Does offshore outsourcing make an IT organization more vulnerable to data loss or attack? Or are offshore providers actually improving network security for their customers?
According to a recent report, enterprise IT professionals are pretty evenly split on the issue. The survey, conducted by Boca Raton, Fla.-based Amplitude Research and commissioned by VanDyke Software, drew from a broad pool of 350 respondents working in corporate IT, including CIOs and CTOs. The majority of respondents were systems administrators and IT managers who deal with network security day to day. “They are uniquely positioned to judge the potential network security risks,” says Steve Birnkrant, CEO of Amplitude Research.
When asked how their company’s offshoring of IT had impacted their organization’s network security, 36 percent said it had a negative impact (nine percent reported a significant negative impact and 27 percent said it had some negative impact).
Meanwhile, the exact same proportion of respondents said that offshore outsourcing had a positive impact on their network security (nine percent reported a significant positive impact and 27 percent said it had some positive impact).
The remaining group indicated that they had not experienced any security impact from sending IT work overseas.
But concerns about the security implications of sending IT work offshore are waning, according to the survey, which has inquired about network security and offshoring for three years. The proportion perceiving at least some positive impact from offshore outsourcing increased from 24 percent in 2009 to 36 percent in 2011, while the percentage perceiving a negative impact declined from 50 percent in 2009 to 36 percent this year.
“It is possible that [some] enterprises could actually be exposed to more security risk [by offshoring], but we cannot say for sure,” says Birnkrant. “We can only go by what the survey respondents said to the particular questions we asked.”
The survey’s follow-up questions reveal that those unhappy about the security implications of their offshore outsourcing arrangements noted other issues with the relationship, such as language barriers and service issues, while those who felt offshoring strengthened their security efforts reported cost savings and better service and support.
When asked why they felt offshoring had a negative impact on security, 48 percent said they were simply uncertain about offshore security or concerned about increased security risk exposure. Nearly one in five (18 percent) said language barriers and communication difficulties were to blame, and 12 percent pointed to problems with service.
Those who said offshoring was making their organization more secure said the offshore personnel did a good job (42 percent), the deal delivered cost savings (39 percent), and that the 24/7 nature of the offshore model delivered better network monitoring and support (15 percent).
India remained the most popular offshore outsourcing destination for IT among respondents (79 percent), followed by China (40 percent), Mexico (26 percent), and the Philippines (18 percent). Approximately half of the organizations that outsource technology jobs offshore named multiple countries as outsourcing destinations.
Respondents were most likely to offshore help desk or user support (62 percent), followed by application development (52 percent), database administration (42 percent), application management (36 percent), data storage/backup (35 percent), and network monitoring (33 percent). Nearly eight in ten reported offshoring multiple types of IT services.