Balancing Act

Despite their benefits, international outsourcing and offshore software development involve some risk.

In the wake of September 11, were hearing about the benefits of outsourcing everything from software development, training and help desks and e-mail, to Web hosting and network management.

On the surface, the argument for making these moves during these troubled times is pretty straightforward:

"Outsourcing enables organizations to back up critical information at multiple off-site locations.Many outsourcing and hosting operations such as Intel Online Services often provide extensive disaster-recovery capabilities.With the added economic uncertainty resulting from the World Trade Center and Pentagon attacks, business and government organizations are going to be increasingly hard-pressed to find the money and resources to manage existing facilities, let alone implement new initiatives that might generate cost savings and yield quick returns. Outsourcing, the argument goes, will enable a corporate IT department to focus on important matters such as bettering the ROI on existing technology."

There is one significant wrinkle in the outsourcing argument, however, that for some is a cause of concern. A large number of outsourcers, IT consultants, Net service providers and software developers conduct much of what they do offshore in India, Russia, the Philippines, Mexico and the like.

American companies, in fact, are so dependent on offshore IT resources and personnel that International Data Corp. estimates we will spend $17.6 billion on international outsourcing in 2005.

Moreover, many of the outsourcers and integrators that conduct at least some of their work within the U.S. do so by bringing in substantial numbers of qualified foreign-based programmers and technicians who have been granted quick access to the U.S. on work visas.

Does this dependence of non-U.S. service providers—or even U.S, based outsourcers that farm out much of their work internationally—make American companies more vulnerable? Not necessarily, but it certainly raises some important questions. "Security is obviously now a major concern," says Rob Linder, CEO of Providio, a U.S.-based provider of IT services that works with companies around the world to carry out code writing, prototyping maintenance and the like. "Companies want to know where their code is. Is it safe?"

Post Sept. 11, Linder believes international outsourcing will change. For one, the INS is going to be far less likely to dole out visas. Consequently, substantially fewer foreign programmers will be brought in to work on site. U.S. IT departments that continue to rely on foreign technicians will have to work with them remotely. "This means far more use of collaborative tools and teleconferencing," Linder says. "It will also mean more use of things like verification software which allows you to check out segments of code to workers and identify exactly what changes are made."

More important, American companies that rely on external services, offshore or otherwise, can no longer take anything for granted—certainly not the security of their IT resources.