Information Technology (IT) is a unique department. We are decades into the IT productivity revolution, and it is now hard to find areas of business that are not wholly dependent on technology. The amount of power and influence that IT staff have accumulated (through necessity) also creates significant risk. IT staff have become the responsible party for most of businesses secrets and keys in the modern castle. Risk management of IT offshoring should be a priority.
Yet less attention is paid to the human risk associated with IT.
Discussions around IT spending usually focus on the cost for a skillset, which makes offshoring very attractive. But managing the human risk gets less attention. The latest example of this is the compromise of insiders at Coinbase which has led to a breach of customer data. The initial reports are that organized crime compromised (bribed) Coinbase’s offshore staff to gain access to customers’ information. Not great risk management.
As Stan Lee wrote, “With great power comes great responsibility”.
Your lowest level “L1” helpdesk staff likely have more access to sensitive information than middle management. And the highest level “L3” IT staff probably have access to near everything up to and including your CEO’s email. I’m not implying that they abuse this access, most IT staff are hard working professionals that take their jobs seriously.
But what recourse do you have if someone does abuse their position?
If your IT staff is USA based, then under worst-case scenarios you can rely on the US legal system for recourse and accountability. If your IT staff is offshore, that is a complicated question. Do they work for you? Do they work for a provider? How many layers of LLC’s, Corporations, and LTD’s are there between you and a rogue staff member? What are the local laws and customs where the staff are domiciled? Is their employer in that same domicile? Does the outsourcing provider have sufficient USA insurance coverage for your damages?
To further lean into the dark side of this issue, if offshore staff are making a fraction of the money that onshore staff would receive, how much easier are they to corrupt? And if they were caught, what is their punishment? Are their local laws and customs sending them to jail for a long time, or do they just need to cross the street and start working for the next company?
These are not easy questions to ask of your staff, and they may not be easy questions to answer. But when it comes to risk management of IT offshoring, these are necessary things to know.
And just to be clear, we are not diminishing offshore labor, some of whom are extremely talented. But when it comes to something as potentially disastrous as losing control of your IT systems, we are PRO risk management of IT offshoring. When it comes to the most sensitive parts of your company, there may be good arguments for keeping IT staff onshore.
At DataStew we have extensive experience building and managing IT infrastructure. Our offerings include IT Outsourcing, Cyber Security, and Physical Security Systems.