In the best of times, offshore outsourcing is a tough sell to business executives wary of foreign entanglements. But today, amidst economic recession and terrorist warfare, there is heightened anxiety about the notion of handing off critical IT projects to vendors in such remote locales as India, Pakistan and the Philippines. At some companies, senior business executives have banned all foreign travel, and a few cautious CIOs have backed away from prospective offshore deals because of tightened budgets or perceived security risks. In response, the offshore vendors?mainly India\u2019s, which are the biggest players in the marketplace?have launched aggressive marketing campaigns, featuring happy U.S. customers giving testimonials that are aimed at easing people\u2019s concerns about offshore security.Mind you, there\u2019s no evidence that companies with existing offshore ties are trying to sever them. High quality and low cost have always been the dual attraction of offshore outsourcing. According to a recent Forrester Research report, offshore customers save an average of 25 percent on IT projects sent overseas, where skilled labor is plentiful and cheap, and industry analysts believe that that value proposition will continue to outweigh security concerns as IT budgets tighten in 2002. Since Sept. 11, Cambridge, Mass.-based Forrester Analyst Christine Overby, author of the recent offshore study, says she\u2019s revisited 10 of the original companies she surveyed, and nine of them plan to continue with minimal or no change to their offshore strategy. "The one \u2019wait-and-see\u2019 was a user I would classify as on-the-fence?even before Sept. 11," Overby says.Even so, the offshore market has had a tough year. Prior to the terrorist attacks, the U.S. economic downturn had resulted in slowed growth for many of the offshore vendors, some of which cut their staffs, rates or both to stay competitive. Marty McCaffrey, cofounder of Global Outsourcing, a Salinas, Calif.-based offshore consultancy, estimates that the Indian offshore industry, which had been enjoying 50 percent annual growth, will likely dip to 20 percent to 30 percent in 2001. And since Sept. 11, there has been a palpable buzz of uncertainty about the security of offshore marketplaces. Executives with little or no global experience are particularly leery of foreign deals; one vendor reports a prospective customer backing out of initial talks because some of the programming work was going to be subcontracted to Pakistan. And even some business associates of offshore veterans are a little jittery. At one prominent media company with plenty of offshore experience, a senior vice president responded to Sept. 11 by canceling all international travel for employees in 2002. The CIO doesn\u2019t expect that order to stand, and even if it does, the company\u2019s existing offshore deals shouldn\u2019t be affected (they don\u2019t require foreign travel).Despite the occasional panic, CIOs with significant global experience say offshore outsourcing remains viable. "I don\u2019t see any new attitudes toward offshore at my company nor in the industry either," says Kim Ross, CIO of Dunedin, Fla.-based Nielsen Media Research (the TV ratings company), which has outsourced software development to Cognizant Technology Services in India since 1995. When Nielsen first undertook offshore development, Ross had to address senior management\u2019s questions about doing important work in an unstable political environment, and he had to develop contingency plans in case of business disruption. "But you have to worry about [contingency plans] no matter where you outsource?even in the United States," Ross says.\nThus, the key to offshore success today is not just ensuring that your people and systems are protected but making certain that senior business executives (and shareholders) understand what protective measures you\u2019ve taken to secure your assets in an insecure world. Here are some tips from offshore outsourcing veterans.\n\n \n\n\n\n\nMinimize Foreign Travel. \n \n\nIn six years of offshore outsourcing, Nielsen CIO Ross has traveled to India just once?and that was after the first year of working with Cognizant. The truth is, once you get past negotiations (where it really does pay to visit a vendor\u2019s site and ensure you aren\u2019t walking into a Kathie Lee sweatshop situation), offshore deals require very little travel. These contracts are managed quite successfully by the customer\u2019s home-based project managers and the vendor\u2019s account team, which frequently is split between the offshore location and the customer\u2019s own headquarters. There is value in having in-house staff interact closely with the offshore team, but many companies are now finding videoconferencing to be a whole lot more cost-efficient than foreign travel.\n\n \n\n\n\n\nKeep the Code Here. \n \n\nSoftware piracy has always been a concern when doing business globally. But most offshore projects are no longer all done at the vendor\u2019s remote site, on the vendor\u2019s own systems (which may be corrupt or insecure). Typically, offshore vendors work via the Internet off their clients\u2019 systems, applications and data, which all are housed on the customer\u2019s own site or secure network. In Nielsen\u2019s case, roughly one-fourth of new software development is sent overseas. "But they\u2019re working on software that\u2019s duplicated or resides here," Ross says. "The real assets are code and business knowledge, and in our case they stay here."\n\n \n\n\n\n\nHave a backup plan. \n \n\nAside from international travel, the biggest concern many people have about offshore outsourcing is, What happens if communications or electricity is cut off? And in India, where electricity and telephone service fail daily, that is a legitimate issue. But it\u2019s also been dealt with. According to McCaffrey, the top 20 Indian vendors all have redundant communications systems (including satellite and fiber-optic capabilities), and many of them also have personnel deployed in the United States, as well as overseas, also working on redundant systems. That is true at Nielsen, where roughly one-fourth of Cognizant\u2019s account team is based in Florida, augmenting Ross\u2019s own 400-member IT staff. "If we somehow lost capacity in India, it would disrupt some projects, but no aspect would cause a mission-critical failure," Ross says. At LexisNexis, the Ohio-based news and information service provider, Senior International Liaison William Lewis\u2019s backup plan includes multiple offshore sites. He started sending IT projects offshore to India in the mid-\u201990s but in 2000 decided to place some work elsewhere in the world. "I just don\u2019t want everything in one basket," Lewis says. Today, Lewis has IT work offshore in India and the Philippines, and he\u2019s on the verge of signing an onshore deal with an American Indian-owned vendor.\n\n \n\n\n\n\nUse a third-party broker. \n \n\nFor companies that simply don\u2019t want to take on the risk of dealing directly with an offshore vendor, here\u2019s a new option: Do it through a third party. Outsource the work to U.S.-based vendors that will subcontract at least part of the job to their own long-established offshore partners. IBM Global Services, PricewaterhouseCoopers and Providio are among the companies that are starting to broker offshore work for domestic clients, assuming not just the responsibility for delivering results but responsibility for contract negotiation and project management. It costs more to use these companies than it does to deal directly with offshore vendors, but Forrester\u2019s Overby points out that the third-party brokers also minimize complexity, lock in the right expertise and keep labor costs in check. By 2005, Overby predicts, more than half of the U.S. companies that go offshore will do so indirectly, just as a means of minimizing risk and headaches.