Outsourcing IT and business services save substantial amounts of money, but the savings for many firms businesses carries a hidden cost. Too many firms fail to recognise the increased security risks that come with outsourcing, and this extra risk is therefore left unmanaged.
One very effective way to reduce the risk is to keep outsourcing onshore, but this option has normally, until recently, meant higher costs. A new wave of programming technology is set to change this balance by eroding the price advantage of offshore outsourcing. Understanding the security risks of outsourcing IT offshore, and being prepared for increased efficiency of onshore IT competitors, is a must for all CIOs.
Corporate security is not receiving the attention it deserves, but anytime an outside company is involved in a sensitive area like IT, the risks become much higher. One security breach could easily wipe out any savings being realised by outsourcing, as well as cause enormous reputational damage. Outsourcing can and should continue where appropriate, but the risk it creates must be managed and reduced. Keeping the outsourcing partners close to home, where communication and monitoring is easier, is an important step.
The reason closeness reduces risk for IT outsourcing is because the greatest threats to any system’s integrity are not technological, but human. People choose weak passwords (most commonly ‘password,’ or when capitals and numbers are required, ‘Password1’), operate from shared user accounts where accountability can’t be traced, and discuss confidential company information on Facebook. Hackers know this, and exploit the human tendency to be carless with corporate security. Educating employees to follow best practice is vital, but even with adequate time and resource, rooting out risky behaviour is a difficult and thankless task. Every CIO should be asking, ‘are my outsourcing partners as concerned with my company’s security as I am?’
Just asking the question is an important first step, but ensuring the right outcome is more difficult from thousands of miles away. Digital security is too important to manage with only emails and video chats. And when a crisis does hit, offshore outsourcing can exaggerate the problem, as NatWest learned to their cost late last year. When a human lapse led to a catastrophic failure of the bank’s UK-based software, managers were forced to get support by telephone from software engineers in Hyderabad. This extra layer of complexity made a difficult problem even more difficult to solve. When you need on-site help in a hurry, make sure your IT support is a train ride, not a plane ride, away.
The security benefits of onshore outsourcing are clear, but the higher cost will still be a barrier for many companies. This is set to change in the IT sector, however, thanks to new innovations in software design. Onshore IT workers are gaining access to new tools that will make them as efficient, or even more efficient, than their offshore competitors.