|
|
|
How to Mitigate Data Security Risks when Sourcing Globally
By: Indy Banerjee
2009-01-23
Article Rating: / 13
There are 0 user comments on this Network Security & Hardware story.
How to Mitigate Data Security Risks when Sourcing Globally (
Page 1 of 3 ) Outsourcing today is synonymous with service providers delivering services from multiple locations worldwide. The increased adoption of offshoring has resulted in outsourcing clients' businesses being extended into service provider organizations in various offshore locations. While businesses have enjoyed cost savings and additional capability additions, they've also raised concerns about data security at the extended offshore units. To build a culture of security, Knowledge Center contributor Indy Banerjee explains how to have tight integration with your globally-sourced service providers..jpg) Organizations that are serious about offshore outsourcing and simultaneously maintaining an appropriate level of data privacy need to understand the varying offshore security issues from client and service provider perspectives. Once businesses identify and understand issues surrounding offshore outsourcing security, they can take steps to work with service providers to reduce security risks by utilizing best practices to adopt a systematic security framework.
In recent years, with global delivery and proliferation of service providers, it is natural for client businesses to be concerned about potential security breaches, given the access that providers may have to confidential data related to customers and/or employees. Clients are also cognizant of regulatory and compliance requirements that vary across regions, and are concerned about their enforcement by the providers.
The service provider community, in general, has recognized that privacy and security issues are of paramount concern and has tried to mitigate these risks by investing in security infrastructure, compliance and training. While service providers have taken many steps to improve and meet client expectations, the fact remains that, globally, providers operate across a broad spectrum of security levels. This while clients remain concerned about them having strong internal controls to manage information security, privacy risks and contractual compliance risks. As we work with clients on global security assessments, we observe three things:
1. Clients tend to place maximum emphasis on providers security policies and frameworks and on the networks being securehowever, most service global providers (other than some niche providers) have uniformly rigorous policies based on ISO and ITIL frameworks.
2. Personnel security controls represent the biggest risk areas (these controls tend to score the lowest in assessments).
3. Additionally, wide variation exists between different providers regarding the rigor of their physical and environmental controls as well as system development and maintenance controls.
This is illustrated in the chart below by the median and variance of scores we tend to see in our assessments:
|
|
�������xr۸(;Zќ5N6EۑR%ۚXēWHH"Hʶμy
�hɗg}Ɍm �Fwh4�'I"�f�cfQ?qGuޚ'T{潯
4q%d2O�ԭ2)S�S0eJJOT��A��[��+y^�x ���HU��%cj~E7'#ze_6'ڈz2F�W�\�3�Ѣa��&b�^P�$ȁ_
xܢ�%HC�%ߙ�3�Qs,8"�����ۗ<��߃W�;�p#f_��\f�k4E�pH��>vT�{Mгԡ�c�F�4LojiC2��hj9�Hૌ=AEhg���J*�9�2&mi
�#A%�9ߧ��*Y@hl%2R#f�=�8��9�z�uur\�BDJ�63&�hY�lɣ9�u9.5H�v1 <[Ts�}�<�E%$�7
V:ݪ<['A;ɟO� ۱ȭ#�z�ג�߂�M�6�̵ގ}�G1 �T1mO |l
�S�xAu|ӱnK�r(˚6�he7in�J>_VKQ+3ATKߙyiMʜiZw&�nJEj&Snu��]`i
vx5Mͪe�VHqq^�T9�� M�
|/k[�L���B!=ę�|a|m@t4_Bn�,O,rK]��L��j�izT*˒Ssr c�j]~:h$�Y^��s53Q[h,7)�}6#w%#,�+�6|#Ś�y >L�d©�$|��S;EkWYӬR.ykð
4}G_x0F�D53o+�f�M�UR,e��g0U@�M)��41p9k
�3!RB�wq��_{@@�j\~nV >̧L�!BV3t�QE�!\J�!]!��0"BE,h.2ye5s,@w,�uմ.~\�أitըeVۭ5`Duw#�вnZFI��Z,#`<+�bd~�@8ʍ�/=6m!S[�ö@
S
:fּ?{`�贂�;mB_�Oa&f۱9z��4$�ࠡM��/6C˥zn>6 @�
L�N0���;ͥn]?&tfiPŞ�+�CߜPoZIe0���E�6z�&6��P6=ol2���99
L&&�0`DMנwM�@b!L���TE=���P@X4�꺎�]y�
�w@�){s�6GX[LK��x�KN R�|/sZ(��^b@�]JI6#�ڜ"D%� P
h��4�AϦǰ�E|ENA�$//H�XVp>`�ݞ�HpFN_9s0[Ge�-n^
�d6g�2+Y&�힟u]_�
#�l"0�%X����
?,'Z
X��5�j>m��*5ߘLBOȑb9Q2j��ҥ/g�yu&bS3mrH��u3xt�M?"�n;N1%]&u*����M݄�ImĦMS�\;"0͇f�
ӛe�S�Zԝy01�EMdk6qmmb0ƱB11
�΄A34�OP#'Ի���336�,ç;N=g��SQ|�^ҳsM��d5�0ygYA�3�'| @]8>+WuPÃ"`"+42[�=!
= PH}3�y:$,��L�~
�5��
LqK](.EcgBl�3]s;tO�Zbxh6~���$/gc�w+úZ�J>{ ~V�,�o`��koռ²yc<6�$B6X`9H]`8g�2f��˥0�U6G%�?7�c#}�M�k(ULj�pd2<8jF-�jPr<�kp�X"@�@�7w2 �i&a+ԢQy9�:'�ȃX`��r=|6O�}���\�E�\��!EX+LDӼl!�0h^�f�uFe4�A+�p��&��6Bkf�g`ZlrC8sE% �W���r͙y >{�V�?fA�>yL��F<1=�˰"U2sf�0�`��;�n�07ҫ~pk1Vg&)�`uDj>�!f.3O}gjꞬ\MOډ4p6(>S3Oc�
ʌ�Q@ZhOXM\�X�Sw�fbJG6}l;?/��i�ɖ2�Z|bP,�.3GOa͔ͦG0!WTPԀO>MGfP�HrX"W&�it�=$c��e6�8 5Fl-*LL'Q�CڝzV]A�ӀM\rO�h�Lvgl�'P`�P(c&r�X�m\x*3jQ/dg>� Q'�i�-�Pӵ)&t]���y*YsXd;I�"X�q78C
ְ�S=#f`.SK-e%$: ���<7�d���]૰(pL\'%�]x�cO5yOuc'x4Hđ�;wk}}�AUR!l �r��Bo{?�s�i�G\�0|+�]ʢ'sr�C7Y��_*�2l�vQ�^�`�@BG$d1~dO:�a�Q
�?>n48n�nmǛ&Y��L)�k쇤S;f�쐺Cվt+,�S�VXs! ⸪,49Fπa6(n�lC{k*�ٿ+[3��5�̀o��
%:9<�B&s$� ��ǀzB�:�Qov//j_ڋ:KE�IP��
�`
�b�c~�L�"4FL |�ꍓU3���_f�3Rt8|Qrw_�A(K7HB�}�K_c�Oߗf�4��~�P6=8,lrh縍vRt.��I0?;)}B/�
N9˙�~D�y!蜞��7��?x�%x -�|n\�^�i��9%0�\(,��c�?G(��ch9w����trx*x��uYXY�[��NhI�tJSI8�
z>RB'�
˓8/+qY_P6T$U��T%�T4QLN"C]A+,Jo�{YkoOp6<6ޥ]ƙWxvIusX$<8z�Rp$D�85(^v�L��>ޡ�J[L�>Xɫq-�j&B|c'�xRr�'T'}@+<ӹ�iT\.Jl{3M: M[O��`�|/#
�eީӊ�Nf|~]huӅ[djo;t
=z{j]��mNFC5}LNj=0پ9k&@�t�1�cn
��^C�
*+QD�K%צ1~
q�jptەfalxZa.zh8�ʹ!N.z+Rk靃�&
_ |2�$?ZС[%|$*^�߅MuS意F�
ڭ9|Mkgi��S:÷nZ,c2е)}~k_{ >--8cPI]�X�Sω٘NFB�EV�5vln {+"sᔤvWΤS�G8}��z�tH_5Z`@L6�Oځ{W�-�3(�l#j
u:1{K̷+w�xi�aϚU4�<]`wK�]
J{%nYjh�r;ث%ًJ
QɧyqY�R�ȓF��bŷ�t`��Au�F��mj69pm�39$i� �a@/5,vx4ަ4ׇL?E G�f)g: 9><��#P`-
֔I�3�qCDHIߚTRES ��_53�;aVR*|\B�ZydVa�?1 W^L·⎭zgQy}�|x�|[qzHV�O�DRGoW]��Cy#�jJ-�u:|)Jgɬ!�#B|C'W�vꐬ$_"ǔ_`9��0-17s848x'y�{Qԓ5Ѐ~�&NOQ0_pi(�-f¡WUs>pUP9�Ѧ
z7
s�<5ňR
O> /xR
�nF)7db4�@
R|Xf5PTLk.U� S�l�ͩh�͋iLXBMr�r
4א�
�דd)0E$0$@BKiI-b9S(�d!bdɞ6� OB$OϡY`�|�_ʘy�L$!V@'Ҧ$�RޯE�ER
���U}�&ÿlsJ�RK|i pk�VY#�~#Mٖ
m+}IA~Lk:7 <�|.�
Ma#("MևWQx8�nV=OIy������z�L�Ԉ]%)l&_L�N�t|�ɗb�A.z�"�y �>z� e^W~uKNȾ0'h;:3_Θ?y8�=�:�7Rp/ɜa(�
Dxa�scH9JUsq�@xIW4�=WTGR�UB{´g�f{�$�̃(j� _I�մ�mO%=uBDX,=f�9X�ՙ^4*��/]O#'�>EOb_����8�V}6P[iETG:��,e�#c#p:�5fF�~DHu� Ȱ�F��M�HT=&�9�C#*m5ᄑj|n6�7[��+��w7�
qMc~~~~_-�KMoI�2C"
fi�Z�L%"ntb� &l�z�?5!��l/gV7��ԸŃQ`hI1��m!�B�V� G="���(lV|{{c#c*)yx>fЧtI���9��xr��B�ҫQ OE@^ݵvD@5|Uzl\lU}A6/J)kǵl_
a*9k��&{Q 3l�ŞLg�^5:
}:P/Zu&h! *Ɩknڡ�z�^^գK>P6��pӰ.fC΅JF/ՠI]&�pSHUbg+i�ψGN�Ol_K^B� Δa�E��06>6g��(� RݽF]&8tI}/䐈Fnݼ@#�B:b^;)r��fZK1rϖ7d�\:pU�l٩3,O5�p�< �OFwV;_욎w)| t{cm/Z�D�l߾7fBS*�SdS6.zw�m+wG
P|F0 �-_�X�֧�Ea*JTզS�@\�{vĹ+%p
5\X2y뱙�]��>(w^d`h6�+3$6F�ZHc�c:cB`
8aZ[Ƴ�A�Iqb
�ᦃH�
ySͅ��/cc&�>:6�EU~L3V�/^K}�ԭ;..,�[��ɓ+`�,k2О/�^�⤙��j=�-Tכ7�O/P5�I>fO�5PC��m鉦a�|a6{c;:fh��cٻcgR>��es�go|
�Z^\~,v�^�F�+� 3f#0VьZ�[?�AߢN#å#C}
?~�T�&�O2�oh6�w.p�ì�3ط�/0��7q�F^p&Yc
'�
�pçL�^o_irLA�ûvHw>�q+7b�}Hm6sP(�(j]0I�Q����F,,fpӑ!y���O�BbUxb-+Yp!q̹WKo��
�т�Kper^,=�ȻLEY!���^
)
`~@|ױGu�ּ u5xi�{�\3<&2�֜]�$��~v��|(LC_/ I=���`f �5�IK��8^]?f�7p#�1OaǷ�
|$rMb8G0WF4?^r&>!$u~��ڇߧu@-q9Șh�
MQ HxHɹy�~2&F=&bqB4b0'CJلR�7χ9.ze/].���).g�&,flFM^DK�=���ϝ%�cZ|�"�1^!BYZKi:&A{~y>J@�.Z)��(J
"P�V:�
���G�(�nlJ ]x�I8�>}g�&P�6u<�`ns�_�֛7�7dzW�.˴B'�j`%01��)
�o9XÚ��|85\�N1 ˍb�)^!aZ;أʕr�IL�u�X\FB(6Up�
�Z�&�7KF��:{S0}(�-Ō��晒R'I]~&;�XQFy= h�?�HKʢBJe%^�TF<�ȐmxiY�Pɺx�40 =b3brŜ[79.//�ӫFt?�wOx)�w5��_(-qsn\^5۽Tta&FB/慶XQ)t�wY��]k528��3sm.4�E��"�^ûX�GY Ccqy� mr(�(%^َ��U�1|ũ_3�ؼ�?�y�kUU��4{_�?{ʼn6^_)9q�ޣ��st{�r:X)JIeos�� ��SHnq#v#U
Lj^+V_[�vH(���ʿBׄ+(\~R�N%wP\^��� 'P~�s@3,�OPisy3U=on.oSf=�k&f;�o&~&//�E�|iA[ o�V�|o+-O+>-+-V�?[ 2N3N(?_ׄ��a| �i'O�Ư0~��O'At@t�%e�\B˄W?W Ӆw�߅w��%_7(ms'O �?'C>'3s�:�:�/>IR<��9]s�8<�'K�"~�)�Pӄ2'B���VN��`�{@B6UgB�@n�~_"�ڼ<
aq)+��]IKxUy%kcF1j:Hv�^_�R).~т;Z�9t,˹��,;tD2̑k�#�{"{�+auD�r��Kpǜ7+w�<�xĽM����߃�8}�r m�G�-/�˔�W-BN�.om;Q]vY}�;T]�;Yo�%P/�~Ds�I��iߛR�fK{�fi q% ޢ�e7^��@w>W<{�,/��6N>]5{_S߭�Ҹj.�{h&,disÉ_4vDs
!Qa}H��Y���#q)]QKgb!J
=�qF`�jF_L� t6
9U)E�b!u=��s̻����z@0C�ޕ3%�9�س��V-d\�`"�
^�x�B�4|O3D��C5CMs6Db��J1���S�J� P��#�td%Q��G2Ym1`�-�gM~
oG2�d
�?�Á�b�b{ˈ�Sـ@S̼y3lj��&.eа!K؊9N-ݟ�� N>y@_<��3�̗>C/qg�BԌ[Po&O2-ȪG�soѨ��2y�;.l��yO'TЫ�HKO�#�9�oٔ^^/�bZ4΅yP�727���7�L['l�yl*b)mb�rф:)�YZ$G�t{�(�#�9!{}`�=�^���`˫gЋ'jSq1C)b,0z.��C�`�@�� ��փM��.x|MH{�ϰc�Ɣ
i3F �W(�>�'ja�X#gC,Y$��Ju�Z���!\hD8�23ό;//MUYF�u�[�
?~.R^-%.I�*ms�gvl����Cu7\%O�O�!��M�vånz,<�sUVjQ]5
z��#&�N�O|Qf9 �MȮkfAj |aڳ{%:3WG9=0�Djpg{Vtb�AH�a�c{�M�>�Xz7`�xm` ��4awxЗK�<4W$]f
�A_f|bh�[o/T�m&l^}ϱiL�[�Oe�9fo�o,�aCv:K2=jر"4/t?;4Ã_9sm�läY (TFz� �V|0g|O�t �,�5�vj�:X/5*l$>�=�A�Sh8�M뚈�ѝeXI%�[j9SLﱻ���$-Q�ob�~d;T]uw[�aYaT��`�x�29�@��n!A#,s.]w+]J?
|'Y�T~cB]*P�=fZRO��n"0�Yz/Oޒ{־0� ;C�?Bشt8#%Z'T�\*�?�HƦO�`C>��~؋|!Og
ϽW9=`S
h�9iv�sY�z�"ׯePީ/x/;"2 �
m'#8�T��>\�mQ����pml�.�;�+C`p
�"0ձ]w
�`7G}��K�.ܰ$|�lz$_xª~SAxr=H&���fsm4�`
G�5T���;ǔˍ/_f%�\"dCþ�ߟ�2̷��nm�.1�c�2LUp�w�Rv������?9s��9~'s�g_(L��OWvmw�z��׳[��7o�mwl`x-K^F:L��C]R>Ĕ+.)�tOK�E7˰��BNt3N�X��(K#�L{IN�8utq݆G���0&�Ӭ��[+�Qy2 <Щ0��Yv� E=bꛆ��Ш�pM��(|W|ǚky#]E>*�:�Abr�I;s�[_9�a�dX��l�p/>G!燸�0pczN7^?-q>2��"�$(zo,�Ma4,Lb5��"[]GQI
�À|J�KsY�1#(���R9(t�u'0 '�Ɣ
ϰO"�� sK29)��,��g:gy/:|jOAq�k 7v�c&�=nX0.~br8Lte4Q�|�J ?�s~�ȝkz�`�&��k��Acs�LeU��|t�GYEL`&;]+
N_�9=O�\%la,�c?p|f��](R�Y��WO�НT~pFK9/��YH~:����BT��1y*D4{N7/z39ʧ=Z�|>"��la\YGw��i�rшi��(m�N'Z͋/n54[;��?;��E5ͯ6W�o\�ba�Xuyv;\S|ҹ\�.\�;4�N>]u>R𢅲4hIw:W"��!wYכ*��
~u Wha<�
[Wy�&��sj��E-X;xd_� (FҢΰ
\2Lʙ\)
�{m'�gnצd��i2�9Z{)�qͽ /Rm"
CfA{�(9�n%96~q*�1�ս�,1���
|
Network Security & Hardware 
