For increased security, consider moving outsourcing onshore
by Paymon Khamooshi
Wednesday, April 03, 2013
Outsourcing IT and business services save substantial amounts of money, but the savings for many firms businesses carries a hidden cost. Too many firms fail to recognise the increased security risks that come with outsourcing, and this extra risk is therefore left unmanaged.
One very effective way to reduce the risk is to keep outsourcing onshore, but this option has normally, until recently, meant higher costs. A new wave of programming technology is set to change this balance by eroding the price advantage of offshore outsourcing. Understanding the security risks of outsourcing IT offshore, and being prepared for increased efficiency of onshore IT competitors, is a must for all CIOs.
A recent report by data security specialists Techwave contained some very alarming findings that clearly demonstrated the inherent security risks of outsourcing. Of the 450 security breaches Techwave investigated in 2012, outsourced IT and business services were a factor 63% of the time. Even more frightening was the average detection time of a corporate security breach, which was a staggering 210 days.
Corporate security is not receiving the attention it deserves full stop, but anytime an outside company is involved in a sensitive area like IT, the risks become much higher. One security breach could easily wipe out any savings being realised by outsourcing, as well as cause enormous reputational damage. Outsourcing can and should continue where appropriate, but the risk it creates must be managed and reduced. Keeping your outsourcing partners close to home, where communication and monitoring is easier, is an important step.
The reason proximity reduces risk for IT outsourcing is because the greatest threats to any system’s integrity are not technological, but human. People choose weak passwords (most commonly ‘password,’ or when capitals and numbers are required, ‘Password1’), operate from shared user accounts where accountability can’t be traced, and discuss confidential company information on Facebook. Hackers know this, and exploit the human tendency to be carless with corporate security. Educating your employees to follow best practice is vital, but even with adequate time and a resources, rooting out risky behaviour is a difficult and thankless task. All of this is wasted, however, if outsourcing partners are holding open the back door to your systems through their own careless behaviour. Every CIO should be asking, ‘are my outsourcing partners as concerned with my company’s security as I am?’
Just asking the question is an important first step, but ensuring the right outcome is more difficult from thousands of miles away. Digital security is too important to manage with only emails and video chats. And when a crisis does hit, offshore outsourcing can exaggerate the problem, as NatWest learned to their cost late last year. When a human lapse led to a catastrophic failure of the bank’s UK-based software, managers were forced to get support by telephone from software engineers in Hyderabad. This extra layer of complexity made a difficult problem even more difficult to solve. When you need on-site help in a hurry, make sure your IT support is a train ride, not a plane ride, away.
The security benefits of onshore outsourcing are clear, but the higher cost will still be a barrier for many companies. This is set to change in the IT sector, however, thanks to new innovations in software design. Onshore IT workers are gaining access to new tools that will make them as efficient, or even more efficient, than their offshore competitors. As this trend becomes more pronounced, expect to see more and more IT outsourcing staying in the UK.
I will be writing about these new technologies, which I believe will revolutionise IT outsourcing, in a coming post on sourcingfocus.com.