Whitepaper-_Security_concerns_at_ODC

Report as inappropriate Your report has been received

Shared by: wuzhengqin

Tags

Stats

views:: 0
posted:: 2/15/2012
language:
pages:: 8

Public Domain

Document Sample

							 Security Concerns at
Offshore Development
       Centers
 MIS Practicum Presentation
           Week 5
       Ashish Bahety
Background
   Business Process Outsourcing is booming.
   Outsourcing helps US companies become more profitable
    and cut prices to consumers, as well as boost the export of
    equipment and software to the developing countries doing
    the outsourcing work. ``Unless we pander to
    protectionism, there is no good reason to believe that our
    dynamic job-creating economy cannot absorb the level of
    change'' posed by outsourcing . - A McKinsey Report
   Some big Outsourcing deals
       $1bn - British Telecom to Mahindra Tech
       $2.2 bn – IBM and Accenture to Infosys, TCS
        and Patni Computers
Issue Definition
   While outsourcing is saving billions of
    dollars for the US economy, data and
    content security is a major problem that
    the client companies face.

 Issue:
“Security concerns at Offshore Development
  Centers”
Some common problems
Typical security problems that companies
  face, when they outsource and provide the
  ODCs access to their data:
     Hacking
     Dishonest insiders
     Exposure online - another form of hacking
     Lost backup tapes
     Lost and stolen computers
These may seem like simple access control
  issues, but the problem is much deeper.
Why is it difficult?
   Pure complexity of the security process in itself.
   Rapidly changing outsourcing arrangements.
   There are just too many data sources to protect and too
    many variables to be considered.
   Sophisticated Hackers – more skilled and more daring.
   Stealing of sensitive information by insiders.
   No tracking of access to “document data”
   Exposure to unintentional disclosure of confidential
    information.

   The issue is all the more difficult to manage in
    the absence of international laws governing such
    activity.
Who cares and Why?
   The client companies care:
       It is their responsibility to keep the data of their
        customers secure.
       They may be prone to law suits and penalties.
       Customer and reputation loss
   The ODCs care
       Their reputation is at stake
       Business Loss; Penalties
       Prosecution by local government to protect the industry
        as a whole.
   The end customers care
       I don’t want my SSN/Credit card numbers misused.
   The governments care
       Protect law and order
Possible “bad things” that can happen.
 Hacker causes the system to crash/
  corrupts the data.
 Misuse of personally identifiable
  information
 Sell sensitive information to “professional”
  criminals.
 Assaults from large, well-funded
  international crime syndicates.
What is being done in that direction?
   Increased usage of “more” secure channels.
   Training to employees to keep data secure.
   Payment to hackers to test the system and
    identify the weak links.
   Investment in secure facilities.
   Careful analysis of vendor before selecting them.
   Security Audits.