Outsourcing Survey, Part 3: What Gets Outsourced and Where It Goes

The results of the 2004 Enterprise Systems Outsourcing Survey are in. In the third article of our series, we look at what functions are outsourced. While application development is at the top of the list, we found a surprisingly large number of companies are outsourcing all IT functions.

In our analysis this week we examine which functions -- including help desk support, network operations, data center operations, customer support, and security -- are moving outside the enterprise, and where those functions are being performed.

The full report of our survey findings will be available as a downloadable PDF file in early November. Click here to be notified when the report becomes available.

An entire class of jobs (i.e., service-oriented positions) is being outsourced, and some experts argue that a wide-range of professions—from programmers to accountants to radiology technicians—could eventually be outsourced to points east and west of the U.S.

"Services jobs can be outsourced if they are primarily back-office jobs, requiring little customer interaction. This is particularly likely to occur in jobs where the major 'product' is information," says Cynthia Kroll, a senior regional economist at U.C. Berkeley’s Haas School of Business. "The ability to move the product over remote communications networks has also made it much easier to move these jobs abroad. The jobs most likely to go are those where the wage differential is high, and where the social interactions among workers in these occupations is not a key component of the industry’s success."

IT isn't insulated from this phenomenon. By the end of 2004, for example, market research firm Gartner Inc. predicts that one out of every 10 IT jobs will be outsourced overseas. For the moment, however, most IT jobs are staying here. In fact, even in skill areas in which offshore providers are widely assumed to have built-in advantages the majority of IT jobs are staying put. In other functional areas—such as the security sector and the market for managed network services, for example—domestic service providers may have built in advantages versus their competitors in offshore locales.

Application Development

In a scene from the film Office Space, a frazzled middle manager-type is trying desperately to justify his job—as a liaison between customers and software engineers—to a pair of cost-cutting consultants.

After he’s made his case, albeit imperfectly, one of the pointy-headed duo asks a loaded follow-up question: “Why couldn’t the customers just take [their requests] directly to the software people, huh?” To the frazzled middle-manager type—and to thousands of American companies—the answer is obvious: “Because engineers are not good at dealing with customers!”

That perception may explain why application development tasks are among the most likely to be outsourced by U.S.-based firms.

What information technology work is being outsourced in your most recent sourcing project? (Check all that apply)

Application development 20.6%
Web site development/management 12.0%
Help desk support 10.6%
Network operations 8.9%
Data center operations 8.6%
Application management 8.6%
Customer support 8.3%
Security 6.2%
All IT Functions 5.1%
Other 4.6%
Architecture 4.2%

Consider this: 20.6 percent of respondents say their most recent sourcing project was for application development responsibilities. That’s nearly double the tally for the next-highest area (Web site development and management) at just 12 percent. Of respondents who outsourced their application development tasks, 54.6 percent selected domestic providers. That’s significantly below the overall average (70.2 percent) of companies that outsource domestically. On the other hand, 40.6 percent of organizations outsourced some or all of their application development responsibilities to near-shore or offshore providers. That’s nearly double the combined near-shore and offshore average of all survey respondents (24.3 percent).

In our survey, 55.4 percent listed cost reduction or control as the foremost reason they’ve outsourced their application development tasks; 72 percent of companies that outsource domestically cited quality drivers as their most important considerations. Only 43.9 percent listed concerns about cutting costs.

Web Site Development and Management

Web hosting was one of the earliest (and ultimately most successful) of outsourced application services, preceding even the short-lived application service provider (ASP) boom of the late 1990’s.

The upshot is that there’s a thriving market for domestic Web hosting providers. Most of the companies (70.7 percent) that are currently outsourcing some or all of their Web site development and management responsibilities have selected domestic providers. That’s right at the overall average (70.2 percent) of companies that plan to outsource domestically.

Similarly, 22.5 percent of companies that currently outsource their Web sites will do so with near-shore or offshore providers.

Help Desk Support

At first glance, help desk support doesn’t seem like an activity that could easily be outsourced. The (often hapless) IT support guy is, after all, the stuff of legend—he’s been immortalized in Dilbert cartoon strips and lampooned in television situation comedy sketches—and seems, certainly more than IT and other senior-level executives, to require face-to-face interaction with end users.

In spite of all of this, help desk support is frequently outsourced, and gladly so: 10.6 percent of companies are currently outsourcing some or all of their help desk support responsibilities. Once again, most of these outsourcing contracts (64.1 percent) are awarded to domestic providers, while 28.1 percent are snagged by near-shore or offshore providers.

What’s interesting is that a higher-than-usual number of help desk outsourcing contracts (6.4 percent) are going to near-shore providers. This is well above the overall average (2.8 percent) for this segment, and also helps to account for the slight underperformance of the domestic outsourcing segment (which is 6.1 points below average).

Why is help desk support eminently outsource-able? Experts typically cite a pair of reasons: The preponderance of standard desktop applications (the Microsoft Office suite, the Internet Explorer Web browser, etc.), along with the fact that many help desk support calls are related to application performance issues on the network or in the enterprise back-end.

Needless to say, these are both support responsibilities that can with little pain be farmed out to third-party service providers. The typical duration of most help desk support contracts is one year at a cost of less than $1 million.

Network Operations

A network is, by definition, remotely manageable—although that wasn’t always the case. SNMP has been with us for more than a decade now, however, and vendors such as Computer Associates International Inc., Hewlett-Packard Co., and IBM Corp. have marketed network management suites for almost as long. What’s more, most modern enterprise networking devices—from humble department-level switches on up to campus routers—are designed to be managed using either proprietary or third-party tools.

It’s not like outsourcing network operations is a new idea, either. Several vendors—including IT services giant Unisys Corp.—started touting managed network services in the mid- to late-1990s.

Currently, nearly one company in ten in our survey (8.9 percent) outsources some or all of its network operations. Of these, the vast majority (80 percent) have selected domestic service providers. That’s well above the average (70.2 percent) for this segment.

A considerably smaller number—13.9 percent—have farmed out their network operations to near-shore or offshore providers. That’s well below the overall average (24.3 percent) for the combined near-shore and offshore segments. In fact, the number of companies that explicitly identified a preference for offshore service providers (9.2 percent) is 57.2 percent less than the average for this segment.

It’s also well below the average (45.4 percent) for application development outsourcing, which is considered one of the most desirable activities to send offshore. This suggests that many of the drivers that account for the popularity of offshore application development efforts—e.g., the world-class skill and expertise of Indian and other non-U.S. programmers—simply aren’t operative (or compelling) in the network management space. Just as likely, the overlap between many aspects of network administration and internal security requirements—switches, routers, and other devices all require root-level access for effective administration; other information systems might have to be exposed, as well—are enough to deter many potential offshorers.

Data Center Operations

Enterprise data centers safeguard an organization’s crown jewels—the gigabytes, terabytes, or possibly petabytes of mission-critical data it has created or otherwise accumulated over the years. Why, then, are companies outsourcing the management of their data centers? Probably for the same reasons they’ve outsourced their application development and security responsibilities: because managing a data center isn’t their core competency—and because there’s a lot more associated with the management of today’s data centers than many companies are prepared to deal with.

Currently, 8.6 percent of companies outsource or plan to outsource some or all of their data center operations. Of these, 68.3 percent have selected domestic service providers, while 23.8 percent are teaming up with near-shore or offshore providers.

Among companies that outsource their data center operations to near-shore or offshore providers, an overwhelming majority (86.7 percent) are enterprises with $500 million or more in annual revenues. Conversely, among companies that outsource their data center operations to domestic providers, 58.1 percent are small and medium enterprises with less than $500 million in annual revenues.

Cost-cutting is a big driver for organizations that outsource their data center operations, but—more importantly—respondents in this segment clearly view data center outsourcing as a means to boost efficiency and overall quality levels, with a combined 68.8 percent citing specific quality drivers like access to specialized data center management expertise, among others.


Because of the complexity and heterogeneity of operating systems, applications, networks, and other IT resources, an outsourced approach to security actually makes a great deal of sense. Microsoft, for example, released 72 patches for its Windows operating systems and associated applications in 2002, and 50 in 2003. What company wants to be left holding the bag if even one of those patches isn’t correctly installed and a security breach occurs?

When you factor in the effect of regulations such as Sarbanes-Oxley (SOX) or HIPAA—which impose penalties (up to and including jail time, in the case of SOX) for organizations that haven’t implemented appropriate security safeguards—the idea of managed security services starts to look awfully good.

Overall, 6.2 percent of companies outsource their security responsibilities to third-party providers. Of these, an overwhelming majority—88.4 percent—are contracting with domestic services providers. Another 11.6 percent currently tap, or plan to tap, near-shore or offshore vendors.

Once again, the offshore tally for outsourced security services—7 percent—significantly underperformed the average market share (21.5 percent) for the offshore segment. That’s not surprising, however. After all, many organizations have understandable concerns about giving anyone the keys, so to speak, to their IT kingdoms. In the managed security space, especially, it’s likely that most companies are simply more comfortable partnering with domestic providers, if only because these providers—and their employees—are subject to U.S. laws.

There are, of course, similar concerns with outsourced services like software development. But many companies address these issues by, for example, segmenting the development and programming (India, China, or Singapore) and testing (domestic) phases of the project. These problems are not so easily mitigated in the managed security space, however, because so many security responsibilities—such as installing firmware updates or operating system patches—currently require root-level access to IT resources.

Nevertheless, some industry watchers believe the market for outsourced security services will explode over the next few years. Consultancy Yankee Group, for example, famously predicted that 90 percent of security will be outsourced by the year 2010. To some extent, this optimism is supported by feedback from respondents: Organizations that outsource their security responsibilities cite drivers such as reducing costs or gaining access to high quality resources (presumably in the form of security expertise) more than anything else.

Full IT Outsourcing

Believe it or not, some organizations—5.2 percent—have outsourced all of their in-house IT functions. Of these, 79.4 percent have selected domestic services providers. At the same time, 20.6 percent have tapped the services of offshore providers.

What kind of organization can afford to outsource the sum total of its IT responsibilities? Government institutions, for one: 23.5 percent of all lock, stock, and barrel IT outsourcers are local, state, or federal government agencies, and most (75 percent) have partnered with domestic providers.

A surprising number of bleeding-edge outsourcing adopters—82.3 percent—are enterprises with $500 million or more in annual revenues. This seems counter-intuitive, if only because organizations of this size are typically highly geographically dispersed (often with global operations) and dependent on a range of IT resources. These would seem to be the companies that are least able to outsource the entirety of their operations.

What makes an organization like this tick? A mandate to cut costs: 60.5 percent listed cost control or cost reduction as their most important motivations. Next up, a combined 57.8 percent of respondents cited a need to free up internal resources or gain access to IT resources that would otherwise be unavailable internally. Elsewhere, 23.7 percent listed project acceleration as their foremost driver.