Nettitude Blog

Outsourcing Responsibility: The 3 Wise Monkeys

Posted by Media marketing on Apr 21, 2016 11:27:34 AM

Three Wise Monkeys Figure 1: Three Wise Monkeys

In the modern business environment, it is increasingly tempting for organisations to outsource some services to a 3rd party company.

Why is this?

  • Reduce the risks
  • Reduce the costs
  • Reduce the resource burden
  • Reduce compliance
  • Increase efficiency
  • Increase productivity
  • Lack of skills, knowledge or experience

However, a significant number of data breaches originate through the use of outsourced services.


Are businesses fully aware of the associated risks they might be taking through outsourcing to a particular supplier or service?

  • When choosing a supplier, are you questioning whether the supplier is truly capable of delivering that service or are they in fact selling you a dream?
    • Buyer beware
  • Does the supplier offer an initial deal, which diminishes over subsequent years?
  • How well do you manage your supplier relationships?
  • Do you make lots of assumptions and just TRUST that the supplier is doing right by you?

If you are not, consider whether you would take the same approach, when crossing the road without the ability to see, hear, or speak?

Road Hazards Figure 2: Road Hazards

You have many options here:

  • Getting someone to walk you across the road
  • Having someone carry you across the road
  • Via the use of a ‘lollypop man/woman’
  • Via a zebra or pelican crossing
  • Using traffic lights
  • Use a nearby bridge
  • Build a bypass (reduce the traffic flow)
  • Find an alternative route

However, in the real world would you just step out into the road without any considerations or assurances, for example:

  • What is the volume of traffic (Threat)?
  • How many vehicles are there (Likelihood)?
  • How fast are the vehicles travelling (Impact)?
  • How wide is the road (Vulnerability)?
  • What are the weather conditions (Vulnerability)?

Actions needed

When considering the outsourcing i.e crossing the road, what questions would you be asking to that 3rd party providing a service to protect you from the hazards and burden of having to cross that road?

  • If you are relying on multiple 3rd parties (zebra crossing, traffic lights, lollypop man/lady), have you identified, evaluated and are you effectively managing these 3rd parties
  • Is the 3rd party capable of delivering a service in which you would entrust your life?
  • If they are delivering the same service to others, do they have the capacity?
  • Would you entrust your life to a verbal contract or would you want something in writing?
  • Have you checked that they are capable of delivering on their promises?
  • What assurances have you attained from the 3rd party, confirming that they can deliver these services whilst meeting your minimum expectations?
  • Have you received written confirmation from the 3rd party that the services they are delivering match what you understand they are delivering?


Outsourcing of services (Cloud, Call Centres, Data Centres, Logistics, Security, Software Development, etc.) has become a significant cog in the wheel of business.  Consequently, despite cost being an important consideration, when deciding upon outsourcing to company A, B or C, we need to be make thorough evaluations against each company’s capability to deliver that service, against the costs offered.

Hence, every information security and governance standard have requirements for effective 3rd party management, for example:

To contact Nettitude’s editor, please email

Topics: Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Subscribe Here!

Recent Posts

Posts by Tag

See all