Anna Frazzetto's Blog

Digital Innovations and Technology Solutions

Offshoring Data - You Can Never Be Too Careful

The news is full of stories of leaked information these days. Whether it's state secrets released by WikiLeaks or a product release slipping out early from a careless team member, information is supremely difficult to control in today's world of instant online communications.

It's no wonder that so many businesses cite intellectual property concerns as one of their top worries when considering IT offshoring. Once your data or systems for managing data cross borders and into a new nation, a whole new world of regulations and laws apply. Some of them might look similar to American intellectual property laws and some might look quite different. But the fact remains that no matter what laws mitigate or protect intellectual property, once information is out in the global marketplace today, you cannot take it back. It's out and the damage is done.

Working in IT outsourcing for decades now , I have built sourcing solutions for companies from a wide range of industries (finance, media, manufacturing, telecom, energy, IT, pharmaceuticals, etc.). Each of them has expressed the same concerns in one form or another: How do I protect our data offshore? How can I be sure that my intellectual property will be safe when I outsource and/or offshore?

What I have learned over the years is that most leaks come from internal sources and the majority of those leaks are not malevolent but accidental. For example, a 2009 study by the IDC revealed that most business leaders (52%) reported their "insider threat incidents as accidental and only 19% believed the threats were deliberate."

In terms of offshoring, businesses must see their offshore solution providers--no matter how distant they are--as extensions of their internal teams who must be held to the very highest levels of process excellence and security and confidentiality accountability. Any good outsourcing or offshore solutions provider will tell you that they expect no less.

So the challenge for those seeking the right offshoring partner is to distinguish between the providers who say they are rigorous in protecting intellectual property and data and those that truly do it. Below is the checklist I would give to anyone anxious to measure the security, integrity and intellectual capital sensitivity of an offshore provider:

- Data Access - Ask to see the strategy for how data is managed, protected and controlled. Who has access and how is access beyond that select group prevented? What kinds of non-disclosure agreements do they have staff members signing? Just as sensitive data is managed across your internal systems, good IT offshore solutions providers will have careful plans for data management and access.

- IT Security Assessment - Conduct a complete assessment of the IT environment (networks, hardware, etc.) and ensure that all major global security standards are met.

- Infrastructure Security Assessment - Also examine how the building(s) are secured. Who has access and how well controlled is it?

- Site Visit - Visit the site and meet the team members who will be working with your onshore team. Pictures and voices are not enough when it comes to understanding where your solutions will be managed. I highly encourage businesses to go and visit the offshore centers where they are sending valuable work.

- Referrals - Ask to speak with company clients from the same industry or a similar industry to see how well data and sensitive materials are being protected by the provider.

Always Start Small
Finally I always, always advise companies to start on small, non-sensitive projects to get a feel for an offshore provider. Never begin with something that could be bottom-line or brand-crushing when you are starting out with a new and distant provider.

Instead, start with a smaller project that will not put your brand on the line but will test the skills and service of the offshore team. As trust builds, businesses can then strategically and cautiously expand the workload and trust-load of their offshore providers, always ensuring that quality and security standards are exceeded.

Security and intellectual property are just one of the many issues I will discuss in my presentation on multisourcing best practices at the upcoming HDI Annual Conference and Expo this March. I encourage everyone interested in discussing the complex and exciting opportunities in outsourcing and offshoring to attend this year's Conference. I hope to see you there.

More Information About Anna's Session
Session 108: Multisourcing and the Message for Innovation
Wednesday, March 30, 2011, Session Block One, 10:15-11:15 a.m.