Sending IT Offshore

Most consultants recommend that companies approach offshoring in gradual stages. First, send only the coding for a project to the overseas vendor, for instance, then maybe coding and testing for the next one. Dasgupta calls it a “crawl, walk, run” strategy.

In the crawl phase, which typically lasts three to six months, he says, the company might send the coding for some internal software that won’t be exposed to the public but just to its own developers. The Americans and the offshore team get to know each other and work out metrics by which productivity and quality will be measured.

In the walk phase, which might last a year, people in both countries figure out whether tasks such as testing and system maintenance could be done effectively in India (or elsewhere). In the run phase, “the sky is the limit,” Dasgupta says, and even system architecture might be pushed offshore.

Dasgupta and others warn that the more critical and complex the work assigned to the overseas vendor, the more physical travel is required in both directions. At least some key members of the project teams on both sides of the ocean need to meet face to face and see each other’s operations, perhaps for weeks at a time. E-mail, phone calls, and videoconferencing can handle a lot of communication needs, but they can’t get the entire job done.

One issue, surprising for its absence from clients’ concerns, is data security. Don’t U.S. companies worry about sending sensitive data overseas, whether it pertains to customer information or their own intellectual property?

Not much, consultants say. Or, more accurately, yes, companies are careful about the data they allow to leave their own protected systems, but they no longer worry much more about vendor security in India, Vietnam, or Belarus than they do about vendor security in Minneapolis or Chicago.

“Some companies need to certify a facility before we work for them, and part of certification is security,” Thirunagari says. “But there is enough technology to do secure work anywhere in the world.” Banks have stringent security requirements, he points out, and “all of the major U.S. banks send IT work offshore.”

Clients certainly ask about security, Wisniewski says, “but it becomes a non-problem when you show them the [offshore operation].” And when companies contract for the IT work through a U.S. consulting firm, he adds, “interacting with us is like dealing with any other U.S. company. All of the legal stuff is the same. The offshore end of it becomes our headache, not the client’s.”