In many cases comprehensive testing requires access to a complete test environment, which may include a copy of production data. Although data scrambling utilities exist, they are not always used. Even when they are employed, they are time-consuming to implement and may not completely mask sensitive information. The potential for disclosing private or protected data is substantial and may violate laws and regulations, particularly in the financial services and health industries.
This risk exists for both internal and external resources but may be harder to manage in an offshore facility. Internal protections are usually already in place and must be extended to cover outside organizations.
Of course these factors have been successfully managed or overcome to yield a return on an offshore testing investment. For purely ad hoc testing, less-trained resources might actually have an advantage as they might be more likely to make the same mistakes as users. For the classic "brute force" approach, the sheer numbers of resources might prove beneficial.
Others have found that while less costly resources are useful for manually intensive execution, they are still more expensive than automated execution. And while using offshore resources to develop automated tests might appear to be less costly than doing it onshore, internal resources are nevertheless required to provide highly detailed test documentation as well as internal results analysis and verification.
As always, there are no easy answers or surefire formulas. Has your company moved testing offshore? What worked? What didn't? If you could do it over, what would you do differently...or would you? Leave your comments below.