In 20032004, the computing community in the U.S. suddenly realized it had lost its "monopoly" on software. India's IT industry had been growing at an exponential rate for a few years by then, driven by offshoring and outsourcing of IT services. Alarming reports by consulting firms predicted the migration of millions of jobs. The political response to the news was quite shrill, referring to "Benedict Arnold CEOs." Grim jokes circulated about the U.S. offshoring the President's job. Parents and students became convinced the IT field had no future. U.S. computing enrollments, already hammered by the dot-com and telecomm crashes, took another dive.
In response to these concerns about the viability of computing as a field of study and work in developed countries, ACM Council commissioned in 2004 a Task Force to "look at the facts behind the rapid globalization of IT and the migration of jobs resulting from outsourcing and offshoring." The Task Force, co-chaired by Frank Mayadas and myself, with the assistance of William Aspray as Editor, was convened in late 2004 and issued its report in February 2006. See http://www.acm.org/globalizationreport/
Do the insights produced by the report still ring true four years and a major economic crisis later? To me, the most fundamental insight is that offshoring is just a symptom; the underlying phenomenon is the globalization of computing. Globalization is driven by trade policies, by the evolution of work and business processes, and by IT itself. The dramatic drop in communication costs means that labor can now be viewed as a tradeable good, just as containerization and air freight reduced shipping costs and increased global trade.
There is no doubt that many people in developed countries lost their jobs to offshoring. Indeed, some categories of jobs, for example, call centers, have migrated more than others. Yet, there is no evidence that offshoring had a measurable impact on aggregate IT employment in developed countries. U.S. employment and wage data showed complete recovery from the dot-com and telecomm crashes by 2005. The report pointed out that once we ignore the many biased and hyped reports and concentrate on concrete data, there is no reason to believe that IT jobs are migrating away.
After the report's release, many people asked me for a "one-bit answer": Is offshoring good or bad? Of course, this is not a meaningful question. Good for whom? Undoubtedly, trade contributes to economic growth and greater wealth. Offshoring pulled tens of millions of people out of poverty in India, and that is surely a good thing. But economists admit that "Trade gains may be distributed differentially," meaning some individuals gain and some lose; some localities gain and some lose. Globalization leads to enhanced competition, and technology leaders risk losing their current dominant position. IT is now a truly global field, business, and industry. Between 1980 and 2000, the market share of the top-five software firms dropped almost 30%.
The bottom line, therefore, is one of a thriving computing field, with projections of continued growth for years to come. The difference is the field is now global, and so is the competition. Such competition is moving up the skill ladder. Companies, including start-ups, are learning how to access and use higher skill levels in developed countries. We are seeing new research labs and increasing national research investment in India and China. We are also seeing an increase in the total worldwide investment in research and a wider distribution of research activities around the world. These are all signs of a thriving global field, with intense global competition.
Can offshoring be ignored? Absolutely not! We must continue monitoring employment and wage trends, as well as global R&D trends, to assess its ongoing impact. To stay competitive in a global IT environment and industry, countries must adopt policies that invest in R&D and foster innovation. Policies that improve a country's ability to attract, educate, and retain the best IT talent are critical. Education is a primary means for both developed and developing countries to mount a response to offshoring so their work forces can compete globally for IT jobs.
So how do countries and individuals thrive in a global computing world? Invest, innovate, develop, produce, educate, compete. Simple.
Moshe Y. Vardi, EDITOR-IN-CHIEF
©2010 ACM 0001-0782/10/0500 $10.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.
The following letter was published in the Letters to the Editor in the July 2010 CACM (http://cacm.acm.org/magazines/2010/7/95049).
Moshe Y. Vardi's Editor's Letter "Globalization and Offshoring of Software Revisited" and Dave Durkee's "Why Cloud Computing Will Never Be Free" (both May 2010) failed to address security risks. Vardi's headline promised an update on the questions raised by increased globalization of outsourced software development. Though I knew his main focus was on the economic impact of global outsourcing, I was still disappointed there was no mention of the security challenges posed by the global supply chain for software. Such challenges have prompted the U.S. Departments of Defense and Homeland Security, the SAFECode consortium, and numerous other organizations to commit significant effort to combating threats posed by software of unknown pedigree and provenance, including individual and state-sponsored "insider threats" (such as implanted malicious logic, backdoors, and exploitable vulnerabilities), particularly when developed offshore. See the Government Accountability Office's Defense Acquisitions: Knowledge of Software Suppliers Needed to Manage Risks (http://www.gao.gov/new.items/d04678.pdf) and the Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DOD Software (http://www.acq.osd.mil/dsb/reports/ADA486949.pdf). Though both focus on software used by DoD, the security issues apply to any organization that relies on outsourced software for critical business or mission functions.
Meanwhile, in an otherwise admirable assessment of the strengths and weaknesses of the cloud computing model of outsourced IT-as-a-service, Durkee likewise failed to mention potential consequences of cloud providers not protecting outsourced computing infrastructure against hackers and malicious code. For example, when discussing transparency, he overlooked the fact that no cloud provider allows its customers to implement intrusion detection or security monitoring extending into the management-services layer behind virtualized cloud instances. Moreover, these customers have learned not to expect their providers to deliver detailed security-incident, vulnerability, or malware reports.
The management-service layer provides a back channel through which the content of each cloud instance is accessible, not only by providers, but by any attacker able to hack into or implant a kernel-level rootkit. Once "in," the attacker is positioned to exploit the back channel to manipulate or even make full copies of all cloud instances hosted on the compromised platform. Even if customers manage to get their providers to agree to service-level agreements (SLAs) sti pulating a high level of vigilance, reporting, and protection below the cloud-instance layer, the management-services layer remains an inherent weakness that should concern anyone looking to host "in the cloud" the kinds of critical applications Durkee explored.
Karen Mercedes Goertzel
Falls Church, VA
I strongly agree with Goertzel's sentiment and appreciate her raising this very important issue. The executive summary of the 2006 Globalization and Offshoring Report said: "Offshoring magnifies existing risks and creates new and often poorly understood or addressed threats to national security, business property and processes, and individuals' privacy. While it is unlikely these risks will deter the growth of offshoring, businesses and nations should employ strategies to mitigate them." The Report's Chapter 6, "Offshoring: Risks And Exposures," covered the risks at length.
Moshe Y. Vardi
As with performance and uptime, cloud security is determined by the necessity of meeting the terms of SLAs as demanded by customers. As they mature, they will demand even more from their providers' SLAs by agreeing to industry-standard audits and certifications that ensure they get the security they need, a topic that is a great starting point for another article.
Mountain View, CA
Displaying 1 comment