EGHAM, UK, Sept. 21 -- Information security concerns surrounding global sourcing will gradually take center stage alongside public concern over job losses, a leading tech research firm claimed today.

As offshore outsourcing evolves from low value/low exposure projects to increasingly complex global projects involving core competencies, the cost and exposure of inadequate attention to security will increase significantly, Gartner Group said.

Gartner urges early dialog to address security and due diligence throughout the outsourcing life cycle. Although security issues will lengthen the sales cycles of global delivery, it will not stop enterprises from adopting global sourcing models.

Gartner presented its view on the real issues related to security, privacy and IP/confidentiality when going offshore at its IT Security Summit in London. "The security exposure that both clients and service providers have to deal with, as global sourcing becomes more strategic and complex, increases by orders of magnitude," said Partha Iyengar, research vice president, Gartner India. "Service providers are unable to provide standard security solutions because regulations, legislation and consequently risk vary vastly between industries and geographies."

Gartner said there is also tremendous hype and a lack of understanding of the issues surrounding security. The most significant security issues revolve around the protection of data in one manner or another. There are, however, other issues that are not well understood, vague and based on emotion rather than fact. "One of the most frequently voiced concerns is related to call centers where consumers are alarmed when dealing with people with unfamiliar accents in unknown or foreign locations," said Iyengar. "This understandably raises questions around people's personal data, but may nevertheless not present a real risk."

"Service providers and users need to look jointly at risk and work together to create an information protection framework to identify and spell out each of the concerns, determine their validity and make educated decisions about the risk they may or may not pose," said Iyengar. "Companies also need to be more transparent and inform customers of the security steps they take when going global to alleviate fears and avoid hype."

Asset Protection Issues

Understanding the relationship between business, security, IP and privacy is essential for enterprises in effectively managing business risks associated with corporate and individual privacy. Security deals with data, people and technology, privacy deals with data confidentiality and customers records, while IP concerns patents, copyrights and trade secrets.

"There is a significant 'cost of security', and it is not cost-effective to provide the same level of security to every aspect of a companies offshore exposure. Companies therefore need to understand which records and data they need to protect and why, and how much they should spend on this security," said Iyengar. "The most sensitive data can be found in personal, financial, medial, tax, employment and company financials records. Certain companies and vertical industries will have to classify data or determine the requirements for sharing data on project by project basis."

Iyengar highlighted that global delivery also includes a growing number of lines of service or application areas. These include applications development, IT infrastructure, contact centers and back-office BPO. Each of these could have vastly different requirements and exposure in terms of 'information protection' requirements and need to be understood and dealt with differently.

Evolving Regulations

The pace of new regulations is increasing for all industries and governments. The focus that countries have on privacy and data regulations is diverse and will evolve by country. "While the U.S. and Canada have strong regulations for personal data protection in the public sector and no comprehensive legislation for the private sector, the European Union, Japan and Brazil have data protection and privacy codes for the private sector," says Iyengar.

"Regulations will constrain or put additional requirements on the relationship between clients and service providers. At a minimum this could increase the cost of providing the services, and in the worst case it could prevent some work from being sent offshore. Enterprises need to understand all the nuances around these regulations to put an effective strategy in place." 

Country risk status: How strong are the country's laws around security, including the existence of standards around this. Equally (or more) important, what is the track record of the country and its people in the adherence/enforcement of these standards and laws.

Privacy protection: Is there an environment and inherent 'culture' that supports and promotes data and personal privacy. Is data security taken seriously and are adequate protection measures in placing in general that are followed. Is there sufficient awareness of the need to protect confidentiality in data?

Government interception risks: Issues like government interception of sensitive confidential information as well as guidelines for the use of or access to effective encryption algorithms in the country (some countries are restricted in this) are important.

IP risks: Across IT and many other industries, protection of IP is taking center-stage. Given the vast diversity in laws and regulations around this issue globally, one cannot assume that all countries provide the same level of protection, both from the perspective of existence of laws to their actual enforcement.

Employee/labor laws: How employer / employee friendly are the laws in each of these countries, and what are the ramifications from a labor perspective of doing business here.

Contractual/legal risks: Any non-conformance/breaches on any of these issues could end up in a contract dispute in a court of law. In some countries, justice is delayed to such an extent that it is truly denied. Understanding the risks of contractual and legal system maturity and speed (or lack thereof), can allow greater diligence during the contracting process.

"Generally, the maturity of legal frameworks, regulations and business approach mean that countries considered to be 'developed countries', such as Ireland, Canada and New Zealand provide a more secure environment," said Iyengar. "However, the trade-off is that companies will not be able to make the same cost savings as for example India or Russia. Recognising that the risk versus cost trade-off will increasingly drive sourcing location decisions, India is aggressively addressing issues around security."

Gartner's recommendations include:

• Tackle security issues very directly and early in the sourcing strategy development phase. Then review throughout the life of the outsourcing deal through evaluation and selection, contract development and sourcing management.
• Develop a detailed dialog with your service provider and ensure you understand their approach and track record in delivering robust security. Do not cede overall control and responsibility for management of security onto the provider. This control should remain in-house, including responsibility of some of the auditing mechanisms.
• Work with the service provider to create and deliver an information protection framework to identify and spell out each of the concerns, determine their validity and make educated decisions about the risk they may or may not pose, and how much should be spent on mitigating that particular risk.

 

Universal Slashes Placement Equipment Prices

Binghamton, NY -- Universal Instruments has announced a worldwide, across the board price reduction for its high-speed chip and flexible fine pitch equipment platforms, effective immediately.

According to a press release, the company hopes the global price consistency will simplify the purchasing process for multinational customers.

New prices for the platforms include:

Genesis FFP, a twin beam modular chip placer combined with high-speed FFP capability, from $239k to $259k;

Genesis HSC with twin beams and two Lightning heads for speeds up to 54,000cph for $299k;

AdVantis FFP, a single-beam chip placer with FFP capability, for $125k;

AdVantis HSC with a Lightning head for speeds up to 30,000cph for $150k.

Universal credits its policy of driving out costs from its processes -- including mandates to design out cost during product development cycles, supply chain optimization with global sourcing and a broadened manufacturing base - for its ability to offer the new pricing scheme.

• Prev
• Next