Offshoring IT work to India, China, Eastern Europe, and even South America has been a staple of IT cost reduction. And by definition the Cloud means location independence. Generally speaking, they're practically made for each other.
But in CRM and related systems, there are good reasons to keep the work in-country, or even in your building. This isn't just a matter of costs, but of business value and risk containment.
Slideshow: Bringing IT Back Home: 10 Prime Locations for Onshore Outsourcing
Why? It's all about the data. Compared to all other enterprise systems, CRM data has the highest chances of data quality problems. For example, in an accounting system, you'd never tolerate a duplicate invoice or a journal entry from an unknown source. In CRM, it happens all the time. Most of the data in a CRM system is entered by hand, by people who don't really care about consistent, coherent data. For many, CRM data quality is just not their job: they're sales reps trying to close a deal, or partners trying to register a lead, or customers filling out a registration form. They'll spell their name right, but even the e-mail address they enter may be fake.
Even when data is regularly cleansed and deduped, CRM systems have a never-ending problem with duplicate and phantom records being created by external system integrations and industry data imports. All too frequently, there's no DUNS number for the company or other reliable indicator of who's who. The more CRM and related customer-facing systems you have, the bigger this problem gets. I know of one large IT vendor that creates 100 new duplicate accounts in their system every day, and that's after they've applied all their deduping tools.
Despite all these negatives, the CRM holds the best information you've got about your existing customer relationships, current pipeline, and future prospects. By every possible measure, that data is worth far more than the system it resides in.
So keeping that data in as good shape as possible is a cornerstone to CRM success. Even though the cloud lets you move data around the world in a heartbeat, it's very hard to communicate the nuance of how to make the data more valuable and meaningful to your organization. Further, the tiny details of how to improve the data are likely to change over time — they seem to evolve as part of your information culture. None of this is easily documented or formalized, so it doesn't communicate well outside of your buildings.
In addition to the underlying value of (read: the cost of acquiring and maintaining) all that data, there's the risk of losing control of it. Nobody wants to have the company name in headlines about hacks into the customer records database. So keeping secure custody of the data at every part of your IT supply chain really matters. And this is tough to enforce across international borders unless you own the facilities and employ all the workers. On this front, subcontractors are tough enough in your own country.
Mitigating the Risk of Cloud Services Failure: How to Avoid Getting Amazon-ed
There's also the issue of regulatory compliance. PCI audits, HIPPA, FERPA, and eTrust may seem hard enough, but there's another one that many companies don't know about. The European Union's personal information privacy directive (95/46/EC) has some pretty specific requirements regarding safeguards, but it goes further with process controls around handling any information that can identify a specific person. Most U.S. companies use a safe-harbor strategy that is easier to achieve, but even this approach means tight process controls for any IT function that stores or manipulates "personally identifiable information." It's not entirely clear whether the theory behind the safe harbor strategy works with offshore operations. This is an area of active legal interpretation, so you'll need to consult with your attorneys (certainly don't interpret this article as legal advice!).
Clouds offshore
So what can you sensibly offshore in cloud-based CRM projects? Classic software development of classes, triggers, and other infrastructure code can be routinely offshored.
Slideshow: What is Cloud Computing?
When it comes to user interface screens, security settings, and report/dashboard design, however, this is best done right next to the users. Even being in another building may be too far away. For the same reason, final acceptance testing has to be done in country, even though unit, system, and performance testing can be done entirely overseas.
Much of cloud system administration can be offshored as well, although you'll need a tight ticket reporting/case management system to get the best leverage. But some parts of administration — particularly full-system backups and record deduping — really can't be offshored. There's just too much risk in the completeness of the information.
Some parts of data cleansing and manipulation can be offshored, particularly if all personal information is column-partitioned or otherwise obfuscated so that the data cannot be linked back to the individual (again, consult your attorneys). For example, cleansing a bunch of addresses, when linked only to obfuscated keys (not any person's name), shouldn't pose much risk: it's about as informative as a street map. When it comes to personal financial, educational, or health-related data, however, I don't know of a good way to offshore any of that processing.
However, the front end of the CRM lead creation process — doing online research and demographic targeting — is a perfect target for offshoring. As long as the offshore people know what to look for, Google is as equally effective over there as it is here.
David Taber is the author of the new Prentice Hall book, "Salesforce.com Secrets of Success" and is the CEO of SalesLogistix, a certified Salesforce.com consultancy focused on business process improvement through use of CRM systems. SalesLogistix clients are in North America, Europe, Israel, and India, and David has over 25 years experience in high tech, including 10 years at the VP level or above.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.