For obvious reasons like lower costs, access to a global job market and labor “flexibility” Offshoring (getting work done in a different country) and Outsourcing (contracting work out to an external organisation) are a fundamental parts of many modern day organisations business models. Despite criticism from different viewpoints (transferring jobs to other countries, geopolitical risks in case of Offshoring; Misaligned interests of clients and vendors, reliance on third parties and lack of in-house knowledge of critical and/or core business operations in the case of Outsourcing) many national and multinational corporations, SMEs and SMBs rely heavily on both.
There are however serious threads that have to be addressed when it comes to outsourcing/offshoring: They can range from theft, loss or destruction of sensible information and intellectual property, unauthorised access to the network service, infection with malicious code, disclosure of someone’s personal data and identity theft etc.
According to a 2013 Trustwave Global Security Report on 450 global data breach investigations, 63% were linked to a third-party component of IT system administration. “Organisations are too quick to fight up the cost savings of outsourcing, but don’t really have an appreciation of what security risks that may introduce,” says John Yeo, Trustwave’s European director.
It is essential for decision makers to analyse the existing legal and cultural environment of the outsourcing partner/offshoring location regarding threads mentioned above. If done properly an organisation can plan, prevent and mitigate against such threads without questioning the outsourcing/offshoring business model itself.
Technological safeguards like effective encryption mechanism, authorisation schemes, digital signatures, passwords, firewalls and a set of organisational rules, procedures, and having the right kind of people at the right places to ensure effective implementation of the projects can minimise the risk.
While fifty percent of companies understand that there are security issues with offshoring, they tend to overlook issues in compliance and regulation. Tata Consultancy Services Ltd., one of Indias largest IT services companies has recently changed the way in which it performs background has recently changed the way in which it performs background checks on potential employees amid volume hiring and increased customer demands:
Previously, the company required two references from each applicant as a security measure but did not ensure that the applicant had no criminal record. Furthermore, the company found that fingerprinting is considered offensive in the Indian culture, checks on potential employees amid volume hiring and increased customer demands. Previously, the company required two references from each applicant as a security measure but did not ensure that the applicant had no criminal record.Tags: