09 Feb The Risk of Outsourcing Overseas
Projects are not just important to an organization—they—along with data—are pretty much an organization’s lifeblood. And protecting them should be one of your top security concerns—if not the top security concern next to ensuring the safety of your employees.
The Risks of Going Offshore
Organizations are increasingly finding it cost-effective and “good for business” to outsource the lower skill level tasks required for IT projects, so that higher level IT talent can focus on the specific project responsibilities they were hired for.
The thinking has generally been that outsourcing those tasks to China, India or the Philippines for example, means reduced costs through cheaper labor and lower overhead. But here’s the thing: Is outsourcing offshore really cost-effective if you are possibly making your organization—its projects and data—vulnerable to security related issues that all too often can bubble to the surface and put your organization at risk? Let’s take a moment to weigh the pros and cons of outsouring offshore.
According to a recent study by the University of Michigan’s Ross School of Business and eePulse, Inc., 74% of executives are planning to outsource, but out of those, 94% say that they are sending 25% or less of their outsourcing offshore. And why is that? One of the key reasons is security—or rather, less security than there would be if outsourcing were with an onshore sourcing provider.
There is little doubt that outsourcing offshore can be riskier than outsourcing onshore. There is also little doubt that it can add additional layers and pieces to the already complex project management puzzle, as when outsourcing offshore, you have in addition to less security, less control and less transparency. To that end, let’s take a look at some of the potential risks regarding data that can develop when outsourcing is done offshore.
- Access to Your Business Infrastructure—Giving overseas engineers access to your infrastructure can lead to all kinds of problems if proper measures and protocols are not in place, including measures to prevent potential abuse or theft of intellectual property. And should abuse or theft occur, protocols need to be in place for prosecuting the offender in the country where the offender is a citizen.
- Access to Data Systems—Depending on the type of work outsourced, you may have to provide access to your data systems, which of course increases risk. Software development does not usually require access to data, so the risk would be lower. Making it even lower, would be keeping outsourcing efforts onshore.
- Privacy Laws and Government Regulations—Depending on the nature of your business, outsourcing offshore could mean access to sensitive information that could put your organization in violation of rules and regulations. For example, patient information could be accessed and thereby put you in violation of the HIPPA act. Additionally, company records such as payroll could give access to employee social security numbers and put your employees at risk.
- Intellectual Property—Considering that intellectual property and copyright laws differ from country to county and generally are not as enforced as they are in the United States, means that if offshore providers have access to your source code or other sensitive data, you could be putting your organization at risk. The U.S. has much stronger legislation to protect IP and it is strictly enforced.
- Laws of Host Country—Your organization may be based in the United States, but that does not mean that data stored offshore is subject to U.S. law. The truth is, it is subject to the laws of the country where the data is stored and could be accessed by that country’s government and thereby, could compromise your intellectual property or proprietary data.
The Rewards of Staying Onshore
Keeping outsourcing on American soil can help eliminate many of the security risks referenced above. Of course, data breaches can occur anywhere, but are far less likely to occur closer to home.
Leveraging an outsourcing service provider based in the United States means you are working with teams who speak the same language, are governed under the same laws, share the same culture and have similar training to deal with IT challenges. And it’s easier—easier to manage, easier to address concerns such as regulatory compliance and easier to implement best practices.
With solid security, more control, increased transparency, superior service and exceptional capabilities at a competitive price, why go halfway around the world for IT talent when it’s right in your own backyard? Staying safe, secure and competitive is as simple as staying put on American soil