A paper from CDW, which can be obtained here, gives a broader view. Since this paper is somewhat vendor-biased, before you download it (registration for CDW news will be required), here are its main points:
- Increasingly, high-value intellectual property such as trade secrets and medical records are part of large outsourced IT projects. Legal projects, such as eDiscovery and document review, are not much different;
- While the cost savings of outsourcing appear to be significant, the complexity of cross-border relationships increases security challenges and as a result, increases project cost. Costs increase again when a company (and its vendor providers) must comply with international breach disclosure, customer privacy or industry-specific laws such as HIPAA and SOX;
- Decide which IP to outsource. One advice is to outsource non core work, which lowers risk;
- Intellectual property can be protected with the right combination of network, physical, and contractual protection;
- Take the time up front to contractually establish effective metrics and clear lines of accountability, and build balanced mechanisms to measure outputs;
- Adequate levels of security don't happen by accident; they happen because you have given a great deal of that to what you want to protect;
- Understand all costs.