This document describes a case study of outsourcing IT operations for a defense organization while managing information security risks. The organization wanted to reduce costs by moving back-office functions offshore but was concerned about security risks. By analyzing potential threats, exploits, and mitigations, security experts were able to identify controls to reduce risks to an acceptable level and allow some functions to be moved, while scrambling sensitive data and keeping it secured in an UK enclave. This achieved savings for the organization while strengthening security and partnerships.