The Macrosite for News, Analysis and Opinion about the Future of the Internet
Mansur Hasib

10 Security Reasons to Bring Outsourced Services Back Home

Written by Mansur Hasib
8/24/2012 28 comments
no ratings
DISCUSS     Email This

Have you noticed some new words creeping into the business vernacular recently? Words such as insourcing, inshoring, and reshoring are becoming more common, prompting me to think about their meaning in the context of cybersecurity.

In simple terms, insourcing is the process of bringing contractual and outsourced services back into the organization. Inshoring, or reshoring, brings back contractual and outsourced services or manufacturing from overseas to the US.

Given that information technology is the lifeblood of any organization today, I think there are some positive implications inshoring and reshoring have for information technology and information security. After all, cybersecurity is complex and challenging enough within the US borders. When multiple nations are involved, this complexity and challenge increase significantly.

So I see these new trends as having potential upsides. Here are a few I think worthy of mention:

Better control over supply-chain management. Integrity and a reliable chain of custody for all components of a system are important aspects of determining its information assurance level. This integrity is especially vital for control systems used in many critical national infrastructures.

International supply-chain management is inherently very complex. On top of that, the need to maintain integrity control of all components in a multinational environment further compounds this complexity -- frequently eliminating, and sometimes exceeding, the original cost advantages of outsourcing.

Better security of intellectual property. Though intellectual property is substantially at risk in any outsourced venture, international outsourcing increases the risk of US intellectual property loss dramatically. There could be loyalty issues, disclosure issues, or data retention issues. Communication links could be subject to unwanted or unknown surveillance. Additionally contractual and legal protections could be difficult to enforce.

Fewer risks to quality. In many cases, we have experienced quality reductions to unacceptable levels in various products and services that have been outsourced to international ventures. This has resulted in a return of these services and products back to the US shores.

Higher availability of the supply chain. International supply chains are frequently affected by international political, economic, and other forces that can negate the expected savings and reduce availability.

Reduced insider threat. Insiders are workers in an organization who have authorized access to systems and information. Inadvertent as well as malicious insider threats to information security are inherently most difficult to deal with. When this threat is spread across multiple countries, the risk is multiplied significantly. Value systems, cultural norms, workforce requirements, and normal everyday life can provide hostile outsiders the ability to foster insider threats. In addition, many types of personnel security controls and legal tools become unreliable and sometimes unavailable on foreign soil.

Easier access to US research institutions. Partnerships between government, industry, and US research institutions of higher learning have often been a major driving force behind innovation in technology. Without US-based manufacturing, such partnerships are weakened. Insourcing, inshoring, or reshoring from foreign countries back to the US should provide industry with increased access to US institutions of higher learning.

Fewer international technology transfer issues. Whenever technology leaves US borders, technology export laws are applicable. In addition, the laws of the foreign countries involved have to be considered. These considerations not only increase complexity and costs but can also introduce unacceptable levels of risk.

Reduced international data storage issues. Security of data at rest is always a challenge. When data crosses international borders, additional security considerations usually come into play.

Reduced exposure to international privacy laws. Data residing on foreign soil is subject to the privacy laws of the host country. In addition, US privacy laws may continue to be applicable. Reconciling all applicable laws is a significant challenge.

Related posts:

— Mansur Hasib has served in CIO/CISO and other leadership roles in the public, private, and education sectors.
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Page 1 of 3   Next >
SteveGNYC
IQ Crew
Wednesday August 29, 2012 3:48:03 PM
no ratings

Taimur-tz - that "push"  "Pull" is a good way to put it in very plain language. And yes, the economic reasons are now becoming stronger in companies -- it being more that saving corporate dollars but personal lifestyles and livelihoods.

 

Mary Jander
Thinkernetter
Wednesday August 29, 2012 10:11:56 AM
no ratings

Yes, agreed, taimur_tz. The ability to prosecute IP violations has got to be a factor when considering the risk of off-shore outsourcing.

taimur_tz
Thinkernetter
Tuesday August 28, 2012 3:47:54 AM
no ratings

"But even if the level of security breach risk is just as high domestically, companies still have better control and follow-up options here at home than they might overseas."

@Mary: Because IP rights vary a great deal from country to country, in many cases you may not be able to even register a case against another company in another country if you feel there's a violation of IP rights. OEMs may just have to accept it and live with it.

taimur_tz
Thinkernetter
Tuesday August 28, 2012 3:38:50 AM
no ratings

@slfisher: I agree. Apart from all the "pull-factors" that Mansur mentioned in his blog, the need for the jobs in the US and to sustain the economy is the "push-factor" that will prompt many businesses to move their operations back to the US. I think there are clear economic benefits of it so it's not merely a political reason.

Mary Jander
Thinkernetter
Monday August 27, 2012 10:05:24 AM
no ratings

You  make a great point, David. But even if the level of security breach risk is just as high domestically, companies still have better control and follow-up options here at home than they might overseas. That counts for something; maybe for quite a lot, when you think about the costs of prosecuting IP cases overseas.

slfisher
Thinkernetter
Sunday August 26, 2012 2:55:53 PM
no ratings

Given how much criticism Gov. Romney is receiving due to his offshoring of jobs, there's the political aspect and, to a certain extent, national security and national prosperity. It shows faith in the U.S. to bring those jobs here, and there is a certain amount of multiplier effect by having jobs and facilities in the U.S..

davidmanheim
IQ Crew
Sunday August 26, 2012 10:21:08 AM
no ratings

DukeW,

In terms of the acronym problem, I'll refer you to my slightly tongue in cheek contribution the the discussion. And of course, I support drinking in moderation (which, I am pretty sure, refers to that imaginary place I go when I'm drunk enough.)

davidmanheim
IQ Crew
Sunday August 26, 2012 10:17:28 AM
no ratings

Lin,

I agree that different countries have different degrees of inforcement, but since IP is the ultimate in transportable goods, stolen IP can go anywhere. That devolves into a race to the bottom - and in this case, the bottom IP protection companies have manufacturing and huge populations, so there is profit.

Kicheko,

One issue with my analysis, pointed out to me in a conversation with Martin Libicki at RAND, is that technology transfer is hard, and the stolen IP is unlikely to really be usable without actual training and support. So there is less to worry about that you would otherwise assume.

Kicheko
IQ Crew
Sunday August 26, 2012 8:14:27 AM
no ratings

I wonder though, how true it is in practise that outsourcing abroad is a bigger threat to intellectual property than outsourcing within the country. It seems that the risk is just as bad as long as the information is out with another company and particularly in the age of internet.

hounhosp
Thinkernetter
Saturday August 25, 2012 11:05:32 PM
no ratings

@stotheco,

"The reduced cost is what makes outsourcing so appealing"

Things are changing. Minimum wages and labour costs are increasing in many top outsourcing countries (China, India, Thailand) . Operation costs are soring as well. All these factors will motivate many companies to bring their services back home. 

Page 1 of 3   Next >
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from Mansur Hasib
Mansur Hasib
Mansur Hasib   5/10/2013   32 comments
In all my years interacting with CFOs, I have not met one who actually understood IT -- not that I expected them to. Why, then, do I continue to see ads seeking a strategic CIO who will report to the VP of Administration and Finance or the CFO? Sometimes ads are slightly better: CIOs report to the Chief Operating Officer. Those conducting the recruitment will sagely say: “The CIO will have complete empowerment and access to all cabinet members and the president.” However, these organizations appear to lack an understanding of the role of the CIO and the CFO.
Mansur Hasib
Mansur Hasib   5/2/2013   2 comments
After observing and writing about CEOs who do not leverage their CIOs to propel their organizations forward, it was very refreshing to learn about the great CEO/CIO partnership at Kaiser Permanente at this year’s World Health Congress held in Maryland.
Mansur Hasib
Mansur Hasib   4/22/2013   20 comments
Despite an initial round of federal funding to develop state health information exchanges (HIEs) as part of Obamacare, these clearinghouses were challenged to develop a financially sustainable model. Because it addressed sustainability early, the Delaware Health Information Network is viewed by many as a template for HIE success.
Mansur Hasib
Mansur Hasib   4/9/2013   15 comments
It began as a relaxing visit with my college buddy and his family. It became a glimpse into the technology-enabled future of worldwide collaboration in engineering.
Mansur Hasib
Mansur Hasib   4/4/2013   18 comments
True story: Despite the HITECH Act of 2009, the CEO of a major urban hospital continued his institution's policy of not hiring a CIO or CISO. Like many others, he took a wait-and-see attitude, even though HITECH strengthened the enforcement of healthcare security and privacy laws, and provided financial incentives for healthcare organizations to adopt electronic health records and information security.
5
of
Mary Maida
How Medtronic Overcomes Social Business Resistance
1|31|13   |   1:23   |   No comments

Showing results is the best way to win over social business doubters, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution's Mitch Wagner interviewed Maida at the E2 Innovate conference.
Kelli Carlson-Jagersma
Wells Fargo Sales Get Social Business Boost
1|16|13   |   2:30   |   2 comments

Wells Fargo uses social software to replace email chains and help its sales team collaborate more effectively to land deals, according to Kelli Carlson-Jagersma, VP Collaboration Strategy for Wells Fargo. Mitch Wagner spoke with Carlson-Jagersma at the E2Innovate conference
Wisdom of the Big Chair
IT Losing the Security Battle
1|7|13   |   3:15   |   No comments

ITRC found that more than 600 security breaches took place in 2012. Flaws were found in some of the nation's most respected companies: Apple, Citibank, and Wells Fargo. So, it seems the bad guys are doing better than the men in the white hats.
Second Shooter
Cisco & Linksys: A Problem at the Edge
1|4|13   |   2:15   |   No comments

Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
Mary E. Shacklett
Watch Your Business Secrets on Multi-Tenant Clouds
11|26|12   |   1:56   |   1 comment

Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
Second Shooter
Sandy Tests the Internet
11|1|12   |   2:13   |   2 comments

The superstorm demonstrates that we need to improve Internet reliability and its infrastructure.
Mitch Wagner
A Humbling Lesson From Libya on Why IT Matters
9|17|12   |   3:09   |   5 comments

Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
Second Shooter
The Real Problem With Cloud Security
8|17|12   |   2:12   |   7 comments

All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Beau Brendler
Terrorism Expert Says US Gave Away Stuxnet Tech
4|4|12   |   3:29   |   9 comments

US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Mary E. Shacklett
Benefits of a 3-Datacenter Model
3|26|12   |   2:36   |   2 comments

With 24/7 processing and business continuation paramount, more organizations are considering having three datacenters, where primary and secondary datacenters are in their immediate region and a third is in a remote geography. Why? To avoid repercussions of a major disaster that could hit every IT resource in a specific region.
IETV: the thinkerNet on film
5
of
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   No comments

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Second Shooter
Locked Handsets Aren't the Problem – Subsidies Are the Problem
3|13|13   |   2:09   |   10 comments

Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
an IBM information resource
sponsored content
big blue blog
Todd Watson
Todd Watson   5/17/2013   1 comment
It's been 17 years since I've visited the city of Dublin, but I still have some very distinct impressions from my one and only visit.
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
Keep Critical Data With a Knowledge Management System
Taimoor Zubair
Fortune 500 companies lose at least $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
CLICK FOR MORE
Intel's Haswell On-Die GPU Is Lean, Powerful & Built for Cloud
Jason Mick
Whether you’re an engineering firm that uses CAD for parts design, or an e-business that leverages Photoshop for user-interface graphics, you likely require a modest graphics-processing unit. In the old days, this was a daunting hurdle to innovation, but today, the situation has improved thanks to technologies like NVIDIA’s GRID and Microsoft’s RemoteFX. Such virtualized graphics protocols allow you to load-balance graphics-intensive workloads from virtual desktops on a server-side graphics card.
CLICK FOR MORE
IT Suffers From Obama Admin's Jekyll & Hyde Approach to Privacy Rights
Ron Miller
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
CLICK FOR MORE
IT Suffers From Obama Admin's Jekyll & Hyde Approach to Privacy Rights
Ron Miller
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
CLICK FOR MORE
Baking Up Business With Facebook Advertising
Harry Hawk
Facebook advertising is a lightning rod. It seems neither brands nor consumers are 100 percent happy about the social media site's policies, placement, or procedures. But the real controversy about Facebook ads and promotions is over whether they work.
CLICK FOR MORE
IT Suffers From Obama Admin's Jekyll & Hyde Approach to Privacy Rights
Ron Miller
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
CLICK FOR MORE
Websites Should Consider Tougher ID Verification Policies
Alan Reiter
The apartment and house sharing service, Airbnb, now requires members to verify their identities by demonstrating a presence on the web, and by either scanning a government ID or entering detailed personal details. Other enterprises should take a close look at Airbnb's verification policies.
CLICK FOR MORE