There is more to outsourcing than just the bottom line and running lean. Any organization embarking on this journey needs to (1) clearly identify and articulate the compelling narrative for steering in this direction, (2) have risk transparency on associated risks when someone else is running your critical part of the business and (3) enumerate the benefits expected to be reaped. (Source: RSA USA 2016-San Francisco)

1. SESSION ID:
#RSAC
Lakshmi Hanspal
Are you thinking about IT
Outsourcing ?
Top Reasons, Risks and Rewards
TECH-F03
PayPal Inc.
@lakshmihanspal
The views expressed in this presentation are my own, and not those of
PayPal Holdings, Inc. or any of its affiliates

2. #RSAC
How do you approach “IT Outsourcing” ?
2

3. #RSAC
Our Journey Today
3
Trends in Outsourced IT Services
Top Reasons to Outsource IT
Top Risks in IT Outsourcing
Top Rewards in IT Outsourcing
Key takeaways for you

4. #RSAC
Trends in Outsourced IT Services
4
Outsourced
IT services
Network
(Buildout /
Monitoring)
Help Desk /
Customer
Support
Data
Centers
(Web scale)
Content
Creation &
Hosting
(Business
Apps)
Which IT services are
being outsourced ?
What is the predicted
trend for 2016 and
beyond ?
IoT
Security
Big Data
Analysis
Vulnerability
Mgmt
(Scanning
and Pen
Test)
Threat
Intelligence
(Crowd
sourced)

5. #RSAC
Reduce
Cost
Focus On
Core
Speed to
Market
IT Talent
Efficiency
Conserve
Capital
Competitive
Edge
Top Reasons to Outsource IT
What are current
business drivers?
What are trending
business drivers?

6. #RSAC
Top Risks in IT Outsourcing
6
REPUTATIONAL
TRANSACTIONAL
OPERATIONAL
CONTRACTUAL
COMPLIANCE
IP Theft, Breach
Confidentiality, Insider Threat
Functional Misfit, Scalability, Business
Continuity, Risk Transparency,
Language, Culture, Timezone
Vendor Lock-in, Vendor
Performance, Fees/Costs
Sub-contracting
International,
Regional, Functional
What risks should
you consider?
How does trending of
business drivers
affect these risks?

7. #RSAC
Top Rewards to IT Outsourcing
What are the benefits
to outsourcing?
Are these perceived
or actual rewards ?
How can they be
measured ?
0 100
20
10
30
40
80
90
70
60
50
Bottom Line
0 100
20
10
30
40
80
90
70
60
50
Technology
0 100
20
10
30
40
80
90
70
60
50
People
0 100
20
10
30
40
80
90
70
60
50
Operations
Retention
of Talent
Business
Focus
State of
the Art
Risk
Aligned
Predictable
Opex
Redirect
Capital
Agile
Scalable

8. #RSAC
Key takeaways for you – Near Term
8
For your existing outsourced services, understand roles and
responsibilities for:
Breach notification
Vulnerability management and reporting
Key management
Identity management and provisioning (apps and users)
Administration and access control
Identify and align with business and regulatory constraints

9. #RSAC
Key takeaways for you - Strategic
9
For your next outsourcing opportunity:
Clearly identify and articulate the compelling
business drivers for steering in this direction
Strive for risk transparency on associated risks
when someone else is running your critical part of
the business
Enumerate and measure the benefits expected to
be reaped

10. #RSAC
Interested in More Info on Outsourcing Trends?
10
Coming Soon: Outsourcing Trends Publication
Series
March 2016: Crowd Sourced Threat Intelligence
April 2016: IoT Security
May 2016: Big Data Analysis
June 2016: Vulnerability and Pen Testing
https://www.paypal-engineering.com

11. #RSAC
Q & A
Lakshmi Hanspal
lhanspal@yahoo.com
@lakshmihanspal