energycioinsights

Onshore, Offshore, and Models for Testing Teams in Light of Recent Data Breaches

By Jennifer Bonine, VP, Global Delivery and Solutions, tap|QA LLC

Jennifer Bonine, VP, Global Delivery and Solutions, tap|QA LLC

Debates often arise when people start talking about where a particular IT function should be performed. It seems to be the IT equivalent of talking politics or religion.

It also brings out many opinions on not only where and who should perform the work, but also on how the teams should be structured. Add into this mix the centralized versus decentralized approach and development methodology debates, and it’s easy to see that you can wind up with hundreds of different approaches to a testing and development strategy.

This is not a new topic or new debate, but I wanted to think of it from the perspective of who has the knowledge to most optimally perform the testing function and plan for that within the organization.

Over the course of the last couple of years, major retailers such as Target and Home Depot have had significant issues with their security testing, leading to breaches that have and continue to cost them each hundreds of millions of dollars to remedy. It’s even been estimated that Target’s total remediation tab to date has exceeded one Bn dollars.

Often when we talk about the debate on where to perform the testing, it centers on what the lowest cost option is, as if testing is a necessary evil–a formality that must be performed with the least impact to revenue. But improper testing can expose organizations to costs that far outweigh the expenses involved in proper and thorough testing.

What I advocate to all executives, especially at a time where breaches linked to shortcomings in testing can be exposed so quickly, tarnishing a corporation’s image overnight is the old adage “An ounce of prevention is worth a pound of cure.” C-Suites need to take a serious look at ensuring that a proper strategy is in place for security, performance, functional, UX, and other types of testing. As part of that strategy, I encourage them to understand who has the appropriate knowledge to think through and prevent potential breaches. Contextual relevance and skill sets, rather than cost, are the core factors that I utilize in determining who should perform the testing. As an example, if you grew up in India, the number of retail stores that specialize in goods for pets would be minimal, whereas if you grew up in the US, Petco and Petsmart have over 1,000+ stores each in 48-50 states. When you talk about understanding the business model and nuances underlying line of business applications, especially direct to the consumer, and then add in agile teams, it would make sense to consider few things. First of all a testing Center of Excellence and then adopting a strategy that you have a portion of that testing being done by resources who have contextual relevance in that type of retail space.

"A takeaway for everyone is to understand your true “cost of quality” and make sure the model you are using fits today’s needs"

My recommendation is to heed the lessons taught by Home Depot, Target, and others and have the discussion with your executives on what the testing strategy is-not in relation to just a pure cost, but in relation to what is relevant to protecting and ensuring your brand with your customer base. Big retailers and brands such as Home Depot, Target, and Apple may have the ability and resources to weather the damage caused by the recent breaches–small and medium sized businesses generally aren’t as fortunate.

I also advocate that you look at total cost and not purely an average hourly blended rate cost. Total cost of an off-shore model means taking into account all of the lost time while waiting for turn around on issues, the travel cost to send teams across the globe, the cost of having your local employees lose time with their families while they are on calls early in the am and late into their nights, and higher turnover which means higher on-boarding and training costs.

In the digital transformation era that we live in everything moves faster and we need to be more responsive to clients and customers. I would encourage leaders to question if they have positioned their teams correctly and have positioned the organization for success with a model that supports the pace of today’s world.

I work with executives in fortune 500 companies and run the numbers for them to help make informed decisions on how to position their testing organization. I see the trend being of what once was a natural function for offshore being pulled back in for on-shore and localized talent, as quality is critical to organizations’ brand image and success.

A takeaway for everyone is to understand your true “cost of quality” and make sure the model you are using fits today’s needs for your organization and not an outdated model.