Offshore Outsourcing: Big Savings, Big Risk

U.S. companies continue a pell-mell rush into offshore outsourcing of software development. Those that haven't stopped to look at global intellectual property law are in for a big surprise.

While those steps might sound straightforward, companies often fail to take even basic steps to check on potential suppliers, according to Bill Malik, who spent 11 years as an analyst at Gartner. He declined to name names but said that "people far too often don't do their due diligence. I've seen organizations that just want to take a pass on the whole thing. They just want to outsource development to the cheapest vendor."

Usually, such hasty decisions are driven by the need to keep up profits and revenue. Looking at short-term financial gains is a huge mistake, Malik says, and cases like the one unfolding in India show why.

Also ahead: a shift in the outsourcing market that will put intellectual property protection in the spotlight. The first wave of software outsourcing has focused on application development and maintenance, both of which have fairly contained levels of risk, outside of the odd rogue employee like Verma. But as companies move more and more types of software development overseas, such as databases and other packaged applications, they need to think about what kind of data they make available for testing. Also, Nasscom members are aggressively seeking out higher-end business process outsourcing (BPO) opportunities, such as call centers and claims processing. India did more than $1.2 billion in this type of work last year and expects to generate $16 billion in revenue from BPO in 10 years. These kinds of applications create thorny issues about personal data protection for U.S.-based customers.

Legal eagles such as Bierce say that India and other nations interested in drawing more high-end software work such as BPO need to adopt laws that protect personal information when it's transferred from other countries. "Software development is easyyou don't have data protection problems until you start populating a database," Bierce says. He notes that Nasscom is working on such a law, though it failed to generate one in a similar effort several years ago. The push for call centers, claims processing and other back-office work means that U.S. companies must reassess what's at stake. As offshore vendors deal more and more often with customers and specific customer data, the potential for abuse rises.