Outsource what makes sense, but create some new internal opportunities for yourself.

This is the age of outsourcing. The reason behind the trend is simple: The financial crystal balls at most companies are still cloudy, which puts a damper on capital expenses.

As you stare at your list of backlogged projects, the practical appeal of outsourcing is undeniable, since it's an operating expense. But strategic insourcing is also a viable option - one where you may be able to do more than shore up your defences and actually gain new ground. It's all about balancing the outside with the inside.

Selective Sourcing

First, get a good handle on your outsourcing. I'm always perplexed when people equate it with offshoring and the exploitation of cheap programming talent. Application development should be one of the last things you farm out, particularly to places where intellectual property is hard to protect, because that code often contains unique business value. If it doesn't, you should probably just license commodity software - or avoid licensing costs altogether by opting for a hosted solution.

Yes, I mean services like Salesforce.com, but that's only the most obvious example. How about e-mail? I still hear plenty about the pain of managing and scaling mail servers. A good specialized e-mail hosting service can take that off your plate.

Application monitoring is another good prospect. Mercury Interactive says that half of its monitoring customers opt for a hosted solution. It makes sense, since Mercury probably has a lot more experience poring over those logs than your staff ever will.

Then there's content management. CrownPeak, Clickability and iUpload all offer capable hosted solutions. Grand Central even purports to integrate hosted applications before they touch your enterprise.

People also talk about using managed security providers, but outside of VPNs, I find that idea dicier. There's security trend - known as security event management or security information management - that provides a consolidated view of the "threatscape" by capturing and filtering security events from devices and software all over the enterprise. I have yet to see a managed service in this space that provides as comprehensive a view as, say, an in-house implementation from ArcSight or NetForensics.

So there's no such thing as a totally outsourced enterprise IT department yet. In fact, although IT is shrinking in some respects, it's also expanding into new areas. So as you outsource in some domains, you can actually insource new territory.

VoIP is the most obvious example of a new frontier of inner space. Under the right conditions - a highly distributed workforce, a call centre hobbled by old equipment - putting the phone system on the enterprise data network can wow the business side with immediate payback.

Just remember to resist with all your might when someone inevitably suggests that VoIP get its own dedicated network to ensure quality of service. Instead, use VoIP as the perfect excuse to upgrade your network to Gigabit Ethernet. Along with enjoying a nice bandwidth boost, your control over phone service - a whole new domain- will make the IT department even more indispensable (though your power grab may be enjoyed less by your current telecom people).

Electric Company

Big IT operations might consider pushing the envelope even further, all the way to electric power. Some IT organizations have got into enterprise-wide power management with constant voltage transformers and fuel cells for backup. Heck, you might even consider the data centre as a heat source for an HVAC system. It's been done. Remember, your budget may be constrained, but if you think creatively and grab a new area outside conventional IT, that's new money.

Eric Knorr is executive editor at large at InfoWorld. He can be reached at eknorr@pacbell.net