Its a natural question: Youve sent critical work halfway around the world to get done, and theres a terror bombing. Corporate management calls to ask if you can guarantee that corporate data is secure and your outsourcing relationship—which you painstakingly sold them on—is not in jeopardy. You wonder, if only for a moment: Did you make the right call by signing on with an offshore outsourcer?
The recent coordinated bombing of the Mumbai commuter rail system put many IT pros, I am sure, in just that position. Disasters are great occasions for finger-pointing—whose idea was it to send work offshore anyway?
But the right answer is not, "Gee, I sure hope everythings OK. Ill check right away and let you know." Nor is it, "Mumbai was attacked? Thank God we dont have work being done in India like everyone else. Instead, were having our application development and business process work done in the same building as our data center in suburban New Jersey, where its safe."
The right answer is, "Before we signed the contracts with our offshore providers, we checked their business continuity and disaster recovery plans. Since then, weve updated them every six months. The providers called us at the first news of the attacks, as our agreement says they must. No employees were killed, but we got word out to employees who were due in for the night shift to stay home. That slowed us down a bit, but, in the morning, everyone was back at work. Our work goes on, and our data is safe."
Indeed, that—or something close to it—was the answer I received from several IT pros when I called them after the news of the Mumbai bombing. One of them was Louis Rosenthal, managing director at ABN AMRO, in Chicago. ABN AMRO has work being done by several Indian outsourcers, including Tata Consultancy Services, Infosys and Patni Computer systems. The big Dutch bank also has its own captive BPO (business process outsourcing) operations in India.
Mark Nelson, executive vice president of global resources at Indymac Bank, in Pasadena, Calif., had this to say: "We have had problems in New York, London, Madrid and France, and we have [had] to take appropriate precautions. We cant retreat from New York, London and Madrid. ... Business is all about risk management."
That, too, is the right answer. And to the locations cited by Nelson, you can add Bali, Israel, Tunisia, Pakistan, Saudi Arabia, Russia, Kenya and Jordan—and thats only a start. Even Canada recently foiled an alleged attack. The terror threat today is global. Any place can be hit and probably will be. Retreat? To where?
Then you tell them: Not only will we not retreat, we will continue to pursue and expand our globalization strategy. Why? Since any point in the world can get hit, it makes sense to be in as many points in the world as possible. Its the same theory as grid computing—and the Internet itself, for that matter. A grid, which is inherently redundant, is more reliable than a single big server because it can experience failure with no ill effects. Our center in the Philippines goes down? No problem; our center in China is backing it up. Oklahoma goes down? Were covered in Ontario. Thats our plan, and were sticking with it. We knew something like this could happen. It has; business as usual; everybody back to work.
This is not new thinking. These practices were already in place in the pre-9/11 world and were one reason why 9/11 didnt cause companies such as bond trader Cantor Fitzgerald to go out of business. Despite losing 733 employees in the World Trade Center attacks, Cantor Fitzgerald had built mirrored facilities in New Jersey and the United Kingdom. The company was trading bonds again 48 hours after the planes hit.
Management is worried that youve pursued a global strategy in an uncertain world? Tell them if they really want to worry, they should put everything in a single "safe" and "secure" building. Tell them you know better: Global threats require a global response.
E-mail Executive Editor Stan Gibson at firstname.lastname@example.org.