Hiring an offshore software company can have a whole host of benefits. It may allow you to cut costs. It also allows you access to an entire world full of talented software developers. The problem is that you also have an entire world full of inexperienced developers and companies to sift through. This can lead to the first big risk which is finding the right talent. If you're willing to spend some time searching for the right company it can be worth the effort, especially if you're searching for someone to help you out over a couple of years.
Here are are a few security concerns you should consider when hiring an offshore development company:
1. User Privacy Laws
User privacy laws are an important part of protecting users data, but that protection is more of a recent occurrence here in the united states. Many times these laws are non-existent in other countries. Before conducting business, it'd be a good idea to check up on user privacy in the whatever country you're interested in outsourcing to.
2. Exposing Sensitive Data
Allowing software developers overseas access to sensitive data can become a problem is the developer or company decides to use the information in another way than was intended. When hiring an offshore company to work with sensitive data it usually is a game of trust. Hiring a company state side can afford you a little more legal power, but even then you'll have some risk involved. It may be a good idea to get a non-disclosure agreement signed, although you should double check how legally binding that is when used across country lines.
3. Lack of Legal Recourse
There may be no legal recourse for stolen information or IP in the country that you've outsourced to. Even if there is a possibility to take legal action it almost always costs more to legally pursue a company in another country. In some cases you can apply for a trademark or patent in another country. The Madrid Protocol makes it easier to apply for a trademarks in multiple countries.
4. Loss Business Knowledge
When you hire an outside company to work on software you're placing the understanding of the software in another companies hands making it more difficult and costly to move maintenance of the software back into your company in the future.
5. Background Check
Not all countries have to perform background checks as rigorously as we do in the United States.
6. Data Breach Laws
"36 states now have their own disclosure laws mandating that companies inform customers in the event of either an actual or suspected security breach." - Philip Alexander
7. Laws Around Moving Data Overseas
"Some states require that you notify customers in writing if you're planning on sending their personal records outside the United States." - Philip Alexander
8. A Shell of a Company
You might not even know who is actually working on your project. Many companies simply hire out the work to someone else. This could be a security risk if you don't do your due diligence and check the company organization. If the developers working for the company are freelancers they made not have to adhere to company security policies.
9. IP Theft
There isn't a whole lot stopping someone from getting paid to writing software for you and then taking it for themselves.
10. Malicious Code
This security risk could happen whether you get your software development done overseas or not, but it may be a good idea to check your software for anything malicious.