outsourcer, security, check
Outsourcing security risks underestimated
-
|
- Print |
- Email Page
"Firms using a foreign outsourcer need to send someone out to check the outsourcer's compliance with their security standards," said John Boland of Ernst & Young. "They also need to check the service-level agreements, as the threat of enforcement is what makes outsourcers comply with security standards."
Chief executive officers are not being as careful as they should be with their customers' data when they outsource, according to an Ernst & Young survey of senior management. The Ernst & Young Global Information Security Survey says that the security risks of outsourcing increase when companies outsource to a firm in a foreign country."India and other countries, such as Canada and Ireland, are popular outsourcing destinations for U.S. companies," John Boland, senior manager, technology security and risk services group at Ernst & Young, told NewsFactor. But companies must be particularly careful about the security of data sent to offshore sites.
Worrying Complacency
Ernst & Young interviewed 1,233 firms from 51 countries and found that most were taking the risk that their outsourcer's security was good enough, rather than checking how secure their data was. Of the firms surveyed by Ernst & Young, 70 percent admitted that they fail to regularly audit their outsourcer to see whether it comes up to their security standards. Also, 80 percent admitted that they don't check out whether their outsourcer is compliant with the same regulatory standards as they are.
"Most firms only worry about security when they experience an external attack, such as the Slammer worm," Boland said. "But they should be more concerned about internal threats from staff, both in their own company and at the outsourcer."
Need To Check
"Don't think that the laws of the country where your outsourcer is based will protect you," Boland warned. "Firms using a foreign outsourcer need to send someone out to check the outsourcer's compliance with their security standards. They also need to check the service-level agreements, as the threat of enforcement is what makes outsourcers comply with security standards."
In reality, budget reasons mean that firms often do not send staff out to check security compliance at foreign outsourcers, the Ernst & Young study says.
Security Culture
"Chief executive officers need to start caring about security," Boland told NewsFactor. "If the CEOs instill a culture of personal accountability and security within their companies, in the long run they will save money on security costs."
-
|
- Print |
- Email Page
Wipro BPO to Set Up Business Shared Services Centre in Curitiba, Brazil for AmBev - the Largest Brewery Company in Latin AmericaCentre to Handle Finance & Accounting, Human Resources, Customer Services and Order Management Processes31 Oct 2008 | (News)
Accelerated Outsourcing – An Expert’s Perspective Chief Financial Officers (CFOs) and Procurement Directors are pushing to speed up and simplify the outsourcing service provider selection process in order to reduce preparation costs and gain benefits...16 Oct 2008 | (News)
ACS Extends Relationship With United Technologies Through Renewed $41 Million ContractDALLAS, Oct 06, 2008 /PRNewswire-FirstCall via COMTEX/ -- Affiliated Computer Services, Inc. (ACS) is extending its relationship with United Technologies Corp. (UTX) with a renewed finance and accounting...06 Oct 2008 | (News)
HROA Announces Details of Second Annual RPO SummitThe HROA, in conjunction with the RPO Alliance Buyers’ Group, have helped organize and plan the second annual RPO Summit. The event will be held at the Gaylord National Hotel in Washington, D.C. from...22 Sep 2008 | (News)
Accenture Announces $550 Million, 10-year Agreement with Bristol-Myers SquibbContract Includes IT and Financial Support Services10 Sep 2008 | (News)
