More work to do on outsourcing data awareness

While security measures in the outsourcing industry are becoming more sophisticated, much still needs to be done to raise awareness of data protection in the client-base. That was the message delivered in the 8 October London Chapter meeting of the International Association of Outsourcing Professionals (IAOP). Titled Data Security: Recent Events, Trends and Practices, the event spotlighted the issue on the strength of recent survey results from the Black Book of Outsourcing, which showed that data security was the third most important factor that clients consider when selecting an outsourcing partner. Despite that high placing, though, the panel identified trends in the overall client-base that need to be resolved if outsourcing relationships are to prosper in the future.

The top problem cited was the notion that, in the drive to produce winning business strategies, security can sometimes have a low profile in a company's overall outlook. This is compounded by the perception that data security can have a negative influence, by hampering the flow of information - and both of these problems contribute to a low level of security awareness at senior level.

According to panellist Bill Pepper - who spoke on behalf of technology trade association, Intellect - 'If [security] is seen as a business issue, it will get the attention it deserves in the boardroom; if it's seen as an IT issue, it may be ignored.' Pepper revealed that the cost to business of data incidents was an average £47 ($81) for every record lost, and an average £1.4 million for every security breach. 'The company that's outsourcing is still liable, in most instances, for ensuring that records are protected,' he said. The group has just published its Intellect Data Security and Data Protection Guidelines for Offshoring and Outsourcing, as a means of spreading awareness. 'It will be a living document and it will be updated,' said Pepper, one of the guide's authors.

A major reason behind the event's theme was the hot-topic status acquired by data protection - particularly in the UK, which has witnessed a rash of recent reports about disk losses by government departments. However, public-sector mishaps can often overshadow private-sector responsibilities, as the media have a tendency to gravitate towards the former. The panel identified a range of key qualities that should be sought in an outsourcing provider, if a company hopes to have a successful track record in data management. Firstly, the provider must have sound perimeter and internal security; secondly, its staff must be schooled in security policies and awareness; thirdly, all steps should be taken to ensure that data is kept classified; and lastly, the IT system used to store data must be protected with strict physical access procedures.

Fortunately, evidence is emerging of outsourcing providers adopting increasingly elaborate security measures, particularly in India - the world's top destination for outsourcing services. In an IAOP summit held last month in New York, Sun Microsystems' Connie Brenton - a client of leading, India-based legal outsourcing provider, CPA Global - said that security controls in facilities she visited were so state-of-the-art they resembled a film set.