How do you secure data on your outsourced development projects?

9. September 2014

There is usually a person involved when data security is violated. This person is not necessarily in Ukraine, India or another country in the world – this person can be in your company in Denmark. In the past 6 months in Denmark, we have seen a Nets-employee exposing confidential credit card information and a SAS employee leaking the names of passenger lists. Breach of data can happen anywhere, when an employee does not abide the law.

Breach of data caused be a human error can happen both in-house and within your sourcing partner. Naturally, the risk may be higher when you outsource due to other factors:

1. The culture can be different in the country you outsource to, maybe your outsourced developers do not share your views on when something is right or wrong.

2. The sourcing partner does not have the same risk in regard to the development, as you do. Therefore, the developers might not have the same sense of responsibility toward the project.

Your trust in your sourcing partner and the quality of the developers working on your project is of vital importance. In addition, there are a number of precautions you can bear in mind when you outsource your software development to another company. These precautions can minimise the risk of a developer getting tempted to share your code with someone else:

  1. Ensure that data and code is on a server in your company. Instead of relocating data, you can give the software developers access via a terminal server.
  2. Avoid browser access and programs such as Skype, MSN etc. to the developers, when they are working on your projects, as they will not be able to copy the data on your project. If you want to be 100% sure, you can deactivate the possibility of “copy”, “print screen” and “print”.
  3. Make sure that you have dedicated developers on your project, so you avoid them working on both yours and your competitors’ project, and might get inspired to copy the code.
  4. Ensure that the doors are locked, so it is only the developers working on the project who get access to the room and the project.
  5. Include all details on data security as a part of the contract. If a breach of data should occur, you have the law on your side.

In our opinion, there is always the risk of breach of data when human beings are involved. Even though we personally always choose to believe in the best in people, there are black sheep who cannot always tell the difference between yours and mine.