In reality: you do this if TCO of doing it internally < TCO of doing it externally + risk. There's quite a few people who estimate the risk is worth it.