Rear guard - Protecting your IP when outsourcing

Written By Rory Kermack

Outsourcing your software development is a practical and flexible solution, especially if you’re starting a new project (or a start up with a business idea) but have limited technical know-how. But it can feel like a very big step to take because in handing over your software development, you may feel you’re handing over your intellectual property – the very root of your business.

So protection is key, and giving this due consideration as part of your wider business planning will mitigate risk and help guide you towards finding the right outsourcing partner. To smooth this process we’ve compiled the guide below – it’s one we recommend to all our potential clients. 

image.png

1. Use the protection tools you have.

Before you feel the urge to spend any money, do an inventory of what you already have. The first and obvious place to start is full disk encryption and professional anti-virus products.

The second step is to grant access to your repository only when and where it’s needed. This goes for in house as well as outsourced developers. A team of five, for example, developing a micro service doesn’t need access to all the code for all other micro services.

If you need new tools, look into Visual Studio Code Spaces which makes it possible to have no code running locally at all.

2. Use a trusted partner. 

Word of mouth recommendation is always a good first source of finding partners that are established and completely transparent in their security set up.

3. Make sure suppliers have IP loss cover.

IP loss might originate from a malicious insider but can come from compromised systems too. You can ask to see a potential outsourced developer’s cover and check that it corresponds with your own needs.

philipp-katzenberger-iIJrUoeRoCQ-unsplash.jpg

What’s the worst case scenario? 

The consequences of leaving your IP unprotected can be dire. You may see your IP surfacing in a competitor’s product. Or it may be lost, or damaged.

If you use open source supply chain management software, which is often bundled with other tools such as CRM, it’s hugely important to stay up-to-date with malware concerns. Securing the open source supply chain is an operation that reaches far into the whole software development infrastructure.

This article from Security Lab offers a case study of an infected supply chain.

 https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain

Every business wants to mitigate risk, and protecting your IP is fundamental. Working with an outsourcing partner that understands your aims and meets your deadlines is key, and their commitment to cast iron security should be too.

For further information or to discuss how you might set up or manage protecting your IP, please get in touch. We’re keen to make our experience work for you.

Did you enjoy this post? Subscribe to get our latest posts direct to your inbox.

Rory Kermack
Previous

Out compete your peers - Using Customer Jobs for Competitive Analysis
Next

Agile and remote? Process is paramount.