Skip to main content
Exploring what’s next in tech – Insights, information, and ideas for today’s IT and business leaders

Top 7 Internet applications you should probably outsource

For reasons of security, performance, cost, and just plain trouble, there are many apps you should pay others to run.

In this era of the rapidly maturing cloud, the calculus for whether to run your own application or just have someone else do it has grown much simpler for a broader number of application categories. Hyperscale cloud providers and specialty hosted or managed services have simply made it cheaper, more robust, more flexible, and more secure in so many instances.

But even the smallest enterprises often have applications that absolutely must run on their own servers and clouds. There are also many other applications for which the question of outsourcing or hybrid implementation is complex and requires significant analysis and effort.

And then there are the gimmes. These are the applications for which the cost and complexity of DIY on-premises handling are high and the alternative cloud options are mature and affordable. Interestingly, for this group, security has flipped from being a top cloud obstacle to becoming a big reason why it doesn't make sense to run these apps in-house anymore. The major service providers are so practiced at building and maintaining secure implementations that even the most experienced enterprise IT team couldn't come close to internally maintaining the same level of protection and vigilance.

"These hyperscalers have security tools that most people will just never have access to in a data center. And they've got security researchers that only live and breathe security," says Tim Ferrell, distinguished technologist for the worldwide security practices at HPE Pointnext Services. "And that's part of the reason that you don't hear about Microsoft 365, Azure, Google, or Amazon being breached. Their entire business model relies on that never happening."

This is one of the biggest reasons why experts like Ferrell believe that almost all organizations would be hard-pressed to justify an in-house implementation for the slam-dunk categories below. There are also other operational factors that make these picks obvious.

"I would tell any customer that if you can pay somebody to do it faster, cheaper, better, and at higher quality, with better SLAs and lower cost of ongoing operation, then pay them to do it—unless there is just some compelling business reason that you can't. And those tend to be regulatory compliance reasons," Ferrell says. "But even then, a lot of these suppliers and hyperscalers can beat most compliance requirements."

With all that in mind, here are seven services you should probably not run yourself:

1. Email

Email is the poster child for applications that organizations would be nuts to run themselves, Ferrell says. The major providers have administration of email infrastructure and services down to a commoditized art. They're also able to bring a tremendous amount of cybersecurity resources to bear in order to fight the increasingly pernicious cybersecurity threats that specifically target email.

Please read: Modernizing applications for the cloud experience everywhere

Analysis from The Radicati Group shows which way the wind is blowing with regard to businesses offloading the burden of administering email and other collaboration tools. Radicati analysts reported that from 2017 to 2020, the cloud email and collaboration market doubled to $51 billion, and from now until 2025, they predict it will nearly double again, to $94 billion.

"SMBs are no longer the main adopters of cloud business email solutions. Cloud business email services now deliver the high level of security, scalability, and customization that was once only available in on-premises solutions," Radicati analysts say.

2. CRM

Customer relationship management (CRM) leads all other software in the SaaS market, and within the CRM category itself, cloud deployments completely dominate the market, according to analysis from Gartner. And for good reason: Modern use cases for CRM require not only all of the flexibility, scalability, and cost benefits of the cloud, but also a platformized, ecosystem-centric approach that comes natural to cloud-native implementations.

"We are seeing the blurring of customer success, onboarding, and CRM technologies," wrote Kate Leggett, principal analyst at Forrester, in a recent CRM predictions post. "Democratized customer data and insights will become available when and where any frontline employee needs them—for example, in collaborative workspaces or office productivity tools. In addition, new CRM licensing models that focus on software consumption will emerge."

Leggett has been on the record that CRM vendors are building extensibility into their platforms through application exchanges that allow for á la carte purchasing and easy add-ons for functionality not traditionally viewed core to the CRM, such as e-signature capture, dialers, and schedulers.

Once again, security is a big part of the picture. It's a high priority because of the centrality of CRM to business operations and the sensitivity of customer and business records. CRM systems are a juicy target for all manner of attackers, and their interaction with numerous other cloud services and mobile applications create an attack surface that must be protected by the pros.

3. DNS

Managing Domain Name System (DNS) servers has always been a notoriously complex and persnickety endeavor that has grown only more complicated with the rise of multi-cloud environments. At the same time, DNS is becoming an increasingly popular target for cybercriminal attacks like DNS distributed denial of service (DDoS), DNS tunneling, DNS poisoning, and domain hijacking. As a result, managed DNS is rising as the obvious and affordable pick for many organizations that simply don't have the same level of expertise or time to properly configure and protect DNS environments the way a service provider would.

"It really gets down to whether you can do it better with one or two folks working on DNS within your organizations compared to, say, Google, which may have 20 or 30 people that just live and breathe it," Ferrell says.

4. PBX

A wide range of telecommunications applications could fit on this list, but chief among them are PBX systems. According to Jay Akin, CEO of Mushroom Networks, hosted PBX solutions have been more cost effective, less complex, and more secure than in-house builds for at least a decade. But for a big part of that time, some companies have still avoided the option because of Internet connectivity issues. For something like PBX, connectivity problems can be a huge showstopper, due to the very low tolerance users have for poor voice connections.

Please read: What will telecommunications technology look like in 2026?

However, the underlying technical issues at this point are now being resolved to the point that this last blocker is starting to disappear.

With the introduction of technologies such as broadband bonding, whereby several Internet connections are intelligently managed to optimize office Internet connectivity, this last major roadblock dissolved," says Akin, noting that this is accelerating the trend toward hosting for PBX and other high-performance applications.

According to research published last year by Nemertes Research, PBX is just one chunk of a broader unified communications (UC) market that is accelerating into SaaS models for combined capabilities including calling, messaging, meeting, and integrated call center features. The UC market has surpassed the tipping point on cloud adoption, with more than 57 percent of organizations reporting they're consolidating their UC via cloud approaches.

5. New ERP projects

Realistically, many existing enterprise resource planning (ERP) platforms will stay entrenched as on-premises implementations because they're already intricately integrated with legacy software, highly customized to the business, and generally locked into the environment. However, organizations pursuing new ERP implementations or a significant refresh can definitely chalk this one up in the "avoid DIY at all costs" column.

"For example, SAP is one of those applications where, as customers are looking to move from the old S3 to S4, they're looking at this and thinking, 'Man, do I really want to stand up this whole thing in my data center?' Because S/4HANA is just a beast with a million moving parts," Ferrell says. "Or do I just want to pay to run it in the SAP cloud or run it on Azure, Amazon, or HPE GreenLake? I pay somebody and they just turn it on for me. And then I go use it like software as a service at that point. And I pay for what I need."

Statistics from Allied Market Research indicate this line of reasoning is definitely taking hold of the market. While on-premises ERP implementations dominate the global ERP market—hanging on to 57 percent of share—cloud deployments outstrip the overall market's growth rate. Analysts with the firm say the market moving toward a managed approach was further accelerated in the face of the COVID-19 pandemic, which triggered an "upsurge in demand for ERP solutions that are hosted or managed in the cloud."

6. Authentication

Authentication is a category that's increasingly being abstracted away from IT administration on numerous levels by various services and cloud providers. Not only are organizations shying away from DIY authentication functionality within their apps, turning instead to APIs and service integration, but similarly they're using cloud authentication platforms to manage credentials, orchestrate policies, and unify identity and access management capabilities.

In this case, the draw is not just scale, speed, and cost, but also specialization.

"Authentication now is getting so hairy. You're dealing with credentials, rotating keys, session tokens, and so on," says Farrell. "It's become such a refined specialty area that, in my opinion, you're better off using a service where that's all they do."

7. Edge protection

The rapid shift to remote work during the pandemic has had a lot of organizations rethinking their approach to VPN and remote access. As a result, Secure Access Service Edge (SASE) technologies have slid right into this category of services that you'd be crazy to do yourself.

Please read: Enterprise security moves to the edge

"We are seeing increasing traction for customers paying SASE customers to directly face the Internet for them," says Ferrell, adding that this is more than just replacing VPN but essentially providing DDoS, DNS, zero trust, network protection, and more at the edge. "It's almost like you take your data center and you carve out what you call your edge and you move it to another cloud. SASE services are basically a buffer between the Internet and your core."

Think of these like a prefab shed

For most companies, these seven application categories are a great way to start a cloud transformation or to simply save money and gain functionality. According to Ferrell, leaders who are emotionally tied to the traditional methods of running systems like these in-house can think of this in terms of a backyard project like building a storage shed: Even if you have the skills to build that shed from scratch, that doesn't mean you should do it.

"I could go buy all the materials and everything and do it myself, and it might take me three months and cost me $5,000. Or I could go down to Lowe's and they've got one for $1,000 because they've already mass-produced it," he explains. "They've got it down to an art, and for a grand, it's delivered and installed. That's what scale and specialization gets you."

This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.