There are always
questions of product security, steal of ideas and information security when we
talk about outsource software development. On the whole, this problem is
familiar to the customers, who entrusted their projects or certain tasks to
outsource companies. We’ve decided to touch upon the issue of this into single
post .
Companies’ heads are
always worried about security of their projects of duplication. Let’s have a
look at optimal solutions.
FIRST METHOD. DOCUMENTS AND
CONTRACTS
Main security method it’s
a process of right paper work, signing of contracts and agreements.
Non-disclosure agreement – it’s a basic document, which should be discussed,
worked out in details and finally signed with contractor . On the one hand, you
cannot overestimate its capabilities, as in the modern world leak of
information can happen even in western leader companies. According to media
news, it’s happens quite often even in countries with developed legislation.
Though, you need to take more attentively to NDA agreement. At least you are
able to see, that contractor is very scrupulous to details and information
which means he’s concerned about clients’ interests. You have the right to
assign the rules and partly secure
your project with the help of NDA agreement.
In spite of NDA
availability in addition to contract with your contractor, it is necessary to
describe in details who’s entitled to developed module. NDA should also include
following information:
·
Contractors’
rights to publish details in media ;
·
How documentation
will be transmitted;
·
What
conditions need to be fulfilled to keep the information secured
·
What
measures should be taken in case of contractual delinquency.
The correct contract
for customer is protection of his interests which means the transmission of
exclusive rights to the development results. But such type of contracts is not
always advantageous for contractor , even if its looks more secure. Every case
is individual. Perhaps, some privileges can be still under contractor . For
example rights for some program library, which has been developed itself
without any further client's requests. It can be program module, which is used
by the developer and supported by his own means or any development element,
which is not clients’ key property.
I would like to
mention that depending on region of the Earth, different development contracts
approaches are used and this fact is necessary to know and take into
consideration. In order to compensate lost profit, European design-centers usually
don’t transmit the rights and documentation to their client, in the course of
further product development. In this case you will depend on your contractors.
If you use contractor(s)
from Southeast Asia, you need to understand where ODM business model and
platform design are prevailing, also you need to understand market specificity.
In most cases it’s really hard to prove a fact of recurring use of development and
intellectual property violation.
CIS market immaturity
has an advantage: you can purchase the exclusive rights on reasonable
conditions and prices. As far as market growing it will be more hard and
expensive to make it in foreseeable future.
SECOND METHOD. KNOW-HOW AND
PATENTS
One of the most
effective safeguarding methods is to keep know-how within the company. Know-how
cannot be public as opposed to patent that have to be published.
There is a potential
risk of important commercial information disclosure. Often, only limited number
of companies’ experts got the access to know-how, though even they can share
all “secrets” to competitors. That’s why sometimes it’s better to hand over a
part of know -how’s to the external team by dividing the information within the
company and thus insure against risks.
If company has patents
its increasing cost and gives more opportunities to protect its rights,
especially within international law. Sometimes it’s better to release the
product and begin the process of patenting later. Startups using wrong ways so
often: they patent their products and then trying to sell it to investors
together with patent. Ultimately, they don’t really understand how to
materialize the idea. At this time their patent will finally lose its cost,
because on the basis of the same idea and technologies will be implemented by
other people.
THIRD METHOD. BE AHEAD YOUR
COMPETITORS
The only true way of
security is to be ahead of your competitors and enter the market with a unique
product and functions. You should understand what will be your next product
model, what functions it will have in a new version before your competitors.
Today, it’s popular to
earn using additional services, delivered with product . It’s a world practice. Information
that we are using every day is stored on cloud services and executed by
servers. Thereafter, advanced services are more valuable to client . You should
develop and invest to this entry. Thus, document theft on electronic devices
will be almost useless, because it doesn’t give a chance to copy your
additional services.
Simple example from
industrial automation: system maintenance during period of use can take a
considerable part of budget or even exceed it. Development can’t be the main
value, the most important is the introduction into the market and the
possibility to update and maintain product.
FOURTH METHOD. COMPETENCES,
DEVELOPMENT AND SALES ALLOCATION
Depending on specifics
of work and internal resources availability this method can be implemented in
different ways. There are trivial methods of commercial information security: to
have different contractors, who are responsible for different tasks, such as
development, sales and promotion. Tasks and information allocation can help you
to provide control and reduce the risks.
No need to concentrate
everything within one company, as it won’t help you to be more protected and
competitive. As far as IT sphere grows it’s much easier to carry off your
commercial secrets. It’s better to bring out some competences outwards and
divide processes into different regions/locations. It gives economic effect and
provides security.
FIFTH METHOD. SYSTEMS ENGINEERING
APPROACH
Systems engineeringand product development is the most comprehensive approach to protect your
investments and know-hows. This business conception means company maturity. In
this case technical problem is considered as system, split on separated
components. Then there are choice of contractors with proper competences
begins. System assembling is implementing on customers side.
There are some
advantages of this approach:
·
High level
of security with hidden principles of systems work from contractor .
·
Customer
has a big choice of contractors with defined technical competences. It helps to
mitigate risks (major projects work duplication), choose the contractor from
services market with high level of quality and defined technical competence.
There is also the
disadvantage of this approach:
·
An
acknowledge representative (systems analyst) should be present from customers
side.
As a bottom line Customer
Company can outsource certain tasks or project entirely using third-party
contractors. Certainly, it helps you to cut down expenses and reduce terms of
product development by applying security methods above.
