enterprisesecuritymag

How to Ensure Information Security when Outsourcing Your Projects

By Sergiy Korniyenko, COO, Agiliway

Sergiy Korniyenko, COO, Agiliway

Information security is one of the most concerning issues for those who are thinking about outsourcing their software development or administrative projects. For many people, this is a showstopper which prevents them from making the first step and starting benefiting of quality and less expensive service. Let us analyze the different options for outsourcing, in order for you to choose the most suitable one. So what are their pros and cons if secure information is your priority?

The onshore or near-shore US software development or BPO agencies  is the most expensive way of outsourcing, but it also seems to be the most reliable because of acting inside the joint legal environment with a customer. The US service providers will sign with you a contract, which is going to cover all the important issues including handling confidential information and non-disclosure, intellectual property ownership and people authorized to information access. This will help you avoid the misuse of your company’s sensitive data and give you all the necessary legal levers in case of the agreement’s breach. There is also a range of other advantages of nearshoring, like common language and culture. It significantly reduces the possibility of misunderstandings and discrepancies in work and enhances productivity. Moreover, the vicinity of the company, which provides you with business process outsourcing or software development outsourcing services allows you to cut back on the business trips costs, as well as enables the company’s internal staff and the external outsourcing providers to meet in person more often. What also adds to your information security is the reputation of the legal entity you cooperate with, the better is the name of your service provider, the more there is at stake for them in the case of a fault on their behalf. This gives you more control over how your private information is used. However, the price of local onshore contractor is so high that, the advantages and merits of the outsourcing service, especially in the matter of cost efficiency might be neutralized.

Consider seeking the well-balanced option of respectful offshore outsourcing providers. Along with their inherent cost efficiency, the majority of competitive offshore service providers are focused on the most innovative technologies and methods of the information security management. Their publicity and reputation, i.e. their business success is directly reliant on the customers’ satisfaction, which in turn depends on the quality of their service.  But will you really go to the foreign court if something happens? If you are outsourcing offshore it is a good idea to sign an additional data transfer agreement, which will state what the liabilities of your contractor are and secure your information. Such agreement should predetermine whether the transferred data may be processed according to the laws applicable in your country or the outsourcing service provider’s country. You need to make sure that the legislature of the latter guarantees the ability to ensure information security. To be on the safe side you may include a clause defining that each party shall abide by a decision of a court in your country. One more advice would be to choose a trustworthy company with a good name, while such service provider values its reputation and can vouch for its activities and staff.  Such measures may help you make your private information more secure. However, the further your outsourcing provider is geographically, the more problems you may encounter in terms of culture, different languages and time zones.

Freelancer is the least expensive option. And hiring a freelancer in your country may sound safer than a freelancer from the other countries but, to tell the truth, your chances to find that person in your country or outside are close to zero if he/she removes the profile from UpWork or Freelancer. And you still have no tools to protect your information properly. Although hiring freelancers is quite cheap, it is almost impossible to assure that the person, to whom you provide your company’s information, uses strong enough protective measures concerning data. There is also the danger that your private information may be lost with a removable device. If you need someone to outsource your tasks to, it is much better to hire people from an agency, which can ensure that their employees are reliable professionals.

So now it is for you to choose. If you are using BPO for simple projects where you are not disclosing any sensitive information or do not grant access to internal systems, then you can go for freelancer option. But if you intend to disclose your confidential information, then you should contract a legal entity and preferably in your country. The perfect solution is an outsourcing company headquartered in North America or EU with software development skills located in one of inexpensive still not too distant locations like Eastern Europe. One thing you must keep in mind is that your sensitive information security is something you can’t take too seriously.

Read Also

The Security Industry's Largest Blind Spot That We Are Too Afraid to Talk About

The Security Industry's Largest Blind Spot That We Are Too Afraid to Talk About

Matthew McKenna, Technology Evangelist, SSH Communications Security
Fostering the Culture of 'Security as a Valued Skill' to the Organization

Fostering the Culture of 'Security as a Valued Skill' to the Organization

Dr. Andreas Kuehlmann, SVP and General Manager, Synopsys Software Integrity Group
Information Security Means Never Being Done

Information Security Means Never Being Done

Dan Callahan, VP, Cloud Services, CGNET
Achieving Information Security in Healthcare

Achieving Information Security in Healthcare

Dan Costantino, CISO, Penn Medicine