Security Risk of Computer Outsourcing Inherent Security Risks of Outsourcing: What the CIO Should Know Who Competitors Previously Worked With to Share risk, preserve capital and gain market share from other competitors. It seems that some companies will soon have outsourced so much of their business that they are in danger of becoming a company in name or brand only. While there can be many business benefits to outsourcing business functions and collaborating with vendors and others in your company, the downside is always that it poses additional risks to support systems, networks, and critical business applications. The more your network is extended and the more nodes or hosts are added, the more intrusion vectors (new and vulnerable risk points) become available for possible exploits and subsequent damage to your business. As you connect your networks with various outsourcers, partners, vendors, alliances, and even consortia, you could, and probably will, connect with those who do. The above connection scenario changes the established trust model from explicit and understood trust to implicit transitive trust. This is the "I could trust you but I don't necessarily trust who you trust you" scenario. What can make the matter even more complicated is that the company to which you outsource critical functions may also outsource some of its own critical functions, and you may not realize the potential impact on you until long-term contracts are signed . Then it may be too late to amend contracts to protect your business from potential losses and liabilities. More connections to your network will bring more vectors or risks of intrusion. These risk points must be strictly controlled and monitored at all times. Some businesses may have hundreds of network connections, using a variety of communication methods, such as Internet, frame relay, leased line, microwave, wireless, satellite, fiber, ad nauseam. With so much variety in connection types, how will you know if a breach (successful or unsuccessful) has occurred on your network? How can you know what's going on in your partner's networks or the networks of those he or she is connected to? It is likely that it is through your friendly connections with your partner that you become open to intrusions, not a more direct external intrusion. Look carefully at relationships with trusted hosts. Are you ready to respond to a breach of your network? Typically, agreements and contracts are signed before a project team becomes involved in implementing a partner connection or outsourcing contract.