HOME | ABOUT US | CONSULTING | RESEARCH INSTITUTE | JOURNAL | EUROPE | PAPERS | SUPPLIERS | FOCUS AREAS | EVENTS | NEWS | CONTACT US
|
|||||
|
|||||
HOME | ABOUT US | CONSULTING | RESEARCH INSTITUTE | JOURNAL | EUROPE | PAPERS | SUPPLIERS | FOCUS AREAS | EVENTS | NEWS | CONTACT US | |||||
|
|
|
| | |
| | | | | |
|
Taking a New Approach to Business Challenges Using Managed Services IT Gaining Greater Performance and Flexibility from Next Generation IT Outsourcing Suppliers Corner: Augmentum Helps Players Take Advantages of Opportunities in Healthcare IT 2.0 Guidebook - Evaluating the Business Impact of Oracle On Demand Total Cost of Ownership: Analysis of a Global Service Desk Undertaking Data-Protection Initiatives in Enterprise Systems Impact of Web 2.0 on Outsourcing Demystifying IT and Business Alignment through Tightly Integrated Process and Tools Model Best Practices: Integrating a Multishore Strategy into your Global IT Organization Intel's Second-Generation vPro Platform: A Steroid Shot for Desktop Outsourcing? 2008 Market Predictions: FAO, Global Sourcing, HRO, ITO, and PO Markets Modern Industrialization: Re-defining IT infrastructure to achieve high performance Information Technology Outsourcing (ITO) Joint Market Update IT Outsourcing 2.0: bridge to the data center of the future Information Technology Outsourcing (ITO) Market Update: Impact of the Service-Oriented Architecture Managing Outsourced IT with ITIL ITSM ITO Market Update: ADM Partnerships - Moving Beyond Labor Arbitrage Managed Services IT: Helping Caldwell Memorial Hospital become the Hospital of the Future |
Booz Allen Hamilton Study: Data Security Is Becoming a Distinguishing Factor When Selecting a Supplier By Beth Ellyn Rosenthal, Editor
You can't miss the screaming headlines. For example, in April 2005 police in Pune, India arrested three former employees of MphasiS who used account information from customers they dealt with as part of their work at a call center to defraud four Citibank customers out of $300,000. The thieves got the account holders to share their bank account and PIN numbers. Then, the three former employees and eight accomplices transferred funds from these accounts to fake accounts they created. Vinay Couto, the Global Leader of Booz Allen's Outsourcing Advisory Services, says in hindsight some companies sent work overseas "too far, too fast." He says they did not assess and mitigate the risks effectively. "Offshoring data security has had some expensive bumps along the way," Couto adds. Last year Booz Allen Hamilton wanted to know how senior IT executives were dealing with the security risks involved in outsourcing relationships. Specifically, the firm wanted to find out how companies evaluate and monitor an outsourcing supplier's information security capabilities in light of the problems of the pioneers. The result is a March 2006 report called "Outsourcing Security: Concerns Growing." "As the use of outsourcing continues to grow, so too do the risk to customer and company data that companies must rely on their outsourcing suppliers to protect," says the report. The survey found data security "is an increasingly important issue" for outsourcing buyers. In fact, the survey found outsourcing buyers "seem willing to pay a premium for improved security capabilities." Thirty percent would definitely pay more and 55 percent would consider it. Data Security Becoming a Supplier DifferentiatorThe survey found the provider's security policies, capabilities, and track record were almost as important as the pricing and cost savings when buyers evaluated a new outsourcing provider. The overall quality of service ranked number one, with 117 respondents naming it the top criterion. Pricing came in number two (77 respondents), with security a close third at 74 responses. "This is an important message to suppliers: Invest in data security infrastructure because it's a differentiating factor for buyers," says Couto. "Soon it will be a qualifying factor," he adds. The survey found companies were more concerned about cyber threats than physical breaches or natural disasters. Theft or misuse of outsourced data ranked even higher than the threat of terrorism. The study found 63 percent were "very concerned" about data theft while only nine percent felt terrorism was a serious threat to the operations of their outsourcing suppliers. "Buyers want a squeaky clean track record," reports Couto. He says the researchers "were surprised" security showed up in the top three reasons for selecting a supplier. Buyers Particularly Worried about Offshore SuppliersBut researchers weren't surprised to find buyers felt security risks were "significantly higher" for providers with offshore operations. Three-quarters (76 percent) felt domestic suppliers posed less risk than offshore ones. Providers with operations in India, Asia, and South America were the riskiest, according to the respondents. They labeled China the riskiest place to outsource at this time. North American suppliers seemed the safest because the US, Canada, and Mexico have robust legal and regulatory environments. "The message to the governments of emerging countries is: Work aggressively with your flagship outsourcing companies to establish security regulations that US companies demand," suggests Couto. The survey asked the respondents to list their greatest vulnerabilities due to outsourcing. Disruptions in product delivery and service caused by breakdowns in mission-critical business processes tied for number one with loss of intellectual property or sensitive data due to accidental exposure, theft, or misuse. Loss of customer trust due to fraudulent use of confidential customer data was a close second. The study found stories like the MphasiS theft has raised awareness of outsourcing's security risks. This, in turn, has caused many companies to review their outsourcing strategies in 2005. Sixty-three percent reported they are "rethinking their existing arrangements in an effort to mitigate risk," reports Couto. The respondents told the researchers that "defining, monitoring, and integrating security management in outsourcing contracts is a growing challenge." They want more third party audits and independent security evaluations. Buyers reported they visited supplier sites and conducted their own audits. They also checked references from other clients. The study also discovered a credibility gap in the security capabilities of providers--half the respondents discredited supplier security claims. But the discrepancy was greater in specific verticals. Only 30 percent of financial services respondents trusted even the largest providers' security capabilities. Two-thirds of respondents were open to some form of US regulation of security standards. But 32 percent felt the government should stay out of it. How the study was done: Booz Allen Hamilton hosted an online survey and interviewed 158 executives from12 industries. The companies had revenues ranging from $100 million to $10 billion. Eighty three percent are currently outsourcing or actively considering doing so. Over half of the survey respondents were senior executives. The company conducted the interviews from June-December 2005. Lessons from the Outsourcing Journal:
Publish Date: June 2006
For more information... Related Articles Copyright © 2006 - Everest Partners, L.P.
|
SPONSORS
ADS
|
||
|
Home | About Us | Consulting | Research Institute | Journal | Europe | Papers | Suppliers | Focus Areas | Events | News | Contact Us |
||||
 |
||||
|
|
|
|
|
Last month attorney Bruce Leshine discussed how buyers can protect their data in an outsourced environment. This month we report on a new data security outsourcing study. Next month we will feature a story on threat detection.
