The problem, says the report, is that a general inexperience and a lack of process with companies leads to ineffective outsourcing.
According to Quocirca, industries with the least history of outsourcing tend to experience the most difficulties in successful project completion, while those industries with a long track record in outsourcing tend to exhibit the most satisfaction and success from
their outsourcing programs.
Fran Howarth, Quocirca's principal analyst, told Infosecurity that the in-depth analysis carried out for the report allowed her team to create - for the first time - multi-dimensional plots of the various factors that drive outsourcing in companies.
"This is a major step forward in analyzing the reasons why companies outsource and what the probable consequences are," she says, adding that the general conclusion of the report is that outsourcing can be a risky strategy.
Quantifiables in the report include what security architectures are looking for from external service providers, plotted the finance, retail, transport and public sectors.
The report - entitled "Winning Outsourcing Strategies: how to increase value and reduce risk" - draws on data from 200 of the largest organizations in the US and UK, looking in depth at software outsourcing and new forms of outsourcing including Cloud Computing and
Software as a Service.
"In many of these cases, the main focus will be on the writing of code that acts as glue between existing or hosted services, or in the creation of functional components, rather than an entire application being written from scratch," says the report.
This means, it adds, that security is an issue that must be considered
in these situations also.
The report goes on to say that outsourcing can be a risky strategy as, with any project of this type, an organization must place its trust in the hands of its chosen partner.
This means, says the report, that the organization must trust that secure coding best practices have been followed and that applications have been developed with adequate levels of security built into them.
"For example (this means) ensuring that a programmer cannot have placed a backdoor into an application that could allow them to access that application after it has been delivered, which could lead to them carrying out a security exploit," notes the report.
A copy of the report can be downloaded from http://tinyurl.com/57nslf