Spurred on by recent UK data losses at public sector agencies, bodies representing UK and Indian software and services companies are calling for outsourcing providers to improve their security measures.
UK IT trade association Intellect and the Indian National Association of Software and Services (Nasscom) have both recently taken steps to facilitate debate around the issue of data protection and outsourcing, with the intention of establishing best practice guidance.
“The data that has been lost and the way it has been lost has seriously damaged the industry,” said Guy Hains, chief executive of Computer Sciences Cooperation European Group.
Speaking at an Intellect board meeting earlier this month, Hains advised organisations to adopt a strong human resources vetting policy and carry out regular checks on the rights given to administrative database experts.
The board meeting was held in advance of a new white paper to be released by Intellect in March that will give more advice to companies on data security when outsourcing.
Carrie Hartnell, Intellect programme manager, said, “We are working with suppliers, customers and legal representatives to help them anticipate and address the data security and data protection issues that may affect the success of their outsourcing project. There are many different technologies that will protect the data but the people and processes must also be in place to ensure the security.”
Nasscom also held an event in London this month to discuss data management challenges and solutions with key members in the outsourcing community.
Ameet Nivsarkar, Nasscom vice president, argued that the people element of the outsourcing security chain was the most pressing area to be addressed. “It is critical to encourage organisations to educate employees,” he said.
Nivsarkar also made the distinction between security and privacy. He expla ined that the loss of the HMRC discs has underlined the need for organisations to ensure data can only be accessed by the minimum number of people.
Nivsarkar advised organisations to stop employees carrying phones or flash drives containing customer data, and to isolate customer networks.
Nivsarkar also called for industry collaboration on data security measures, involving regulators, customers, suppliers and employees.
One way India is doing this is through the Data Security Council of India (DSCI), he explained, adding that the council hopes to foster a community of security professionals to create awareness on data security and ensure member organisations adopt best practice.
“Because the technology industry is constantly changing, the aim of the council is to be tuned into both the industry and customers,” Nivsarkar said.
India is considered one of the most trusted outsourcing destinations, according to a recent survey of 59 global IT executives by consultancy ComRes. While 61 per cent of respondents nominated India as a secure outsourcing destination, only one in five nominated Eastern Europe.
Data protection must be global: experts
By Rosalie Marshall on Feb 26, 2008 3:31PM