So the question out there is, why are there so many unhappy outsourcing customer relationships. I’m not saying that’s every single one is a failure, or there is unhappiness. I know of many customers – outsourcing relationships that are very successful. There are good communications and openness between two organizations. But, if you’re in that situation, while you reading blog?
Unfortunately, as a problem solver, I have usually been brought in to fix bad situations.
The cynical side of me sees the pendulum that swings from outsourcing to in sourcing. Just look at General Motors, many years ago they split off their technical team into a separate company that will become EDS. Now just recently, they have decided to move back to using the own internal teams to manage the IT infrastructure. Unfortunately, I don’t have insight into why they make that decision. It would’ve been fascinating to be a fly on the wall to wash and debates on the merits of moving back to an internal model.
I think one of the first basic faults that develops when thinking about using an outsourced model is cost savings. People grasp on to the idea that they can shrink the internal security teams, and the costs, if they can leverage a specialist company that is focused on delivering security services. The trouble is that it isn’t just a one-for-one swap. As you’ll see later in this series, when you move to an outsourced model there are new roles and responsibilities that you need to take on for managing the relationship. Most companies seem to focus on their current delivery model, and forget about what’s needed in the future.
Another challenge is flexibility. When you have your own IT security team, you inherently have more influence over how the service is delivered, what equipment and software they use, and can move faster when you have that last-minute business change that requires “ heroics” to achieve success. Unfortunately, you lose that agility when you move to a model where an external company is trying to deliver the same service, with common tools, processes, and SLA’s.
In the same vein, adjustments are required in existing processes and procedures. The problem is that most of adjustments are required on the customer side. The customer wants to pay the lowest price it can get to deliver the services it requires to keep its environment secure. To get the lowest price, an MSSPs has to leverage a model where one-size-fits-all. Yet, this is the black model T Ford idea where prices can be kept low if you don’t provide too much individual customization (ironically Ford did actually provide multiple colors at the beginning for the car, but moved to the black model to open up a lower price mark.) I’m not saying that the MSSP will not be flexible, but bear in mind each additional item adds an additional cost for them. And though they will strive to give you a competitive price, it’s generally useful if both companies can stay in business. I.e., You could break the camel’s back.
These are the common faults that I have seen developed in the early stages of deciding to move to an outsourced model. If ignored, either expectations will have to be reset when the reality sets in, or there is a happy cross-organizational relationship.
Now, I don’t want you getting depressed or feeling that the MSSPs model is a waste of time. And no I am not sponsored by an MSSP or have a vested interest in promoting the model. I have just seen great results if you approach it the right way and have the right expectations.