Rory - Neopoleon : Hostage data

Welcome to Neopoleon - Sign in | Join | Help

Navigation: Home | Forums | Galleries

Hostage data

I just got out of the shower. I like to think in the shower, and tonight I was thinking about offshoring.

I was trying to figure out where everything was headed. It's a task that might be a little too large for the shower, even with the extended showers that I take, but it's still satisfying brain candy.

My first line of thought brought me to a future in which the global infrastructure was in place that would support 100% hosting of applications in an offshore location. It was, however, almost immediately rejected by a very entertaining thought: Holding data hostage.

It sounds crazy, I know, but think about it. For a major organization, data is money. It's even more than money, though, because it represents the past, the present, and the future for that company. It's not just an asset, but the information on which the organization is built. Without it, the company wouldn't exist. If it disappeared, then so would the company. Poof. Bye-bye.

So, it's curious. Does an organization risk sending everything abroad to save a few bucks?

What are the laws like in Cambodia? Thailand? China? Would there be any protection for a company that went this route, and which wound up having to buy its data back?

I seriously doubt it. It's like roulette. Does an organization respect the western companies that are providing it with income, or does it just go for the jugular, and then close up shop, allowing the owners to retire with major bucks? America has definitely seen its share of criminals running companies in the hopes that it will be possible to cash in and then retire overnight, not caring at all about what happens to the company or the employees.

The alternative, then, is to keep the data and the applications working with that data somewhat near where those applications are going to be used. Sure, you can keep your app servers in another country, but aren't your customers/clients/employees going to complain about a worldwide round-trip for the data? I suppose the data could be replicated and cached near the app servers, but that's not going to do you much good if you need real-time info.

It's weird.

You can't keep everything "over there" because "they" would own you if you did. So, something has to stay here.

That's a comforting thought.

Although I could be totally wrong. Wouldn't surprise me. Just thought I'd think out loud a little.

Published Tuesday, April 20, 2004 1:46 AM by Rory

Filed Under: Enter the Nerd

Comments

	paul said: Data is protected, like Gold Bars deep underground in abandoned missile silos. April 20, 2004 1:55 AM
	John said: You're right of course. You should have been thinking about this on the toilet. The toilet is where I do all of my serious thinking. Too many secrets Marty. Too many secrets.. John. April 20, 2004 2:37 AM
	John said: Oh, and more seriously, international laws and diplomacy are there to protect companies from problems like that. It's one of the reasons you need those pesky politicians. Basically, if a foreign country doesn't want to play by your IP rules, then you just do all the typical things, like stop trading with them, wage war on them, etc. John. April 20, 2004 2:40 AM
	Lavos said: Johm, trust me, if some disreputable company in China robbed your company blind, the US won't declare war on China. Hell, how long have the Nigerian scammers been at it without the US threatening their government? With that said, the Chinese government might come down like a ton of bricks on someone that would endanger the flow of work for their own personal profits. (depending on if bribes are accepted or not of course. :) Now for a small history lesson. Back in the 70's, the US farmer was living the dream of feeding the world. When Russia invaded Poland and the US declared sanctions and stopped grain exports, the world learned our government was willing to use food as a political club. Every country that was dependant on US food exports started making other arrangements, the US farming industry collapsed, and farmers literally had a worse decade than the great depression. (we're talking about 3000 dollar an acre farmland (with matching loans) becoming 200-300 dollar an acre farmland (with defaulting loans)) Will US companies forget the past and become dependant on the whims of any one country's government for their existance? Probably :( April 20, 2004 3:27 AM
	Lavos said: Just to clarify, because I typoed John's name, and because I didn't write that clearly or not, company's have to weigh the risk of China or India or Whoever suddenly declaring sanctions, or war, or whatever, and basically destroying any investments they have. April 20, 2004 3:30 AM
	Jason Alexander said: Actually, Rory, you're completely correct in your concerns. This same thing came up on my radar last month in an article. Check it: http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2004/03/28/MNGFS3080R264.DTL Basically, a medical company offshored work containing people's medical files. That company then began to slow pay (from what I can tell). The offshore company then threatened to release everyone's medical records publicly if they were not paid. Scary. April 20, 2004 3:48 AM
	Guy Incognito said: Jason, great link... Rory's original post had me scratching my head thinking "when is application hosting outsourced, i thought they were just outsourcing the application development?", but your link shows that in fact the data is being outsourced also. April 20, 2004 4:12 AM
	Rory said: Guy - "Rory's original post had me scratching my head thinking 'when is application hosting outsourced, i thought they were just outsourcing the application development?'" Wasn't saying that application hosting was being outsourced... ...yet. But that I expect to see it happen. It's a future sort of thing. April 20, 2004 4:26 AM
	Wolfgang said: Application hosting not being outsourced yet? I work for a company that acts as an Application Service Provider for some of its customers. We have all their data here. Of course, we're Good and all that, so we don't blackmail them into paying more or anything, but others might not be as Good as we are :) I think management underestimates the value of trust in this outsourcing. Of course you can add God knows what to the contract concerning damages from exposing data/code/... by the outsourcee, but you'll have to get them into court before you can collect. Meanwhile, that data is exposed, the damage is already done. And it's not just about trusting the outsourcee not to blackmail you or use your data for commercial purposes other than the service provided to you. It's also a matter of security. Do you trust the outsourcee to secure your data enough? I get the feeling outsourcing is seen too much as a matter of lowering costs, preventing the need to make the management chain more efficient. Having all those lazy lame-ass retards that lied themselves into coding jobs been promoted to management doesn't help either :) April 20, 2004 7:17 AM
	anonymouse said: It's funny, but on one hand many politicians point out that it's now a global economy, labour costs are cheaper elsewhere and numerous other arguments which I can't be bothered to look up right now, but summarising a couple of things I've thought a bit about in terms of trust: 1) Company saves money. Where does the saved money go? Better products? Shareholders pockets? Luzury yacht? Executive Jets? Is money being saved? 2) We live in one big global community. That's fine, and when we all start acting that way, until then, we often have problems with our neighbours , let alone people in another country (as per Lavos post). People are basically the same, so Wolfgangs issue is a good one, but applies to people everywhere (How often is personal information abused by companies despite the laws that are in place?). Trust is a global thing. There are lots of other points - communication (can you develop software that meets the customers expectations without really getting to know the customer - are email and telecoms effective enough to do this?), but I guess I'm still quite confused about the subject as every article I've seen so far has been quite one sided. C'est la vie. April 20, 2004 9:20 AM
	anonymouse said: A Luzury yacht is like a luxury yacht only far more expensive and exclusive. April 20, 2004 9:21 AM
	Vazz said: It seems most people are using 'outsourcing' and 'off shoring' interchangeably. Well is not the same. Outsourcing means paying another company to provide services which a company might otherwise have employed its own staff to perform, e.g. software development. A company in the US can outsource to another company in the US. I would guess there would be still trust issues here for sensitive data. Off shoring means work done in a foreign country. This can be done by the company itself by establishing an offshore development/manufacturing center. Or this work can be 'outsourced' to another foreign company. Companies like Microsoft, Google, IBM, Sun already have development centers in India. The work they do is off shored but not outsourced. I do agree that "Hostage data" is a possibility. This must be taken into consideration when picking an outsourcing partner whether it is off shored or not. April 20, 2004 2:40 PM
	Deylo said: Well, This outsource to off shore companies issue has grown dramatically with in the last few months, I hear it all the time in the news companies that have sent their services overseas, however I also hear the other side of the story companies like Dell that have outsourced their customer support to India and recently have moved back to US because poor quality of work. Now the question is: do you really want to trust a foreign company to hold your data or to develop an important part of you management system? Do you think that US Government would let a Pakistan Software Company develop their security system? Even though more companies are outsourcing off shore everyday there will be a good portion that will be kept in the good American Soil. April 20, 2004 4:46 PM
	TJ said: I was going to recommend the same link Mr. Alexander posted. Its pretty scary that personal information is ending up in third world countries without our knowledge. I personally feel that there should be some laws put in place that companies who outsource your data should have to disclose it. I dont like the way companies are hinding their third world actions, its devious and its BS. I think all companies who outsource regarldess of if its data or applications should have to disclose it. Can you imagine all of the indetity theft problems we are going to see in the future. I mean all you need is a couple of shady characters stealing data in india and selling it to the highest bidder. TJ April 20, 2004 5:09 PM
	alphadog said: It's not just about the offshore-ee being mismanaged, or worse, criminal, and your data. It's also about the hosting country's political climate and changeability. When India goes to war with Pakistan, or vice-versa, or with someone else, or itself, do you really want your data in that location? When China suddenly goes back to the isolationist hard-liners and they sever the connection, what will you do? I think this is a much greater risk than things like an application source code being compromised, since an app can be reviewed. However, most small and medium-sized US businesses will be hard-pressed to stop a civil war... - alphadog April 20, 2004 5:32 PM
	Vazz said: "I mean all you need is a couple of shady characters stealing data in india and selling it to the highest bidder." Nice and there are no shady characters in the US. April 20, 2004 10:39 PM
	Rory said: Vazz - "Nice and there are no shady characters in the US." I see where you're coming from, and I understand. And, trust me: There absolutly are scumbags of every shape, size, and flavor here. --- However --- There are laws that are actually enforceable. There are paper trails that will actually lead somewhere. If you screw with people in the states on a large enough scale, then you'll get nailed. In the country where you can get sued for serving somebody hot tea (who would have thought?), or asking someone how their day is going, you're not going to get away with outright theft. Most of the time :) Where other nations are concerned, all bets are off - it would only take a few unscrupulous people to screw things up for everybody, and the unscrupulous ones wouldn't care - know why? 'Cause they're unscrupulous. So, it's a weird issue. All it says to me is that there are currently things which a company shouldn't offshore, even though there might be great financial savings to be made in doing so. April 21, 2004 12:37 AM
	TJ said: Vazz, I think rory hit it on the head. The point is in the US we have laws and a judicial system, if something happens in a thrid world county what can you do? Do they even have laws on the books for this sort of thing? The fact is if something such as stolen data happens here in the US atleast there is some thing you can do(get a lawer, file a complaint) if it happens offshore you can't do jack...and thats the point...once our data leaves our country we have no control over it. Especially if it gets outsourced and outsourced like it did in the article mentioned above. Add to that the fact that companies are doing this whithout the permission of the everyday citizen. April 21, 2004 1:01 AM
	Steve Maine said: In time, I think that laws will be developed to protect this sort of thing. Eventually, data will be protected by law just like any other form of asset. It wouldn't suprise me if such law descended from the banking industry -- putting data in a data center seems very similar to putting jewlery in a safety deposit box. It seems like there would be a potential business opportunity for a global company that did nothing but run secure data centers. Sort of gives a new meaning to the term "data bank". April 21, 2004 6:21 AM
	Jeremy Brayton said: That's why it's essential to always keep a certain level of whatever you do close by. You wouldn't ship your expensive Jewelry to China for someone to watch over would you? You would probably want it kept as close to you as possible. In the same token, the data that is the most valuable, should be as close as possible. Period. I follow this rule. I have offline backups running to my house nightly. I could store them with some company but I have the bandwidth and from 5-7am (when im not usually up) my backup is running nicely. As far as data hijacking goes, that can actually happen anywhere. Someone can hack into my system, copy everything, remove it all, then send me some ransom to get it all back. Since I'm not that incredibly stupid (and I keep backups) they really aren't taking anything from me. Anything they can get, I can reproduce in minutes. Trying to track someone copying your data may be tough but I feel it should be built into any OS. I shouldn't have to set NTFS permissions to secure my data. The reason being is what if the company I'm sending my data to uses *nix? No permissions would stay. What if they use Fat32? Fat16? Again permissions removed. There should be a way to keep my initial data in tact while also preventing ANYONE from tampering with it outside of the scope of their job. You do bring up some very important points though. Someone thinking about outsourcing or offshoring even needs to really understand the full implications of what they're doing. You should also use the security of "least priveledge" whenever dealing with these 2 possible scenarios. You never want to give anyone any more access than they need, ESPECIALLY someone from another country. I know it creates a huge headache to think about this ahead of time but it really is a life saver in the unfortunate event that something were to come up. April 21, 2004 6:36 PM
	Vazz said: Rory and TJ, My reaction just came by reflex. :-) I agree that there are sensitive data that should not be off shored. The article Jason Alexander points out sounds a lot different when I read it. :-) The data was off shored with out a contract. Not much can be done by the law here. Anyway most off shoring contracts clearly state which country laws are applicable in case of dispute. But still I agree that the risk in off shoring is higher and companies have to be very cautious in choosing what they want to off shore and with whom they are partnering. April 22, 2004 9:45 AM
	TrackBack said: Rory has a post on the logical conclusion of outsourcing April 20, 2004 1:50 PM
	TrackBack said: Other Risks of Off-Shoring? April 20, 2004 8:38 PM
	TrackBack said: Outsourcing Corporate Data Storage April 21, 2004 3:37 PM
	TrackBack said: Outsourcing Your Whole Application-- A Data Risk? April 21, 2004 3:39 PM
	TrackBack said: Offshoaring April 29, 2004 9:35 AM

Hostage data

Comments

paul said:

John said:

John said:

Lavos said:

Lavos said:

Jason Alexander said:

Guy Incognito said:

Rory said:

Wolfgang said:

anonymouse said:

anonymouse said:

Vazz said:

Deylo said:

TJ said:

alphadog said:

Vazz said:

Rory said:

TJ said:

Steve Maine said:

Jeremy Brayton said:

Vazz said:

TrackBack said:

TrackBack said:

TrackBack said:

TrackBack said:

TrackBack said:

About Rory

This Blog

Post Calendar

Post Categories

Feeds