In considering IT risk management, we once again return to the need to focus our resources on our core business activities. Is there an overriding essential reason for you to control every aspect of your IT? In most cases, the answer is NO.

Having made this realization, you now need to categorize and identify what aspects of your IT, you can and should leave to the experts.

Start by identifying what items and services are "commodities."

E.g. A laptop or Smartphone is commodity. You do not have to build it yourself. If a new user needs one, you go out and buy it. You may still need to configure it according to your company's policies, but even this service may be out sourced.

Many software programs are also commodities. i.e. you do not need to build word processing, email or even accounting software.

By knowing what a commodity is, you can quickly identify how to not "reinvent the wheel."

Although cloud providers are a huge hacker target, they are much better equipped to protect your data assets. They have the resources and expertise. For these companies, this is their core business activity and failure is catastrophic.

• How would you identify a viable IT partner?

• How would you go about Migrating your IT to a cloud provider?

• Can you think of cases where it is still best to manage your data resources in-house?

• What are your responsibilities when you outsource your data services?