CIOs might or might not be suffering "outsourcing fatigue," as I was reading the other day — but some of them appear to be feeling better about at least one aspect of their ITO relationships. That would be the IT security aspect, which is of course a crucial part of an IT sourcing arrangement because it involves the core of the matter: trust.
The same person who wrote the post about "fatigue" wrote a piece six years ago based on a U.K. report that found "little evidence for mutual trust" between clients and their IT outsourcing providers.
That's too bad. However — and this is based on conversations with clients and admittedly anecdotal evidence — it's my bet that the lack-of-trust situation has improved considerably over the past few years. The smarter providers have boosted their security processes, and everyone is more aware of the issues. As one CIO told me, his software development partner uses the same stringent security measures as his company does. IT outsourcing would not continue to grow if customers weren't feeling like they can trust their provider's security protocols.
This week a new survey suggests that this is indeed the case, that companies are less worried about (i.e., more trusting of) their IT outsourcing provider than even a year ago. According to the study, which was commissioned by VanDyke Software:
"Those whose organizations outsource technology jobs offshore were largely divided in 2011 over whether this has a positive impact (36%) or a negative impact (36%) on their organization’s network security." Okay, so they're evenly divided — but a year ago, 48% said outsourcing had "a negative impact" on their network security.
Says Steve Birnkrant, whose firm Amplitude Research conducted the survey: “Sentiment may be shifting toward greater comfort with the network security of offshore outsourcing. In some cases, those who have experience with outsourcing technology jobs offshore have found that it works well for their organization.”
(Nearshore advocates take note: Nearly 46% of the survey respondents are sourcing to India. The only nearshore nation to really register in the results is Mexico, with 26%, or third place. Not bad, Mexico.)
The financial cost of an IT security breach is difficult to assess, but security-software vendor Symantec says in its latest global Internet security report that the cost of being hacked ranges from $750,000 to $31 million.
The cost to an outsourcing relationship would be equally devastating. But you know what? According to the experts, most IT security violations are inside jobs. The same survey backed this up. Birnkrant again: “As if outside hackers weren’t enough of a threat, this year’s findings suggest that enterprise IT managers/network administrators need to carefully protect against unauthorized access by current and former employees of their own organization (11%), as well as consider employee carelessness (12%) and web usage (6%).”
And for outsourcing clients who worry that their provider might somehow expose them to a security breach, deliberately as part of an inside job or accidentally, then you need to go through that security discussion again and review all procedures — or start looking for another provider.