The Hard Road To Outsourcing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // IT Strategy

The Hard Road To Outsourcing

There was no shortage of advice last week at Gartner's outsourcing conference about what it takes to make outsourcing work. Northwestern Mutual Life is providing customer data to offshore developers to get more from those resources, but it's taking extensive steps to protect the data. A Boeing executive says preplanning is critical for outsourcing efforts to be successful--and provided details about successful and failed outsourcing deals to prove it. General Electric, meanwhile, may enlist an application outsourcer if it tries to deploy a single enterprise-resource-planning system to link all of its business units.

Insurer Protects Data

Concerns over privacy and security have kept many financial-services companies from moving customer data files offshore, limiting their ability to reap costs savings offered by outsourcing vendors in low-cost countries. Executives at Northwestern Mutual Life Insurance Co. believe they've solved the problem.

Northwestern Mutual CIO Barbara Piehler

Northwestern Mutual CIO Barbara Piehler

Photo by T.C.Malhotra/Sipa, Chris Lake
For about six months, the diversified insurance and financial-services company has given IT workers at Infosys Technologies Ltd. in India access to applications containing sensitive customer data, including Social Security numbers. The employees use dumb terminals that limit users' ability to alter, record, or print the data. "The machines don't even have hard drives," Northwestern Mutual CIO Barbara Piehler said in an interview at the Gartner outsourcing conference last week. The terminals are linked via secure, high-speed phone lines to Northwestern Mutual's servers in Milwaukee. Infosys staffers use them to test and maintain a number of the company's business applications.

Northwestern Mutual executives came up with the plan after deciding they weren't getting the most out of their offshore contractors, Piehler said. The company previously sent to India only the IT applications that didn't involve customer data. "But that limits what you can do offshore," she said.

Financial-services companies have a lot to gain by moving IT work offshore. They can cut the cost of IT work by 39% by outsourcing it abroad, Deloitte Consulting estimates.

But some federal regulators believe the practice carries privacy risks. In a study released last year, the Federal Deposit Insurance Corp. noted that "background checks of [services firms'] employees involving credit-bureau information, criminal records, or even drug-testing results are standard requirements in the United States. The ability to obtain the same types of reviews in many other countries is questionable." For now, the government hasn't imposed any significant restrictions on offshoring personal data, though lawmakers in some states, such as California, have proposed them.

Northwestern Mutual's safeguards are more than adequate to protect customer data, Piehler said. Beyond secure lines and dumb terminals, the company insisted that Infosys put additional physical security measures in place. A guard is posted on the floor of the Infosys facility where Northwestern Mutual's work is performed, and employees aren't allowed to take any documents or media with them after they clock out. "Nobody cares about protecting our customers more than I do," Piehler said.

Northwestern Mutual doesn't inform its 3 million policyholders that their personal data is, in some cases, viewed by offshore workers. "It's just the way we do business now," Piehler said. Some analysts, however, say that it's good business practice for companies to inform customers if their personal data is accessed offshore. "Beyond any ethical responsibility, you don't want your customers to have a nasty surprise if something goes wrong," says Phil Fersht, research VP at the Yankee Group.

Under the Gramm-Leach-Bliley Act of 1999, financial-services companies must explain their privacy policies to customers. However, the law doesn't prevent financial-services companies from transferring customer data to offshore third parties for processing. It also doesn't provide customers with the right to opt out of such activity.

Beyond privacy issues, opponents of moving data offshore say the practice threatens U.S. jobs. Piehler said Northwestern Mutual, which employs about 1,000 technology workers, hasn't cut any domestic IT staff since it began sending work to India.

--Paul McDougall

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll