Training

Privacy

Offshore Outsourcing: Do You Know Where Your Data is and How it's Managed?

Offshore Outsourcing: Do You Know Where Your Data is and How it's Managed?
Just because you aren't directly offshoring any of your core systems or processes doesn't mean your third-party service provider isn't.

It's a given that most organization's outsource critical functions - particularly technology - as a means to reduce IT expense. Yet, even if organizations outsource these functions to U.S.-based service providers, many of these vendors in turn outsource work to offshore partners. As these offshore service providers take on additional responsibilities, it becomes paramount that their information security programs be held to the same standards - or higher -- as those of the clients.

So, as vendor management peaks in importance, it makes good business sense for organizations to take a good, hard look at the true costs and benefits of offshore outsourcing.

Register for this Webinar and learn:

The impact of political & cultural realities of overseas outsourcing;
The logistical difficulties involved;
The differences between direct & indirect outsourcing;
In country limitations surrounding background checks;
A general lack of data privacy laws in many nations providing outsourcing services;
Responsible outsourcing (maximizing your returns while minimizing risk);
Patriotism as a competitive advantage;
The law of diminishing returns.

Background

Offshore Outsourcing: Do You Know Where Your Data is and How it's Managed? -- this webinar takes a comprehensive look at the costs of offshoring. This is not strictly a CFO decision limited to the fact that foreign labor is cheaper than their domestic counterparts.

Overseas outsourcing introduces a slew of complexities related to logistics which can negatively impact the availability of your company's critical systems. BCP and general system up time issues will be impacted by the fact that foreign countries just don't have the infrastructure that is on par with that of the United States.

Security is a major issue, due to the fact that in many cases, it is the foreign-based company that is charged with the administration of their own security. A colloquial analogy would be, 'putting the fox in charge of the hen house'. Another saying is while you may be outsourcing the work you are still 'in sourcing' the liability. The 39 states that currently have data breach disclosure laws all hold the data owner liability if the outsourced vendor suffers a data breach.

Be aware of situations where your vendor might have vendors, sending your data to 4th parties without your knowledge. Do you know if your domestic vendor is sending your data to yet another vendor located in a foreign country? Companies with whom you do not have contractual relationship with and that may not meet your security standards.

Foreign counties are not 'mini-Americas'. The cultural and political differences of the specific country your company is considering establishing an outsourcing relationship need to be taken into account. Consider the impact of the assassination of Benazir Bhutto in late December 2007. Foreign relations are also impacted by who is in the White House at any given time. This is even more uncertain, as we're in the midst of the Presidential election cycle.

There are also in-country limitations that you need to be aware of, ranging from background checks to a general lack of data security laws.

The wages in India - the primary offshore venue -- are rising at a rate that is far outpacing those here in the United States for similar engineering skills. Where in 2003 the ratio was deemed to be 8 to 1, in 2007 that figure was down to 4 to 1. At this rate, within the next 3 - 5 years the spread may drop to a point where the added data risks may far outweigh the dollar savings.

The presenter, Philip Alexander, is an Information Security Officer for a major financial institution, and is the author of the book Data Breach Disclosure Laws: A State-by-State Perspective.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.


Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.