Is Offshoring Different in the Cloud?

IT has been offshoring projects for 20 years. How does cloud computing change the situation?

1 2 Page 2
Page 2 of 2

In addition to the underlying value of (read: the cost of acquiring and maintaining) all that data, there's the risk of losing control of it. Nobody wants to have the company name in headlines about hacks into the customer records database. So keeping secure custody of the data at every part of your IT supply chain really matters. And this is tough to enforce across international borders unless you own the facilities and employ all the workers. On this front, subcontractors are tough enough in your own country.

Mitigating the Risk of Cloud Services Failure: How to Avoid Getting Amazon-ed

There's also the issue of regulatory compliance. PCI audits, HIPPA, FERPA, and eTrust may seem hard enough, but there's another one that many companies don't know about. The European Union's personal information privacy directive (95/46/EC) has some pretty specific requirements regarding safeguards, but it goes further with process controls around handling any information that can identify a specific person. Most U.S. companies use a safe-harbor strategy that is easier to achieve, but even this approach means tight process controls for any IT function that stores or manipulates "personally identifiable information." It's not entirely clear whether the theory behind the safe harbor strategy works with offshore operations. This is an area of active legal interpretation, so you'll need to consult with your attorneys (certainly don't interpret this article as legal advice!).

Clouds Offshore

So what can you sensibly offshore in cloud-based CRM projects? Classic software development of classes, triggers, and other infrastructure code can be routinely offshored.

Slideshow: What is Cloud Computing?

When it comes to user interface screens, security settings, and report/dashboard design, however, this is best done right next to the users. Even being in another building may be too far away. For the same reason, final acceptance testing has to be done in country, even though unit, system, and performance testing can be done entirely overseas.

Much of cloud system administration can be offshored as well, although you'll need a tight ticket reporting/case management system to get the best leverage. But some parts of administration — particularly full-system backups and record deduping — really can't be offshored. There's just too much risk in the completeness of the information.

Some parts of data cleansing and manipulation can be offshored, particularly if all personal information is column-partitioned or otherwise obfuscated so that the data cannot be linked back to the individual (again, consult your attorneys). For example, cleansing a bunch of addresses, when linked only to obfuscated keys (not any person's name), shouldn't pose much risk: it's about as informative as a street map. When it comes to personal financial, educational, or health-related data, however, I don't know of a good way to offshore any of that processing.

However, the front end of the CRM lead creation process — doing online research and demographic targeting — is a perfect target for offshoring. As long as the offshore people know what to look for, Google is as equally effective over there as it is here.

David Taber is the author of the new Prentice Hall book, " Secrets of Success" and is the CEO of SalesLogistix, a certified consultancy focused on business process improvement through use of CRM systems. SalesLogistix clients are in North America, Europe, Israel, and India, and David has over 25 years experience in high tech, including 10 years at the VP level or above.

Follow everything from on Twitter @CIOonline.

Copyright © 2011 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Download CIO's Roadmap Report: 5G in the Enterprise