12/28/2006

Securing the BPO network

Safety first, the rest can wait. Research reports have consistently favoured India as the outsourcing hub of the future, provided data security gets more-than required attention from India's BPO industry.

IDC estimates that the Indian IT industry is all set to grow to $55 billion by the end of 2008, fuelled by the rise in technology and business process outsourcing. While there is not shortage of enabling factors, certain issues like information security could debilitate growth. In the outsourcing domain, security means trust. Organisations hold and exchange massive amounts of sensitive data relating to their customers, products, suppliers, and clients. Corrupted, lost or leaked data could jeopardise an organisation’s survival. The availability of information systems may also be critical for the achievement of an organisation's business objectives.

Networks are critical to business performance especially in the IT and BPO sector with organisations depending on these networks for communication, transactions and data sharing. The overriding concern of CIOs today is to ensure their networks are constantly safeguarded against various attacks. As a result, information security is increasingly playing a strategic role in today's outsourcing environment.

Organisations outsourcing to India look for service providers with strong security practices and robust, secure yet open networks. Enterprises face daunting challenges when it comes to security. In addition, IT and BPO service providers have to address the following issues:

Compliance to Regulations
A majority of Indian companies primarily comply with BS 7799. Companies have also signed service level agreements (SLA), which have very strict confidentiality and security clauses built into them at the network and data level. Laws such as the IT Act 2000, Indian Copyright Act, Indian Penal Code Act and the Indian Contract Act, 1972 provide adequate safeguards to companies offshoring work to the US and the UK. Most of the BPO companies providing services to UK clients ensure compliance with UK Data Protection Act 1998 (DPA) through contractual agreements.

But in some cases, organisations are eyeing compliance certificates as ticket to more business. Some firms scramble for certification just before a client visit. Despite various security certifications, many organisations have had a rude awakening to severe breaches that have impacted their businesses. Therefore, establishing a culture of security in an enterprise and creating relevant user awareness in terms of empowerment, confidentiality and code of conduct are of great importance and supplements the process of becoming standard compliant. An organisation should be clear from the beginning that becoming compliant to a standard is not a mere IT exercise but a serious business initiative with an end goal of improving enterprise performance.

Privacy and Trust
Enterprises are constantly handling data and information of their clients' customers. Care should be that the information is used only for purposes authorised by the owner or supplier and is not shared with unauthorised personnel.
Businesses need to effectively and securely manage who and what can access the network, as well as when, where, and how that access can occur. Deploying a complete identity management solution lets enterprises secure network access and admission at any point in the network, while isolating and controlling infected or unpatched devices that attempt to access the network.

Data Protection
While the concern for data protection always existed, the India outsourcing phenomenon has only increased the concern for protection of sensitive information . While stringent data protection laws exist in EU and USA, most clients are keen that their Indian service providers have stringent policies to prevent the misuse of data. While addressing security concerns, organisations need to consider various factors like:

Integrity
Gathering and maintaining accurate information and avoiding malicious modification

Availability
Providing access to the information when and where desired

Confidentiality
Avoiding disclosure to unauthorised or unwanted persons

Secure Connectivity
A vast majority of companies use the flexibility and cost effectiveness of the Internet to extend their networks to branch offices, telecommuters, customers and partners. Ensuring the privacy and integrity of all information is paramount. Not only must organisations protect external communications, they must also help ensure that internal information remains confidential.

没有评论: