IT Outsourcing: Do You Know Where Your Software Is?

by

Outsourcing is not exactly a new idea. As far back as the 1950’s, companies that found they didn’t have the resources in-house to perform tasks began looking to other individuals and companies to fulfill their needs. It wasn’t until the late 80’s that outsourcing really began to take off as companies turned to “offshoring” of outsourced projects to countries such as China and India in order to take advantage of the savings in labor costs.

As the 90’s gave way to the 00’s, the U.S. economy faltered and unemployment skyrocketed. Nevertheless, U.S. software corporations continued to see significant value in outsourcing projects to Europe and Asia. In fact, they saw it as another way to cut costs at a time when revenues were down. The timing of the two events caused many to blame offshoring for the spike in unemployment, and foreign outsourcing adopted a rather bad rap. The criticisms launched against offshoring, warranted or not, ranged from the software taking longer to develop to it being of lesser quality. Most of the criticisms seemed to revolve around the difficulties of managing geographically distant outsourcers.

IT outsourcing tangled webThis was about the time when “nearshoring” – outsourcing business or IT processes to companies in a country closer to one’s own country – came into being. Here in the U.S., the theory was that bringing the outsourced project closer to home – whether within the U.S. itself or in Canada, Mexico, the Caribbean or South America – the projects would be easier to manage because they’d be “closer to home.”

A Tangled Web

The fact of the matter is, regardless of where a company chooses to outsource, there is a certain relinquishment of control. It is simply not possible nor desirable to hold tightly to the reins of all aspects of an outsourced project. When the outsourced project has an offshored element, the potential increase in benefits is met with an equivalent set of risks. Cultural differences and distance alone significantly contribute to increasing both the risks and management costs. In fact, the more remote the outsourcing operation, the higher the potential cost savings and associated risks.

In a recent article for Outsource Magazine, global strategist and management consultant Brandi Moore, who specializes in teaching organizations how to work across cultures, addressed the issue of the issues inherent to outsourcing:

From a buyer’s perspective, the labyrinth created by outsource partnerships is a tangled morass that must be carefully pulled apart at the start of relationships.  Customers want to know where their data will be, why it will be there, and how it will move across borders.  They want details on audit protocols, security practices and personnel. Once a baseline is understood, they want an ongoing understanding of how the data continues to be managed with updates on changes before they happen.

Among the many concerns woven into this labyrinth are security, labor, accountability, dependency upon a foreign vendor and the protection of intellectual property, each of which carries an inherent risk for the corporation if not handled properly by the outsourcer.

The Quality Quandary

Historically, IT organizations have not had the means to assess the real-time “technical bill of health” of their outsourced applications. QA plan compliance checks, while useful in some capacities, are normally performed via random manual code reviews and inspections by QA staff. For a typical one million-line-of-code J2EE distributed application, there is significant risk that key issues will go overlooked. Furthermore, standard functional and technical acceptance testing is simply insufficient at detecting severe coding defects that may have impact on the reliability and maintainability of an application. Finally, in the current geopolitical context, programming vulnerabilities, or even hazardous code in a mission-critical application, could easily produce disasters in production – data corruption or losses, system downtime at crucial moments – all of which negatively affect the business operations.

Unfortunately, most IT organizations have chosen to leave the technical compliance issues aside, due to either limited resources are scarce or a lack of the required skills. Instead, they all too frequently assume that tersely worded SLAs will be enough to protect them over time. In reality, while today’s SLAs routinely include financial penalty clauses, fines and legal battles, they are not all that effective in preventing system failures.

Assess and Succeed

In order to be successful, companies need to acquire and deploy software solutions that help manage these global partnerships by providing greater insight into the build process through real-time access to objective data. Employing a platform of automated analysis and measurement to assess the application as it is being built, for instance, affords transparency into the outsourced work, grants discipline into how information is handled and yields metrics to evaluate results.

With that kind of real-time access and information into how a company’s software is being built or customized, it won’t matter if the outsourcer is across the hall, across the street or across the ocean. You will always know just where your software is and if the outsourcer is building it efficiently and up to your high application software quality standards.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom Writer, Blogger & PR Consultant
Jonathan is an experienced writer with over 20 years writing about the Technology industry. Jon has written more than 750 journal and magazine articles, blogs and other materials that have been published throughout the U.S. and Canada. He has expertise in a wide range of subjects within the IT industry including software development, enterprise software, mobile, database, security, BI, SaaS/Cloud, Health Care IT and Sustainable Technology. In his free time, Jon enjoys attending sporting events, cooking, studying American history and listening to Bruce Springsteen music.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|