You are on page 1of 2

RST Global Sdn. Bhd.

MAGIC Building
Block 3730, Persiaran APEC
63000 Cyberjaya
Malaysia
www.rst.my info@rst.my

May 2015
Outsourcing and Offshoring as Potential Threats
Over and Out Out and Off
Can You enforce security for tasks or business segments you outsource?
Did You think about subcontractors' laws&regulations in their jurisdictions?

Outsourcing?
The procuring of services or products, such as the parts used in manufacturing a
motor vehicle, from an outside supplier or manufacturer in order to cut costs.
Source: The American Heritage Dictionary of the English Language, 4th Edition
Another definition says:
The transfer of a business function to an external service provider
Source: Wiktionary, Creative Commons Attribution/Share-Alike License
Regarding our topic Information Technology (IT) we can understand
Outsourcing as the procurement of workload to subcontractors in order to relief
ourselves, and remunerate the subcontractor for his output, rather to fulfil the
tasks in-house.

Offshoring?
The Wiktionary defines this as The location of a business in another country for
tax purposes.
Translated to the IT world this would not have the tax purposes as a condition, but
the international globalized competitive service-price arbitration.
In todays technically well networked global business environment we can easily
outsource IT related tasks to people not only a few miles away, but we can employ
freelancers from distant locations of the world based on our preference for the
required skill-set and the pricing of the service offered. Different locations
worldwide naturally do have a different local value per work-hour, and the model
of Outsourcing to an Offshore destination
(an Offshore jurisdiction, off the shores of your jurisdiction's boundaries a.k.a.
another country) takes advantage of leveraging the cost advantages by not
Outsourcing locally in your jurisdiction, but globally.
Understandably, different countries deployed different laws and regulations.
These varying regulations play a vital role in the legal enforcement of the security
scope of Outsourcing to there.

RST Global Sdn.Bhd.

page 1 of 2
Company Reg.No.: 1130691-A

Malaysia

RST Global Sdn. Bhd.


MAGIC Building
Block 3730, Persiaran APEC
63000 Cyberjaya
Malaysia
www.rst.my info@rst.my

For many corporations nowadays, independent on their size, subcontracting tasks to not
affiliated parties has became a major driver of their productivity scheme. There are
industries which can not retain all the required skills on-board but need to outsource a
significant task of their workload to others. These others are often Web-Programmers,
certain IT specialists or various business consultants and experts. The process of
outsourcing is particularly easily applicable in today's digital business environment,
where companies like e.g. UpWork (former Odesk-elance) entice you to hire freelancers
in order to perform various tasks for you on a pay-per-hour or pay-per-task remuneration
model.
For many of you, that business idea makes sense, I can only agree to that!
What you need to consider when going Out and/or Off
You need to make yourself familiar with the security aspects of giving parts of your
business out of your hand. This is not only related to IT tasks but to every subcontracting
and outsourcing task. Whenever you give data to third parties for whatever processing
you need to thoroughly think over the involved points of security, which involve:
- data and task transmission to and from the subcontractors
- maintenance of data at their premises (at their servers and workstations)
- confidentiality policies of that person/company towards their employees and third
parties
- jurisdictional laws and regulations for enforcing the proper conduct of the
subcontractors
- Non-Disclosure-Agreements (NDA) / Confidentiality agreements
So is Outsourcing / Offshoring a threat to Cyber Security?
You bet it is.
As described above one needs to apply more then common sense measurements to
ensure that the required security practices are in place for the process of outsourcing to
a subcontractor. Not only is the security enforcement for Outsourcing in many cases very
hard to control and to surveill, but furthermore is it often sheer impossible to do so
when you decide to outsource to offshore destinations.
As a Cyber Security aware business person you shall re-consider thorughly which parts of
your or your client's business are too valuable to expose to the additional risks that
Outsourcing and Offshoring bear - and if you can not ensure the required security level
for all involved people, (transfer) media, (storage) locations you should consider to
refrain from the so sweet low-hanging fruits of Outsourcing for these certain matters.

Contact RST Global Sdn.Bhd. today to secure your world

RST Global Sdn.Bhd.

page 2 of 2
Company Reg.No.: 1130691-A

Malaysia