Hire a Hessian (Outsourcing) ◾ 255
4. Fully integrated—Services that are characterized by full-time dedicated connections and
bi-directional data exchanges that can be initiated by either party. An example is a hosted
backend database server that regularly queries the customer’s authentication server and other
services such as DNS, Time, and WINS.
Outsourcing Pros—Benefi ts
e primary benefi t of using outsourced services is cost savings. Service providers can deliver com-
modity services such as e-mail, instant messaging, and Web conferencing at a lower per user cost
than the equivalent in-house service. Savings result from lower equipment, personnel, recruiting,
operations, and support costs. Customers also benefi t from higher reliability (availability), fault
tolerance, no-cost technology transitions (always on the latest release of software), and the security
expertise of the provider’s staff . Other security-related benefi ts can be realized by the transition to
services. For example, the transition may require infrastructure changes that benefi t other secu-
rity functions. ese include the consolidation of user identities and the convergence of Active
Directory domains. Getting all users on a common platform and having the ability to securely
extend services to partners are two other potential benefi ts.
Outsourcing commodity services allows companies to focus on their core business and busi-
ness initiatives instead of expending resources on the supervision and management of routine
tasks, including some help desk and security-related functions. Some modest risk reductions
can result from the provider’s contractual obligations, high availability, Business Continuity and
Disaster Recovery capabilities, and security management expertise, as well as transitional changes
to security-related infrastructure services. ese benefi ts apply to both fully hosted and hybrid
environments.
SIDEBAR: LEVERAGING TECHNOLOGY TRANSITIONS
Major technology transitions are one of the hardest things for IT departments to accomplish. Moving from one
version of an operating system to the next, or from one version of MS Offi ce to the next, often requires months of
preparation and even more time to roll everything out. Such was the case of one organization that wanted to transi-
tion to Microsoft Online Services. The company had been struggling for years with an Active Directory that had over
20 different domains and hundreds of domain trusts. The IT department had an ongoing consolidation project that
had made little progress in the past year; that changed when the CEO decided to go online. The transition required
a consolidated domain structure, so the Online migration team went to work solving the problem. Five months
later, the company was not only saving money on e-mail, instant messaging, conferencing, and collaboration tools,
but it also had an expertly designed and implemented Active Directory to help it manage its in-house computing
resources. The cost? Less than what was budgeted for the original consolidation project.
Outsource Cons—Challenges
Outsourcing can provide some modest risk reduction, but it also has a number of inherent security
risks that must be considered. e fi rst is the security of the data transferred, stored, and processed
by the provider. Once the data leaves your control, your ability to observe how it is handled or
used is lost. Your ability to detect and respond to security violations concerning that data becomes
wholly dependent on the provider’s notifi cation process, which may or may not be done in a timely
manner. However, your liability for the proper management of the data has not changed. You are still
the owner of the data, and you are still the party that is ultimately responsible for its protection.
You cannot transfer this responsibility to the provider, nor is the provider likely to accept it.
Service providers achieve profi tability by delivering commoditized services to a large audience.
e approach leaves little room for customization, especially when it comes to customer-specifi c
TAF-K11348-10-0301-C013.indd 255TAF-K11348-10-0301-C013.indd 255 8/18/10 3:12:25 PM8/18/10 3:12:25 PM