At what point does outsourcing go too far?
Our industry is known for outsourcing quite a bit of work. These are the areas where we commonly see outsourcing:
Security guard services. This is cyclical for some companies, but the overall trend I've seen is that companies have moved to hire third party guard services companies to be their on-site security personnel. It's allowed companies like Andrews Int'l, Garda, Allied Barton and others to become very big players in our industry, and it has allowed small start-ups to enter the marketplace with a couple amber-light cars and some uniforms. Generally, end-users prefer this because it lowers costs and because they don't have to provide the benefits that they would have to provide if those same employees were full-time, in-house employees. Management of these employees can sometimes be more difficult. On the other hand, the client obtains a team specifically trained in their business area from a company that has learned best practices by serving a number of clients. Or at least that's what you're told when you hire these companies.
Installation services. While most installations are still done by in-house technicians, I've seen entire companies that are built upon the ability to provide contract low-voltage installation. Big government contractors will hire these firms because they don't retain the numbers of installing techs to handle the projects they win. Consumer technology providers (think satellite TV) will hire these companies. Even companies that do most of their installs with in-house personnel with hire out this work when they have a project that is too big for their complement of full-time installers. It's also common to outsource some specialty work like high-voltage/electrical parts of security projects.
Monitoring. This has been the big one in outsourcing for years. Alarm dealers that might have tried to operate their own monitoring stations a decade ago have found it more profitable to outsource the monitoring of their accounts to 3rd party monitoring companies that are often certified and UL-listed. This keeps the dealers focused on their primary business of selling and installing alarm systems, without losing rights to their RMR by entirely selling the account.
Security management. This has been the one of the newest areas of outsourcing. Some top-brand, global companies have outsourced select security managers. The outsourced workers are part-consultants/part-managers, and their paychecks usually come from the consulting firm that placed them. It works great for companies that need an additional security manager while they handle a specific project, but I've also seen large integration companies place consultants into their clients' security organizations to oversee integration projects or operation of systems after they are installed. Two companies that I know are placing security managers in this manner are Securitas Security Services and Control Risks Group.
Security product sales. Rep firms are working for most of the major security manufacturers to move products. They serve as the link between the local channel partners and the parent company. Some of these rep firms even get into consulting design work for projects. Manufacturers use rep firms to place their company into markets where they don't have offices or the proper support, and most rep firms handle a number of manufacturers' product lines. Some even represent competing product lines.
Security consulting. Consulting, by nature, means outsourcing. In today's world, end-users hire consultants on a project-by-project basis. Why it helps: It's good to get an outside perspective from someone who hasn't been in the company so long as to take the "That's the way we've always done it and it's worked so far." Outsourcing assessments, penetration testing and consulting work also allows companies to bring in a person who is specialized in their field and who has likely seen the inside of competitors' corporate security efforts. They're also not involved in the day-to-day minutiae of security operations, so they have time to look at the bigger picture and track trends, legislation and new compliance regulations.
System design and project management. Implementing a big technology project like a complex and integrated video surveillance system isn't what most security departments do every day, and they're better served to outsource system design and even project management in many cases. The outsourced designer/project manager may handle all of the following: coordinating system design parameters, technical design, RFP process, contractor management, final training and testing. (Large integrators hate it when their customers outsource this part of a project to independent designers; I suspect because it is one of their more profitable areas of business.)
So, can outsourcing go too far? Some would argue that today's news that San Carlos, Calif. (pop: 27,000), is outsourcing its police department to a private company is a point where "security" outsourcing has gone too far. But in the security-specific industry, can outsourcing go too far?
Outsourcing can absolutely go too far if you lose quality. If you can outsource all of your elements (installation, design, monitoring, service, management, etc.) and still retain control, coordination and quality, then outsourcing works. Unfortunately plenty of companies have found that they lost quality control through outsourcing. I'll spare their name from being dragged through the mud, but there's a company in the industry that had to change their entire product line a couple years ago because it had outsourced production to a Chinese manufacturing plant with terrible quality control, and the result was that the company was selling units to customers that were often DOA or dead soon afterwards.
But there is a second question here, and that is whether you can retain your culture and vision as you outsource. Quality is something that is relatively easy to measure and apply metrics. We can determine how many devices fail or require service. But culture and vision is what separates a company that excels from one that simply plugs along. Compare Apple with its culture of great products to a company like iRiver which also makes MP3 players (in fact, iRiver was making them well before Apple). Apple created a culture within its own company and within the marketplace and their products became "magical" -- to borrow the words of Steve Jobs. The iRiver products were simply another MP3 player device, and the company was handily removed from their #1 marketshare position by Apple. The difference, I think, was that iRiver had good technology but didn't have great vision. Apple had the vision; they saw a device tied to software tied to an online music store.
So, the question is, at what point does outsourcing your team hurt you? I'd argue that it occurs when you've outsourced to the point that you don't have the critical mass to retain a sense of culture and shared vision. Sure, it's nearly impossible to measure, but as your company takes steps to outsource (a common proposition in this sluggish and down economy), trust your gut instincts before you lose your security culture and vision.