Security Concerns at
MIS Practicum Presentation
Business Process Outsourcing is booming.
Outsourcing helps US companies become more profitable
and cut prices to consumers, as well as boost the export of
equipment and software to the developing countries doing
the outsourcing work. ``Unless we pander to
protectionism, there is no good reason to believe that our
dynamic job-creating economy cannot absorb the level of
change'' posed by outsourcing . - A McKinsey Report
Some big Outsourcing deals
$1bn - British Telecom to Mahindra Tech
$2.2 bn – IBM and Accenture to Infosys, TCS
and Patni Computers
While outsourcing is saving billions of
dollars for the US economy, data and
content security is a major problem that
the client companies face.
“Security concerns at Offshore Development
Some common problems
Typical security problems that companies
face, when they outsource and provide the
ODCs access to their data:
Exposure online - another form of hacking
Lost backup tapes
Lost and stolen computers
These may seem like simple access control
issues, but the problem is much deeper.
Why is it difficult?
Pure complexity of the security process in itself.
Rapidly changing outsourcing arrangements.
There are just too many data sources to protect and too
many variables to be considered.
Sophisticated Hackers – more skilled and more daring.
Stealing of sensitive information by insiders.
No tracking of access to “document data”
Exposure to unintentional disclosure of confidential
The issue is all the more difficult to manage in
the absence of international laws governing such
Who cares and Why?
The client companies care:
It is their responsibility to keep the data of their
They may be prone to law suits and penalties.
Customer and reputation loss
The ODCs care
Their reputation is at stake
Business Loss; Penalties
Prosecution by local government to protect the industry
as a whole.
The end customers care
I don’t want my SSN/Credit card numbers misused.
The governments care
Protect law and order
Possible “bad things” that can happen.
Hacker causes the system to crash/
corrupts the data.
Misuse of personally identifiable
Sell sensitive information to “professional”
Assaults from large, well-funded
international crime syndicates.
What is being done in that direction?
Increased usage of “more” secure channels.
Training to employees to keep data secure.
Payment to hackers to test the system and
identify the weak links.
Investment in secure facilities.
Careful analysis of vendor before selecting them.