ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

What actually is IT outsourcing?

IT-Outsourcing Übersicht

In simplified terms, the term “IT outsourcing” refers to the procurement of services (sourcing) from outside a company (out). The term thus encompasses the outsourcing of service components in the area of information technology. The motivational reasons for deciding to outsource are often as follows:

Costs & balance sheet:

The concentration of service components with a provider specializing in this area and the associated efficiency benefits are associated with overall cost savings compared to providing services oneself with one’s own hardware and personnel. IT outsourcing also has effects in the area of cost representation. For example, the procurement of services in the form of services instead of the company’s own capital expenditures should not be included in fixed assets (CAPEX) but should be reflected directly in operating costs (OPEX).

Skills & Capacity needs:

Competition for IT professionals has already led to a bottleneck in the skills and capacity required to maintain IT services. To counter this increasing risk, outsourcing those service elements with insufficient available human resource capacities (FTE) and/or lacking competence profile is often one of the decision bases for an IT outsourcing initiative.

Flexibility & Liability:

Other motivations for IT outsourcing can arise from a technological, legal, or structural basis. For example, the outsourcing of business processes also represents a transfer of responsibility. This can make it possible to pass on liability for IT damage caused by malware, ransomware, or Trojans, for example, to the IT outsourcing contractor. The flexibility associated with outsourcing relates to the service components. Due to the specialization in service provision, managed service providers are able to make short-term adjustments to IT services. The flexibility here extends to Pay-Per-Use procedures,, which are based on the fact that only the resources actually required temporarily are provided and charged for (e.g., storage).

A customer consultation?

Find out if your company needs IT outsourcing and ask us.

Inquire now

In the context of outsourcing IT services, active IT risk management and thus also the review of contracts is essential. We are happy to support you in this. Essential questions in this context are, among others:

  • To what extent are contractually extended liabilities defined and effective as a safeguard?
  • Are the conditions for claiming damages clear?
  • Are sufficient levels and response times defined for an emergency?

IT outsourcing types

Just as important as the motivation and goals of IT outsourcing is the decision on the type of IT outsourcing and, in particular, the so-called service or performance slice within the overall process environment of IT. The following diagram shows the questions and some of the characteristics that are to be evaluated as a result of the requirements analysis:

Administrative complexities

Determination of the average performance

In order to determine the service average and to develop the outsourcing model, the following characteristics must be evaluated in terms of their relevance:

Icon Leistung

Selective vs. Total:

How extensive are the service components to be provided externally? Selective IT outsourcing includes highly specialized tasks (e.g., software development) but also basic services (e.g., housing and hosting) as a potential scope. On the other hand, there is complete IT outsourcing. In this case, an external provider makes the entire IT service scope available and the internal company (client) responsibility is reduced to coordination and control of the provider.

Onshore vs. Nearshore vs. Offshore:

How important is geographic proximity to the contractor? The more standardized a service component is and the less a component is characterized by personal interaction, the more cost-optimized (offshore) the service component can usually be awarded. If the interaction is necessary (e.g., on-site operations), an onshore approach is almost mandatory.

Icon netzwerk

Multi-Vendor vs. Single Vendor:

How are services managed and provided? Depending on the service cut, a supplementary provider for additional service components often has to be taken into account in the IT outsourcing project and integrated into the process world. For example, license management or the area of IT security lend themselves to a separation of execution and control.

XaaS Icon Idee

On-Premise, IaaS, PaaS und SaaS:

How extensive is the service cut in the context of selective outsourcing? The classic breakdown looks something like the following:

        • Level 1: Infrastructure
        • Level 2: Virtual environment
        • Level 3: Operating systems
        • Level 4: Middleware
        • Level 5: Application operation  

In addition to the classic subdivision, new service cuts have now been established in IT in the form of service products based on technological developments. These are:

IaaS:

The provider makes resources, such as virtual machines, network connections and storage space, available in a data center.

PaaS:

At this advanced level, the provider also passes the responsibility for the operating system from the customer and thus takes over the administration of the IT environment.

SaaS:

The last level no longer includes only IT resources, but also processes and applications. A well-known example is O365, but CRM, communication, or ERP systems can also be provided in this way.

When defining a cloud strategy, there are a number of pitfalls associated with it, particularly in the area of IT security, but also many opportunities. In the following, we have outlined the essential points that are considered:

Pitfalls

  • As soon as an Internet connection is no longer available, services are unavailable. In the case of basic IT services, this can have far-reaching consequences for operational processes.
  • A password manages the entire data inventory and enables external access in the event of a loss.
  • Access and legal concepts in cloud transformation must be further developed in order to continue to provide relevant protection.
  • The decision-making basis for data storage in the cloud also includes a risk assessment based on the respective data content.

Added value

  • Established redundant concepts for data protection are easy to adapt for your own company.
  • A flexible response to resources is possible and thus increases the protection of availability.
  • Security measures can also be purchased as a service and can therefore be upgraded more quickly and cost-effectively than by purchasing additional hardware or a license.
Risiko IT-Outsourcing

IT outsourcing risks

However, there are not only advantages associated with IT outsourcing, there are also risks. IT is no longer in the company’s own hands and a certain loss of control goes hand in hand with a certain dependency on the IT provider.

This is particularly evident in examples where the expectations of both sides (contractor and client) are not met. For this reason, early and comprehensive documentation of requirements is just as essential as an effective and contractually clearly defined set of rules in the form of SLAs at the respective service levels. In addition, tangential measures must be integrated to ensure compliance with the control obligation in the context of the strong dependency on the provider.

These include, for example, audits of the processes and systems, the performance of penetration tests, or the direct integration of experts as part of the IT outsourcing project as an independent qualitative assessment authority for the transition and the establishment of rules and processes for future cooperation in the line business.

Bild des stellvertretenden Geschäftsführers Immanuel Bär

We support the securing of your outsourcing potentials!

Find out more about IT outsourcing now.

More about IT outsourcing

If an IT outsourcing project is pending as a plan or as a concrete project in the implementation phase, we recommend taking into account the view from the outside as a quality-shearing measure. Based on our experience in the contractual design and technical implementation of such projects, we support the securing of IT outsourcing potentials without compromising IT security.

Zuletzt aktualisiert am May 26, 2021

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap