Combined Impact of Outsourcing and Hard Times on BPO Risk and Security

Combined Impact of Outsourcing and Hard Times on BPO Risk and Security

C. Warren Axelrod, Sukumar Haldar
DOI: 10.4018/978-1-60960-123-2.ch002
(Individual Chapters)
No Current Special Offers


The security of business processes, particularly those based on IT (information technology) systems, is at increased risk when the processes are outsourced, especially during difficult economic times. This chapter examines factors affecting the cyber security of BPO (business process outsourcing) and argues that the combination of effects of outsourcing and the economic environment leads to even greater levels of risk than do the individual components. Suggestions are made as to how the risks might be mitigated.
Chapter Preview

Risks Of Outsourcing

As business processes are moved outside the organization domestically or offshore, they usually become more dependent than previously on communications networks in order to connect outsourcers and client organizations. The economics for long-distance and international communications greatly favor the use of the Internet public network over private networks. Even when the communications are between known and trusted entities and individuals, the use of public networks exposes systems to cyber attack by others.

Often, outsourced business processes rely on computer systems that were developed for internal use by trusted employees. When access to these systems is granted to a service provider’s employees, different access rights may be appropriate. However, restrictions on access to sensitive data, and on the handling of such data, may not be feasible with the current systems nor may the client organization realize the need to restrict data access and the functional capabilities of computer applications.

Another important, if not the most important, risk of outsourcing is that which relates to humans. Third-party service providers’ employees may not have the same commitment to the client company that internal employees do. They may not have the understanding of the business environment and processes of the client company, nor sufficient training in regard to security and privacy. When the service provider is located offshore, other factors must be considered relating to differences in culture, language, physical and cyber infrastructures, legal and regulatory requirements, time zones, travel distances, and so on.

While there are certainly variations among researchers with respect to specific risk categories and their scope, for the most part there is commonality, as the mapping in Table 1 illustrates.

Table 1.
Lists of risk categories from different reference sources
(Axelrod, 2004)(Tho, 2005)(Rost, 2006)
Loss of controlLoss of organizational competenciesInadequate governance
Loss of control over key information, crucial knowledge, and technical staff
Viability of service providerBusiness uncertainty*Buyer’s business continuity
Relative size of client and service providerDangers of eternal triangle*Loss of leadership in business relations
Distribution of risks between buyer and seller
Quality of serviceService debasement
EmpathyUnderestimating backlash and resistance of the existing in-house team
TrustSly and unfair providers
Vendors working for competitors
PerformancePossibility of weak management*
Fuzzy focus*
Risk of failed projects
Management of distributed projects might turn out more challenging than expected
Lack of expertiseInexperienced staff*Outsourcing unsuitable projects
Hidden and uncertain costsTransition/management cost
Increased cost of services
Hidden costs
Endemic uncertainty*
Underestimating communications costs
Dynamic of costs
Limited customization and enhancementsLoss of innovative capacity*
Technological indivisibility*
Knowledge transferLoss of organizational competencies
Lack of organizational learning*
Loss of control over key information, crucial knowledge, and technical staff
Shared environments
Legal and regulatory mattersDisputes and litigationInternational litigation may turn challenging

* Source: (Earl 1996)

Complete Chapter List

Search this Book: