Security and Intellectual Property Protection

Most of the customers we work with have extremely sensitive data. Some also have proprietary application architecture and implementation that may include patentable features. Examples include payroll systems at a large auto manufacturer, investment and wealth management data at a well-known investment company, mental health and other medical health records at a state organization, proprietary design of a Hive cloud or state of the art relational database engine, etc. Software developers working on such systems often must have access to software and data for development and testing purposes. Thus a typical question that we get from prospecive customers is how they can allow offshore developers access to their critical software and data.

Keeping customer data, code, documentation, and intellectual property as secure as possible is our priority. We have never had any issues with this. Here is how we address these concerns for our customers:

  • We always sign and strictly observe Non-Disclosure Agreement (NDA) with our customers, are easy to work with, flexible, and agree to different types of customer NDAs.
  • keyfob Typically, customers allow our US-based and offshore developers encrypted VPN access into their systems. Some VPN systems require an extra layer of security in addition to user name and password. In such cases customers provide us with a set of keyfobs that generate a new random number every few seconds. We have used this approach on numerous projects and it worked very well.
  • We had a small number of projects so far (more of an exception than the rule) when our customer's internal policy or the state law strictly prohibited remote access into their existing system by anyone who is physically located outside of the US. We found a way to accomodate our customers and work around this issue by using our US-based resources, who did have remote access to the customer system, as a gateway between the customer and our offshore developers. This approach worked well. Usually, customers do not have such strict requirements.
  • We used a very similar approach in situations where our customers simply did not have remote access setup for anyone, even their own employees. Most of the code development was done in our offshore offices, and then our US-based resources worked on site, at the customer office, to install, test, and deliver the finished system. We can also bring some of our offshore developers to the US when absolutely necessary, and we have done so in the past, but usually it is not required. Getting work done remotely is easy given all of the modern networking and communication tools and ubiquitous infrastructure.
  • Sometimes the customer chooses to scramble and/or cleanse their actual data before they provide it to us. For example, instead of giving us actual addresses, phone numbers, and social security numbers stored in their databases, they scramble/obfuscate/cleanse that data in some way so it is no longer useful for anything but software development and testing purposes.
  • We use HireRight for employment background screening and criminal background checks. We perform background checks for our US-based personnel and for our offshore resources on a regular basis, every 3 years. Background checks conducted by HireRight examine employee's history over the past 7 years. Thus regular background checks cumulatively cover a much longer range than 7 years.
  • On a few especially large and long-term software development and support projects our customers met our management team and personally visited our offices in Russia and discussed project particulars with developers assigned to that project. We always welcome and encourage such visits and are happy to accompany you from the US and organize an exciting cultural program during your stay in Russia.
  • Our Russian and US based management team are also business partners to major US companies such as IBM, Oracle, Citrix, Rational Software, etc. The management team is highly motivated to protect these business relationships. Therefore management must make sure all customer assets are protected not to jeopardize any of the existing important business partner relationships.
Powered by Google App Engine Valid XHTML 1.0 Strict Valid CSS! Mozilla Firefox Google Chrome IE Safari
Site Design by GlobalSys Services