Friday, July 29, 2005

How to keep data safe while outsourcing offshore

From: computerworld

As U.S. businesses, policy-makers and security experts work to stem the tide of data thefts, an equal or greater vulnerability lurks overseas -- the level of network and physical security at outsourced operations of U.S. corporations.
Cheap labor and increased efficiencies continue to drive major U.S. companies to open and expand offshore operations throughout India, Southeast Asia and Europe. India's National Association of Software and Service Companies reported recently that India's outsourcing industry is creating jobs at the rate of nearly 100,000 a year, and its revenue is growing at more than 40% annually. Analyst firm Gartner Inc. estimates that global spending on offshore outsourcing services will top $50 billion by 2007.
Many of these outsourced operations involve handling and processing customer transactions and sensitive personal information, exposing outsourcing facilities to the same risk of data theft occurring domestically. As U.S. companies increase operations abroad, many aren't ramping up IT or physical security measures at these locations to manage that growth.
In order to prevent data breaches on the magnitude of what has occurred in the U.S., companies must implement strategies to ensure that the same security standards that they place on their corporate data are being required of companies they partner with across the globe to process their customers' financial and personal information.
Several factors magnify the risk of data thefts occurring at outsourcing locations. First, when it comes to outsourcing, U.S. privacy legislation is quite lax relative to European Union regulations. Here, U.S. privacy protections effectively end at the border, placing the onus squarely on the shoulders of the U.S. company if a data breach occurs offshore.
At the outsourcing facility, the following should be done:
Encrypt all data in storage and in transit.
Physical security controls should be in place to mitigate the risk of data leaving the facility via magnetic or optical media, recording devices, cameras and hard copies.
Ensure that sending any data in or out is monitored or even prevented for e-mail, Web mail, FTP, and data- and file-transfer Web sites (by controlling Web site access). Only essential
Internet communications should be allowed.
At the desktop, prevent any unauthorized data from entering or leaving the network via Universal Serial Bus (such as USB sticks) and FireWire devices (such as iPods), CD, DVD, floppy drive, SCSI, parallel or any of the other ports.
Each employee should be vetted for criminal records and credit history to see if he poses a high security risk. Simply put, if you can't manage your own finances, you shouldn't be entrusted to manage the financial records of others.
A chain is only as strong as its weakest link, and unless companies shore up security at outsourcing locations, operations across the entire company will be put at risk.
For the best offshore outsourcing services, offshore software development and software development outsourcing, contact A-1 Technology Inc, an offshore outsourcing company.