assets, and guaranteeing that enterprise data is protected as it enters the recycling process. "With Redemtech we will extend the life of computing equipment while ensuring responsible recycling at the end of life and provide secure treatment of customer and company data, which will measurably contribute to this goal," he says.
"In a widely distributed company, [green] outsourcing offers a straightforward means for centralizing, thus simplifying and controlling fragmented practices that represent real inefficiency and risk," says Robert Houghton, Redemtech's president. "Because environmental and privacy laws are proliferating at the state and local levels, a specialist in the field is often better able to protect a company's interests in such arcane matters than the organization's own employees, who may lack the essential in-depth knowledge."
Brand notes that Cox's green outsourcing initiative didn't come without effort. "It took us about six months to develop our strategy," he says. "Progress is going well. However, it could be several years before we're able to fully implement our plans across our operating businesses, which are largely decentralized and include nearly 78,000 employees worldwide."
Yet Brand believes that his company made the right decision. "The icing on the cake is realizing the return on your investment that leads to environmental and economic sustainability," he says.