Wednesday, July 09, 2008

Outsourcing risks often ignored

Source : Click

A NEW REPORT BY the Information Security Forum (ISF) suggests that, despite awareness of the information security risks linked to outsourcing, most companies still choose to bury their heads in the sand and ignore the problems until it’s too late.

Even well-documented cases of data loss and theft don’t seem to give companies the kick up the backside they need to implement better security measures according to the recently-published ISF report, Outsourcing and Offshoring Risk Management.

Simone Seth, author of the report, noted that the potential to cut costs and increase speed to market clearly made outsourcing and offshoring attractive options, but warned that, "without the right level of security expertise from the outset to fully identify information risk, there will always be important gaps in the business case." In other words, there’s a hole in my bucket, dear Liza.

She added, "If the necessary controls are not budgeted or put in place to mitigate the risks, it can have serious consequences and even threaten the long-term success of the outsourcing project."

According to the research, most information risk management is just bunged in as an afterthought, mainly due to a serious lack of security awareness in the top levels of the firm and a deep-rooted failure to understand the workings of information risk management.

Seth puts the major failures down to companies not involving information risk managers from the very beginning in outsourced projects, and then keeping them on for the duration of the project’s lifecycle. She claims that, without information risk managers present, the company leaves itself wide open to data theft, information leakage and even disputes over questions of ownership of intellectual property.

So, in other words, outsourcing might be cheaper, but if companies keep ignoring the security problems they face, it could end up costing them very dear, indeed. ยต